Troubleshooting / Configuring ISA server DNS lookup
I have a ISA 2006 server I need to troubleshoot. Clients on the inside cannot do DNS lookup nor can they reach external websites.
Policies are
- No enterprise policies is applied before array firewall policy
- One deny all policy is applied after array firewall policy
- A long list of policies is aplied as 'Firewall policy rules'
Which plocies needs to be in place to allow a client to perform a DNS lookup on an external DNS?
I've tried to monitor all traffic to the specific DNS. When doing a DNS lookup from the ISA itself I get a fine log entry.
When doing the lookup from a client I get no log entries. Any ideas?
Regards,
Kaare
Policies are
- No enterprise policies is applied before array firewall policy
- One deny all policy is applied after array firewall policy
- A long list of policies is aplied as 'Firewall policy rules'
Which plocies needs to be in place to allow a client to perform a DNS lookup on an external DNS?
I've tried to monitor all traffic to the specific DNS. When doing a DNS lookup from the ISA itself I get a fine log entry.
When doing the lookup from a client I get no log entries. Any ideas?
Regards,
Kaare
Keith Alabaster
Sounds like a naff installation. please provide an ipconfig /all from the ISA server.
ASKER
The ISA cluster worked just fine undtil last friday where it suddently started loosing 75% og ping packets to the internet.
It's 3 servers running in as an ISA cluster with NLB on the outside interfaces. I've shutdown 2 of the servers and disabled NLB on the third and now the clients can access the internet and make nslookup without problems.
Any ideas on where to look for the NLB error? Cables and switch for the outside interfaces has been tested both physically and logically.
Hope the one server can handle the load during production time tomorrow....
Thanks,
Kaare
It's 3 servers running in as an ISA cluster with NLB on the outside interfaces. I've shutdown 2 of the servers and disabled NLB on the third and now the clients can access the internet and make nslookup without problems.
Any ideas on where to look for the NLB error? Cables and switch for the outside interfaces has been tested both physically and logically.
Hope the one server can handle the load during production time tomorrow....
Thanks,
Kaare
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It turned out that our ISP made a change in their router to protect it from the unknown unicasts submittet by the ISA's NLB. We got the cluster up running again by inserting our own router in between the ISA's and the ISP's router.
Thanks for all Your quick responses.
/Kaare
Thanks for all Your quick responses.
/Kaare
Welcome & Thanks :)