Solved

ISA Server 2006 Migration

Posted on 2013-05-31
5
623 Views
Last Modified: 2013-06-10
Hi all,

I'm hoping someone can give some insight into this issue I have been having.
I have migrated our Internal ISA Server 2006 Server to Hyper-V on a new server.

What's been done so far:


1) Export the ISA config from old server
 2 Install Windows OS and ISA Server 2006
 3) Disconnect old ISA Server from network
 4) Give new ISA Server the old ISA Server IP address
 5) Import the ISA configuration from old server to new
 6) Check configuration
 7) Import Exchange RPC Certificates
 8) Check ISA Logs make sure all is clear.

After all of the above I connect the ISA Server check all my access internal and external all works fine...

Then... after a few hours ISA starts dropping DNS queries for ex:
I would ping www.google.co.za from my workstation and it doesn't resolve (it did before)
Ping is allowed in the firewall rules and the required DNS rules exist as they were there on the original server.

Our DNS on the DC's are set to forward any external DNS queries to a forwarder (in this case the ISA Server) (With the same IP I granted to the new ISA Server)

Like for like when I check everything it's all the same(same IP's same configuration rules, same ISA version, same SP version)

Any idea why after a few hours this would occur?

I put the old box back and my internal to external DNS queries works 100% again ( I get a reply when pinging www.google.co.za)

I haven't really looked into the edge firewall (ISA 2004) too much as I can't see how it could contribute to this issue (no names are specified and all the rules are done through IP to IP)

You're help is much appreciated.
0
Comment
Question by:NSI-Tech
  • 3
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
strivoli earned 500 total points
ID: 39210659
Check the new ISA's Alerts. The DNS server might have generated too much traffic over the ISA server. The ISA might have considered it an attack and as a result blocked any traffic from DNS. Add the DNS server's IP address to the Flood Mitigation exceptions.

Check the ISA's Alerts before making any changes. Document any changes to the ISA configuration. Let me know.
0
 

Author Comment

by:NSI-Tech
ID: 39221178
Hi Strivoli,

Thanks for your reply. I haven't had a chance to verify the solution yet. waiting on approval when we can do the next test run without affecting business. So far planned for Wednesday. Will let you know how it turns out.

thanks
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39224661
You're welcome. Keep us informed when you have any news.
0
 

Author Closing Comment

by:NSI-Tech
ID: 39233985
Thanks strivoli!  so far so good will monitor and revert back if this issue pops up again.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39234015
You're welcome! Have a nice day!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now