Troubleshooting / Configuring ISA server DNS lookup

Posted on 2008-11-10
Medium Priority
Last Modified: 2013-11-16
I have a ISA 2006 server I need to troubleshoot. Clients on the inside cannot do DNS lookup nor can they reach external websites.

Policies are
- No enterprise policies is applied before array firewall policy
- One deny all policy is applied after array firewall policy
- A long list of policies is aplied as 'Firewall policy rules'

Which plocies needs to be in place to allow a client to perform a DNS lookup on an external DNS?

I've tried to monitor all traffic to the specific DNS. When doing a DNS lookup from the ISA itself I get a fine log entry.

When doing the lookup from a client I get no log entries. Any ideas?

Question by:tecit
  • 3
  • 2
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22924626
Sounds like a naff installation. please provide an ipconfig /all from the ISA server.

Author Comment

ID: 22926188
The ISA cluster worked just fine undtil last friday where it suddently started loosing 75% og ping packets to the internet.

It's 3 servers running in as an ISA cluster with NLB on the outside interfaces. I've shutdown 2 of the servers and disabled NLB on the third and now the clients can access the internet and make nslookup without problems.

Any ideas on where to look for the NLB error? Cables and switch for the outside interfaces has been tested both physically and logically.

Hope the one server can handle the load during production time tomorrow....

LVL 51

Accepted Solution

Keith Alabaster earned 2000 total points
ID: 22928364
Ah - lol - more information :)
What are the results from the BPA?

If you are not running nlb on the internal interfaces also, how are you setting the default gateways of the clients? All of my installs (where I have used NLB) have had nlb running for both internal and external nics. What are the default gateways of the internal dns servers?

Author Comment

ID: 23231988
It turned out that our ISP made a change in their router to protect it from the unknown unicasts submittet by the ISA's NLB. We got the cluster up running again by inserting our own router in between the ISA's and the ISP's router.

Thanks for all Your quick responses.
LVL 51

Expert Comment

by:Keith Alabaster
ID: 23236918
Welcome & Thanks :)

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month16 days, 13 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question