Registered users    
MembershipMembership:
Latest New UserLatest:jenisa villarin
New TodayNew Today:11
New YesterdayNew Yesterday:11
User CountOverall:23322
Private messaging    
You must be logged in to use this module.
Top 10 posters    
NamePosts
Mariette Knap12893
Marina Roos12507
Eriq Neale2114
Stan Guinn1913
Michael Patrick1912
Robert Pearman1771
Nick Pieters1425
Stewart Brown616
william warren598
Kevin D.579
Welcome unauthorized visitor    
If you want to join us in the discussions on this forum you need to register first. Registration is free! If you are already a registered user please login to join the forum.
Small Business Server Support Forum    
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004
Subject: New installation questions
Prev Next
You are not authorized to post a reply.

Author Messages
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/06/2008 04:04 PM  
Hi,
 
We run SBS2003 standard on a single server, 2 NICs, static IP  & router. Ive just got through our MS Action Pack and now have the opportunity to install ISA 2004 from the SBS premium DVD or ISA 2006 from another DVD.
 
I've no experience of ISA but many of our users rely heavily on VPN so it'sis something I'd like to get to grips with.
 
My inital questions are:
 
1. Ive read this kb article and other info (this) and would like to know if I must install ISA on a separate server. By reading the instructions, it seems like ISA gets installed on the SBS server, providing you have 2 NICs . But ive been told that ISA 2006 should really be on its own machine and not on a domain controller - what's the better option?
 
2.  If i do need a 2nd server, can I use the Web Edition of windows server 2003 that came in the Action Pack?
 
Ive also been looking for on of M&Ms 'how to's on installing ISA, but I cant find it, is there one?
 
Thanks in advance
Phil Bennett User is Offline
United Kingdom
Member since
10/2/2006

Registered Users
Posts: 121
6/06/2008 05:31 PM  
Hi Tobias,

If you choose to install ISA 2004 from the SBS Premium DVD, then it must be installed on the SBS machine. ISA 2004 can be installed whether you have 1 or 2 nics. 2 nics is the prefered method as this configuration can be used as an edge firewall, for vpn etc.. the 1 nic config can only be used for web proxying and caching.

If you choose to install ISA 2006, then it should be on a seperate server (non domain controller). It will break the wizards in SBS and will also break the EULA agreement if you try to install on SBS 2003.
I beleive you can install ISA 2006 on 2003 Wed Edition (although, I would like someone else to confirm this)

The choice is really down to you, having ISA on the SBS though makes life a little easier. You can use the wizards on SBS to set up most (if not all) the rules you will need to allow the correct traffic to flow through your network.

Phil
Kevin Da Silva User is Offline
Mississauga, Canada
Member since
1/12/2008

Registered Users
Posts: 579
6/06/2008 10:27 PM  
It may just be easier to install ISA 2004 on the SBS machine, as it would work with the least amount of changes to your current environment. I cant find anything in the requirments other than it has to be Windows 2000 SP4 .
MCSE:Messaging, MCTIP, SBS Specialist
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/07/2008 10:56 AM  
Thanks for the replies. I've installed ISA on the server, and the firewall client on the worksations.

Ive been through all the wizards and I think it's set up ok, the IPs of the workstations appear in the 'sessions' tab. However, looking in the monitoring dashboard, everything under 'connectivity' says 'not configured'. What should I have done to configure these?

Also, i've just received this alert

'Description: ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 169.254.0.0-169.254.255.255;.'

Any thoughts how to correct this?

Thanks again
Kevin Da Silva User is Offline
Mississauga, Canada
Member since
1/12/2008

Registered Users
Posts: 579
6/07/2008 02:06 PM  
Run IPConfig on the server to see if there are any interfaces with that IP, and then fix it if you do find it.

As for the connectivity verifiers, those are optional and if setup correctly can give you a heads up to potential issues.
MCSE:Messaging, MCTIP, SBS Specialist
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/07/2008 06:07 PM  
ipconfig didnt show up anything, there was/is no device using an IP from that range that i could find..

After i noticed that OWA and RWW were no longer accessible from outside the network, i chose to unistall ISA.

Now CEICW no longer works, and fails at the network connection stage. Nothing appears in Event View so im dont know why it is failing.

I would be interested to hear if anyone could explain the error message above. Although towards the end of my efforts, that error message had change from being about the 'LAN' adapter to the 'WAN' adapter.

Thanks for all the help
Kevin Da Silva User is Offline
Mississauga, Canada
Member since
1/12/2008

Registered Users
Posts: 579
6/07/2008 08:06 PM  
Check to see if you have any ghosted NICs on the machine.

Also check the CEICW log located here:

CEICW %sbsprogramdir%\Support\icwlog.txt
MCSE:Messaging, MCTIP, SBS Specialist
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
6/08/2008 06:56 PM  
Hi Tobias,
 
Please, post an ipconfig /all from the server and a workstation. Open a command prompt by opening Start -> Run from the Start Menu and type cmd. From the command prompt type ipconfig /all >ip.txt. Attach this file to your answer.
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/09/2008 09:53 AM  
Hi Marina,

Workstation

Windows IP Configuration
Host Name . . . . . . . . . . . . : PC002
Primary Dns Suffix . . . . . . . : X.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : X.local
X.local

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : X.local
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-16-17-C5-D3-CF
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.16.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.2
DHCP Server . . . . . . . . . . . : 192.168.16.2
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
Lease Obtained. . . . . . . . . . : 06 June 2008 10:30:00
Lease Expires . . . . . . . . . . : 14 June 2008 10:30:00

SERVER 

Windows IP Configuration
Host Name . . . . . . . . . . . . : x-server
Primary Dns Suffix . . . . . . . : X.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : X.local

Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-17-A4-8B-71-9F
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2

PPP adapter RAS Server (Dial In) Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-10-18-24-93-9D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ive come in this morning and all users' emails sent since the above problem has occurred have come back with this error message:

The following recipient(s) cannot be reached:

Home on 09/06/2008 08:36
There was a SMTP communication problem with the recipient's email server. Please contact your system administrator.
 

ourdomain.co.uk #5.5.0 smtp;503 This mail server requires authentication when attempting to send to a non-local e-mail address. Please check your mail client settings or contact your administrator to verify that the domain or address is defined for this server.


Kevin, I checked the log its quite long but the only reference to errors is:

Error 0x80004005 returned from call to Disabling dns registration on the external NIC().
Error 0x80004005 returned from call to CNetCommit:oRouter().
Error 0x80004005 returned from call to Configuring for router connection().
Error 0x80004005 returned from call to CNetCommit::Common().
Error 0x80004005 returned from call to CNetCommit::Commit().
calling GetBOConnector ().

Any help you could give would be appreciated

Thanks
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/09/2008 10:26 AM  
Re-running CIECW had deleted the outbound security logon details in the smtp connector. I've re-entered these and the bounce-back messages above have stopped appearing, but the emails still arent arriving. So now they've just disappeared!
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/09/2008 10:36 AM  
Actually, email is now fixed.

Just the original CIECW network connection is broken
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
6/11/2008 02:36 PM  
Hi Tobias,
 
Iipconfigs are good, but what are the current errors when running CEICW?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
Robin Jones User is Offline
United Kingdom
Member since
8/24/2007

Registered Users
Posts: 149
6/11/2008 02:55 PM  

Hi Marina,

Basically, a message saying 'an error has occurs with one or more component' during the end of the network config part.

The only errors I can see in icwlog.txt are

Error 0x80004005 returned from call to Disabling dns registration on the external NIC().
Error 0x80004005 returned from call to CNetCommit:oRouter().
Error 0x80004005 returned from call to Configuring for router connection().
Error 0x80004005 returned from call to CNetCommit::Common().
Error 0x80004005 returned from call to CNetCommit::Commit().
calling GetBOConnector ().
Ive attached a copy of the log created during one CEIWC attempt.
 
Internet and Email all seems to be working ok however when I log into the server a warning balloon pops up in the taskbar telling me the internet connection has not been configured and to run CEICW.

Attachment: 1611555723771.txt
Marina Roos User is Offline
The Netherlands
Member since
3/24/2005

Forum Admins
Posts: 12507
8/30/2008 11:01 PM  
Hi Robin,
 
Have the servernics ever been switched in the past?
Marina Roos Smallbizserver.Net AdministratorMission accomplished. We have joined the branch office to our SBS 2003 Headquarters and have the same user experience on the branch office as we have on our local  network at the Headquarters. Want to know how? Signup up for a subscription and get instant access to the article series 'How to add an additional Domain Controller from a remote office to the SBS domain'
You are not authorized to post a reply.
Forums > Microsoft Small Business Server 2003 & 2000 > ISA Server 2004 > New installation questions


ActiveForums 3.7
Forum policy    
These Discussion Forums are dedicated to the discussion of the Small Business Server and related server and client software. For the benefit of the community please observe the following posting guidelines:
  1. No Advertising. This includes promotion of commercial products and non-commercial products which are not directly related to Small Business Server and related server and client software.
  2. No Flaming or Trolling.
  3. No Profanity, Racism, or Prejudice.
  4. Site Moderators have the final word on approving/removing a thread or post or comment.
Copyright 2002-2008 Concentrix b.v.    :   Page generated in 0.3750024 seconds.   :   Terms Of Use   :   Privacy Statement