Solved

Issue with HTTP/RPC after network disconnect failure

Posted on 2009-04-02
9
434 Views
Last Modified: 2012-05-06
My setup is ISA SERVER 2006 >>> Exchange 2003. The isa server is also the dhcp server and the exchange server is also the internal, dns and active directory server.  I have no front end server.

The issue is that after a network disconnect with my ISP, the exchange server publshing rule (OWA and HTTP/RPC) will not work. Internet works fine and I can even access other published sites from the isa server. however, http/rpc connections from window mobile phones, external outlook clients and OWA access will not work until I restart the ISA Firewall service.
0
Comment
Question by:mcolommena
  • 5
  • 4
9 Comments
 
LVL 12

Expert Comment

by:Alan3285
ID: 24056261
Hi,

What happens from outside when you go to:

https://server.domain.com/exchange

Can you telnet to this:

telnet server.domain.com 443

Thanks,

Alan.
0
 

Author Comment

by:mcolommena
ID: 24058163
I have not tried to telnet, but on the browser if i type https://server.domain.com/exchange, whih typically brings up my owa, i geta page cannot be displayed error.
0
 
LVL 12

Expert Comment

by:Alan3285
ID: 24065726
Please can you try the telnet, and see what happens (I am guessing you'll get no response, but let's try anyway).

If that is the case, then it seems most likely either the perimiter firewall / router - what do you have on the perimeter?

Or, if not that, then either the ISA server itself or the exchange server.

Depending on your LAN layout, is there any machine or device that is outside the ISA server, but inside the perimeter?  If so, can you try telnet (or browser) from there?

Also, can you connect to OWA from inside the ISA server (I am guessing about your network config, but perhaps your own workstation is inside the ISA server and on the same subnet as the exchange server?)  If so, try connecting to OWA from your workstation:

https://server/exchange

where server is either the internal hostname or IP of the exchange server.

Thanks,

Alan.
0
 

Author Comment

by:mcolommena
ID: 24066790
telnet does not work from the outside. however, it does work from the inside. Meaninig that from within the local lan the services are up on the exchange. They just do not work form the outside. This happens everytime that the isp phyiscal connection on the external wan card of the isa server gets reset. meaning that the netowrk card sees a disconnect and a reconnect. the isp rebooting thier router.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 12

Expert Comment

by:Alan3285
ID: 24070060
Is your ISA server's WAN-side NIC connected to an ADSL modem or a fibre termination or something?
If so, I wonder if there is some interaction there causing a problem?

Not sure how easy this will be for you (depends on whether you have a spare router lying around), but you could try putting an additional NAT router between the 'modem' (whatever is there) and the ISA server.

You'll need to setup the router to pass through outbound (might as well be everything initially at least since this is not a security measure), and make sure you port-forward whatever you need to come in (443, 25, etc etc)

That way, the ISA Server won't see a network disconnect (it will be the new router that sees the disconnect)

Nothing inside changes as the ISA Server is still the main firewall and DHCP.

Does that make any difference?

Alan.
0
 

Author Comment

by:mcolommena
ID: 24692579
Alan...... Sorry I have not commented... I will try this and let you know.
0
 
LVL 12

Expert Comment

by:Alan3285
ID: 24695808
No worries.  I guess you are still having the issues!

Post back when you can.

Alan.
0
 

Author Comment

by:mcolommena
ID: 25123982
Yes, still the same issue.
0
 
LVL 12

Accepted Solution

by:
Alan3285 earned 500 total points
ID: 25131012
Hi,

Do you mean you tried the additional router suggestion?

If so, your ISA server should not be seeing any disconnects now?

Alan.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now