Solved

ISA 2004 Domain controller question

Posted on 2006-07-19
5
327 Views
Last Modified: 2013-11-16
Is it really that bad to have ISA running on the same box as the domain controller?  I hear conflicting opinions.  I havn't had a problem yet.  I'm not sure why it would matter but I'd like to get an another take on it.
0
Comment
Question by:hmcnasty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 250 total points
ID: 17145363
This depend on how you are using ISA.

For example, SBS2000/2003 comes with ISA server (premium versions) and therefore sits on a DC anyway.

If you are using ISA on non-SBS systems but in a firewall mode, you should not have ISA on a DC in best practice. ISA (in a firewall mode) should be dedicated to running ISA services. To make it run as a DC as well requires many ports to be opened to allow dns, dhcp, pc, kerberos etc to talk to other controllers and the internal networks.

If you are using ISA in a proxy mode then it being on a DC is not so much of an issue.

Regards

Keith
ISA MCT
0
 

Author Comment

by:hmcnasty
ID: 17146753
Keith ,

Thank you I found out the hard way it does matter.  Up until today I've been using SBS 2003 on most of my clients and ISA works great so I assumed in a Server 2003 enterprise environment I could run ISA on the AD Exchange box.  Oh boy did it mess things up none of the built in policies worked.  It wouldn't even give out DHCP after I installed it.  I had to create a rule for eveyting .  It sucked. BUT ....I moved it on it's owns box and I am happy to say I am off and running.  I will however have a few questions abotu policies though.

Thank you very much.

Wes
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17146938
No problem Wes. If you are ever in the position where you literally have no choice.....

Click the firewall policy and look at the top of the screen. You will see a row of icons; select the last one (it toggles the system policy as visible/invisible). This will display another 17-18 rules for the system policy. This is where you would make the amendments for all the various connotations. As i said, it can be done but its yukky :)

Regards

Keith
0
 

Author Comment

by:hmcnasty
ID: 17147068
I'll tell you one I can't get is VPN outbound I have clients I VPN into and I can 't get it to go out. My rule: allow PPTP all networks to external allusers.  I figured that would do it .

W
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17149000
Open the gui.
Click on monitoring - logging - start query.
try the connection.
What do you see in the log?
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question