I have an ISA 2006 array NLB between 2 ISA servers. The servers hold both a configuration server and ISA server roles.
Servers have 2 NICs one to my workstation VLAN and one to my internet segment. DNS is set for the Workstations to set to resolve the ISAs by their Workstation interface.
I use ISA to proxy my web clients, to block them from going to sites that is not configured in my allowed URL set. I then made a rule to deny all web traffic unless the site requested was part of said URL set.
I configure this rule to apply to a group call ‘restricted internet’ and added my users to this group.
I have a group policy that configures all systems within a OU to set their Internet Explorers to use my ISA proxy virtual name on 8080. I placed the users workstations in this OU.
This worked fine for 50 days with no one touching it. Then I got reports that users were not being blocked from visiting prohibited sites any longer.
I confirmed this report and checked my ISA servers. Logs were clean of any items that made me think may be related.
I have moved my restricted internet rule up to #1 in the order and still users are able to view any site they want.
I am watching logging on one client and I am seeing the ISA allow the connection but is not displaying what rule is allowing it.
Only thing I see that strikes me as abnormal is the SQL icon in the system tray says ‘Not connected \\’. I checked the SQL service on the ISA and they are running. I also found that in DNS both interfaces: Workstation VLAN and internet had registered their IPs under the ISA servers names. I removed the DNS entries for the internet interface IPs, and set those interfaces not to register with DNS.
I also rebooted the ISAs.
Only thing that I see of intrest in my logs is this:
NLB Cluster <<WORKSTATION VLAN IP>> : Inconsistent bi-directional affinity (BDA) teaming configuration detected on host 3. The team in which this cluster participates will be marked inactive and this cluster will remain in the converging state until consistent teaming configuration is detected.
I am not using teaming and to be safe I uninstalled the broadcomm teaming app. Other than that logs are clean