• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 655
  • Last Modified:

ISA Server 2006 Migration

Hi all,

I'm hoping someone can give some insight into this issue I have been having.
I have migrated our Internal ISA Server 2006 Server to Hyper-V on a new server.

What's been done so far:


1) Export the ISA config from old server
 2 Install Windows OS and ISA Server 2006
 3) Disconnect old ISA Server from network
 4) Give new ISA Server the old ISA Server IP address
 5) Import the ISA configuration from old server to new
 6) Check configuration
 7) Import Exchange RPC Certificates
 8) Check ISA Logs make sure all is clear.

After all of the above I connect the ISA Server check all my access internal and external all works fine...

Then... after a few hours ISA starts dropping DNS queries for ex:
I would ping www.google.co.za from my workstation and it doesn't resolve (it did before)
Ping is allowed in the firewall rules and the required DNS rules exist as they were there on the original server.

Our DNS on the DC's are set to forward any external DNS queries to a forwarder (in this case the ISA Server) (With the same IP I granted to the new ISA Server)

Like for like when I check everything it's all the same(same IP's same configuration rules, same ISA version, same SP version)

Any idea why after a few hours this would occur?

I put the old box back and my internal to external DNS queries works 100% again ( I get a reply when pinging www.google.co.za)

I haven't really looked into the edge firewall (ISA 2004) too much as I can't see how it could contribute to this issue (no names are specified and all the rules are done through IP to IP)

You're help is much appreciated.
0
NSI-Tech
Asked:
NSI-Tech
  • 3
  • 2
1 Solution
 
strivoliCommented:
Check the new ISA's Alerts. The DNS server might have generated too much traffic over the ISA server. The ISA might have considered it an attack and as a result blocked any traffic from DNS. Add the DNS server's IP address to the Flood Mitigation exceptions.

Check the ISA's Alerts before making any changes. Document any changes to the ISA configuration. Let me know.
0
 
NSI-TechAuthor Commented:
Hi Strivoli,

Thanks for your reply. I haven't had a chance to verify the solution yet. waiting on approval when we can do the next test run without affecting business. So far planned for Wednesday. Will let you know how it turns out.

thanks
0
 
strivoliCommented:
You're welcome. Keep us informed when you have any news.
0
 
NSI-TechAuthor Commented:
Thanks strivoli!  so far so good will monitor and revert back if this issue pops up again.
0
 
strivoliCommented:
You're welcome! Have a nice day!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now