We help IT Professionals succeed at work.

isa server 2004 problems resolving dns names

Im using a isa server 2006 running on w2k3 .
The company has purchased a new server, and I have to reinstall the operating system but with ISA 2004.
 Install and configure the ISA 2004 and I started to try from a client.
 http proxy works ok, but i cant use telnet
 Detected that this is because it is not resolving the name.
 If I write telnet "ip" 80 works perfect.
 From the workstation I can connect fine with telnet ip,
Dns servers are not resolving external dns names .
Is not a dns problem because if i change the isa , the resolution works fine again
isa 2006 is disconected .
Two servers has the same ip
if i disconnet isa2k4 and connect isa2k6 everithing works ok
From the isa server 2004 (localhost) everything works ok . I can resolve internet adresses
Watch Question

Which servers are your DNS pointing to as forwarders? is it your ISA box OR external DNS Servers?

Also, verify if ISA is running DNS in cache mode?

Verify the DNS Settings on NIC of ISA 2006 box.

Manpreet SIngh KhatraSolutions Architect, Project Lead
Top Expert 2013

For any connection to be able to connect to any server using Internet address it needs to be published ...... now you need to understand how external servers access ISA2006 and get that same information populated on ISA2004.

Hope all services are running on ISA and only one NIC ?
DNS Settings on NIC

- Rancy
Most Valuable Expert 2011
The very first Rule on any ISA/TMG installation,....right at the top of the Rule List,....must be an Rule that allow anonymnous outbound DNS Queries from the DCs to their Forwarders (or to the Internet in general if using Root Hints).

The Rule must be:
1. Anonymous (All Users)
2. Preferably at the top #1 position on the list
3. Must use the normal DNS Protocol (not "DNS Server")

1. Never use the ISA/TMG as a DNSServer
2. Never run ISA/TMG as any form of DNS cache server
3. ISA/TMG should be totally devoid of any type of DNS "duties".

This is no,...and should not be any Publishing
Nothing from outside should be involved in this in an "inbound" manner.

A one nic ISA/TMG is a waste of time and money.  It becomes reduced to nothing but a "Web Caching Proxy" and can only process HTTP, HTTPS, and FTP-Over-HTTP,...and it is capable of only "web publishing" for inbound,... but with not much real measurable benefit for doing so.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.