Solved

ISA Server 2006 Migration

Posted on 2013-05-31
5
631 Views
Last Modified: 2013-06-10
Hi all,

I'm hoping someone can give some insight into this issue I have been having.
I have migrated our Internal ISA Server 2006 Server to Hyper-V on a new server.

What's been done so far:


1) Export the ISA config from old server
 2 Install Windows OS and ISA Server 2006
 3) Disconnect old ISA Server from network
 4) Give new ISA Server the old ISA Server IP address
 5) Import the ISA configuration from old server to new
 6) Check configuration
 7) Import Exchange RPC Certificates
 8) Check ISA Logs make sure all is clear.

After all of the above I connect the ISA Server check all my access internal and external all works fine...

Then... after a few hours ISA starts dropping DNS queries for ex:
I would ping www.google.co.za from my workstation and it doesn't resolve (it did before)
Ping is allowed in the firewall rules and the required DNS rules exist as they were there on the original server.

Our DNS on the DC's are set to forward any external DNS queries to a forwarder (in this case the ISA Server) (With the same IP I granted to the new ISA Server)

Like for like when I check everything it's all the same(same IP's same configuration rules, same ISA version, same SP version)

Any idea why after a few hours this would occur?

I put the old box back and my internal to external DNS queries works 100% again ( I get a reply when pinging www.google.co.za)

I haven't really looked into the edge firewall (ISA 2004) too much as I can't see how it could contribute to this issue (no names are specified and all the rules are done through IP to IP)

You're help is much appreciated.
0
Comment
Question by:NSI-Tech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 19

Accepted Solution

by:
strivoli earned 500 total points
ID: 39210659
Check the new ISA's Alerts. The DNS server might have generated too much traffic over the ISA server. The ISA might have considered it an attack and as a result blocked any traffic from DNS. Add the DNS server's IP address to the Flood Mitigation exceptions.

Check the ISA's Alerts before making any changes. Document any changes to the ISA configuration. Let me know.
0
 

Author Comment

by:NSI-Tech
ID: 39221178
Hi Strivoli,

Thanks for your reply. I haven't had a chance to verify the solution yet. waiting on approval when we can do the next test run without affecting business. So far planned for Wednesday. Will let you know how it turns out.

thanks
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39224661
You're welcome. Keep us informed when you have any news.
0
 

Author Closing Comment

by:NSI-Tech
ID: 39233985
Thanks strivoli!  so far so good will monitor and revert back if this issue pops up again.
0
 
LVL 19

Expert Comment

by:strivoli
ID: 39234015
You're welcome! Have a nice day!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VL And TMG 2010 1 336
ISA 2006 Allow specific client access to a HTTPS site 17 433
Managing ForeFront Endpoint with SCCM2012 4 1,207
Outlook 2013 asking for password 6 317
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question