DFS - The Distributed File System service cannot be contacted on the specified sever
I tried to run DFS on my ISA server. But I got this meesage
"The Distributed File System service cannot be contacted on the specified sever. Possible causes include the service is not started, the server is offline, network problems are preventing access to the server, or a firewall is blocking port 445 on the server".
I also tried to run DFS on my DC and there was no problem. I am wondering maybe it's something related to firewall..... but why the network sharing has to go across the firewall?? or the problem is something else..
"The Distributed File System service cannot be contacted on the specified sever. Possible causes include the service is not started, the server is offline, network problems are preventing access to the server, or a firewall is blocking port 445 on the server".
I also tried to run DFS on my DC and there was no problem. I am wondering maybe it's something related to firewall..... but why the network sharing has to go across the firewall?? or the problem is something else..
ASKER
Yes. I have a full acees rule as following:
ALLOW- All outbound Traffic - (From)Internal/localhost - (To)External/local host - All users
ALLOW- All outbound Traffic - (From)Internal/localhost - (To)External/local host - All users
Wow - never seen a rule implemented like that before. you sure didn't get that from the best-practice guides :)
open the ISA gui - select monitoring - logging - start query
What denies do you see? If necessary change the log time to last 24 hours and review it.
open the ISA gui - select monitoring - logging - start query
What denies do you see? If necessary change the log time to last 24 hours and review it.
ASKER
so what's the better policy I can implement here??
And I did check the logging, nothing was blocked. The only thing I see there is port 80 is blocked requested from one of my client pc.
And I did check the logging, nothing was blocked. The only thing I see there is port 80 is blocked requested from one of my client pc.
Break them down into specific requirements on each rule
If you want to allow everything from internal & localhost to external, thats your call but put that rule in as an individual. With your existing rule you are allowing everyone access to your ISA Server itself on all protocols - not a good move - just my opinion, its your security.
If you have no denies then two possibilities
1. Its not ISA that is the issue.
2. A Security policy within ISA is blocking (this will not appear as a deny).
Open the ISA Security policy and make sure that the policies are set to allow localhost/internal to communicate. In ISA2006 it is policy 16 for example.
If you want to allow everything from internal & localhost to external, thats your call but put that rule in as an individual. With your existing rule you are allowing everyone access to your ISA Server itself on all protocols - not a good move - just my opinion, its your security.
If you have no denies then two possibilities
1. Its not ISA that is the issue.
2. A Security policy within ISA is blocking (this will not appear as a deny).
Open the ISA Security policy and make sure that the policies are set to allow localhost/internal to communicate. In ISA2006 it is policy 16 for example.
ASKER
my is isa 2004. I think it's the one "Allow microsoft CIFS from ISA server to trusted servers" right?? It's allowed there CIFS (TCP and UDP) - Local/Internal .
ASKER
Finally!! I found out the problem !! In my DC, the Distributed File System service is started by default, but not in ISA server. So After I started the service, everything is working now !!! nothing to do with firewall. But I don't know why it was not set to automatic... it was set to manual.... Is your member server also have this setting by deafult?
Mine was too - but I enable mine as part of my installation instructions/build documents :)
ASKER
ok. Thank you for spending time with me. Have a nice day
hey, always a pleasure. Sometimes just re-walking through the basics is all it takes but I would still seriously think about breaking your rules down into the needed parts. The more you can isolate people from having access to the ISA directly, the more secure it will be.
Yeah, you have a nice day too. Always wanted an excuse to say that to someone lol.
Yeah, you have a nice day too. Always wanted an excuse to say that to someone lol.
ASKER
by the way... I have a different question here if you know how to solve it. Thank you.
https://www.experts-exchange.com/questions/23182830/Group-policy-didn't-work-for-disk-quota.html?anchorAnswerId=20957299#a20957299
https://www.experts-exchange.com/questions/23182830/Group-policy-didn't-work-for-disk-quota.html?anchorAnswerId=20957299#a20957299
Harsh but there you go. OK, refund them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Why it is harsh? but I will reaasign the point to you. sorry about that.
Do you have a rule allowing Microsoft CIFS (TCP) from internal to localhost enabled?