Forefront Edge Security - Installation, Upgrade, and Setup Forum

ISA 2006 - NLB on Internal

Mon, 30 Nov 2009 09:37:45 Z

Two ISA 2006 servers in an ISA array with NLB.

Config:

ISA01
WAN: 10.10.10.100
LAN: 192.168.1.100

ISA02
WAN: 10.10.10.101
LAN: 192.168.1.101

External - Primary VIP: 10.10.10.102
VIP: 10.10.10.103

Internal - Primary VIP: 192.168.1.102
? 192.168.1.103

Exchange 2007 CAS01
192.168.1.110

Exchange 2007 CAS02
192.168.1.111

1. I've published Outlook Web Access for Exchange 2007 against a DNS name for 10.10.10.103 and that works fine. Access to the Exchange 2007 CAS servers (webfarm) is from 192.168.1.100 and 192.168.1.101 which is also ok (confirmed by IIS logs). Must I add a VIP to the Internal net (I.E 192.168.1.103) to get NLB to work on the Internal net and to get that IP address (I.E 192.168.1.103) to access the CAS servers?

2. If ISA01 or ISA02 fails, can I expect that the Outlook Web Access session will be moved to the remaining ISA array node and the user doesn't need to logon again?

Thanks
Niclas

ISA Server 2006 on Windows Server 2008 RC0

Sun, 02 Dec 2007 23:07:03 Z

Does it run?

Where to find current Wormlist version

Thu, 26 Nov 2009 11:08:14 Z

Hi all,

In my SCOm I get messages about Out of date Forefront engines.

In Scanner Updates (in Forefront console) I can see that all engines are up to date except the worm list. For worm list this is what I see:

Engine version: 10.1.2.234

Last checked 26/11/1009

Last update: 16/09/2009

Is there a place (online) where I can see what engine versions I should have to be up to date?

Thx for help,

Patrick

ISA 2006 VPN with and without Radius

Fri, 20 Nov 2009 08:00:11 Z

We having trouble setting up vpn access. We need 2 different type of vpn-connections.
We are using a server on the web, which access a internal database through VPN (This one does not use radius authentication). This is a webservices that uses a ip-address (given buy ISA/AD) to connect to our ISA-server. Is it poissible to change this to a not-VPN-connection or should we use a sit2site connection?
we want to give our 64bit mobile users access through a MS-VPN connection with radius-authentication.
According to ISA it is not possible to use 2 ways of authentication on VPN.

So the question is: Is this possible.

Config high availability Isa Server

Thu, 19 Nov 2009 19:52:48 Z

a question about NLB.
I'm going to mount 2 ISA Server 2006 NLB to have high availability and load balancing.

What I will do is the following

SRVISA01 (srvisa01.domain.es)
WAN: 64.155.166.101 -> NIC1
LAN: 10.10.10.101 -> NIC2
MASK: 255.255.255.0
NLB Virtual IP: 10.10.10.1
IntraArray: 172.16.1.101 -> CIN3

SRVISA02 (srvisa02.domain.es)
WAN: 64.155.166.102 -> NIC1
LAN: 10.10.10.102 -> NIC2
MASK: 255.255.255.0
NLB virtual IP 10.10.10.1
IntraArray: 172.16.1.102 -> CIN3

DC (dc.domain.es)
LAN: 10.10.10.20 -> NIC1
MASK: 255.255.255.0
GW: 10.10.10.1

1 .- Is everything OK or should I also create a virtual NLB IP External (I think not because that balance would be if I VPN servers, publications or other event, but these two ISA Proxy only to act.).

2 .- The CSS where I install it. In isa01 and ISA02 own servers or can be installed on other servers domain members? What advice would you give.

Not able to manually set ExtendedRights on RecieveConnector - Exchange 2010 Edge and Forefront TMG 2010 RC

Sun, 22 Nov 2009 18:37:08 Z

Im trying out these products and ran into an issue configuring the RecieveConnector.

Using TMG Beta 3 and Exchange 2007 edge role I was able to manually grant Authenticated users extended rights on the external recieveconnector without TMG overwriting the settings.

Now it looks like TMG overwrites my manually set ExtendedRights on the RecieveConnector. I tried to set this to support IMAP users' need to send mail via SMTP externally. To achieve this I have tried to manually set permissions like ms-Exch-SMTP-Accept-Authoritative-Domain-Sender, ms-Exch-SMTP-Accept-Any-Recipient etc to Authenticated users on the connector.

So what I'm trying to do is to grant users that use IMAP externally rights to submit messages from my Exchange Organization via the external RecieveConnector.

As TMG immediately overwrites my manual settings I need to find a way to work around this. Is there another best practice to get this functionality?

Thom

ISA schema

Tue, 17 Nov 2009 13:59:34 Z

Hi Folks, greetings.

Our customer has an ISA 2000 installed on his network and it has the ISA Server schema installed on the AD.
We are going to install an ISA 2006 and will manually migrate the rules from the 2000.

The question is: Does the ISA 2006 installation messes up the ISA 2000 schema in a way that we won't have means to have both ISAs productive while we are migrating the rules? If it does not have any impact, are there any Microsoft official link that we could use to prove to the customer that we will not impair his security with schema issues?

As far as I have seen, ISA 2004 and 2006 doesn't install any schema on the AD. If that holds true, does any of you recommend cleaning up the AD from the old ISA installation? If so, how to do that.

Thanks in advance.

Best regards,

AL

TMG 2010 Configure as Inline Mode

Thu, 12 Nov 2009 07:26:16 Z

I wanted to know can we deploy TMG 2010 in inline mode , that is it would just be doing the monitoring and logging of user activity, but no do any kind of Web Filtering etc.
I have a scenario where we want that the user who connect to the Internet their traffic should pass through the TMG , and the TMG would only record the activity. Ideally we want the TMG to act like a sniffer with the port connecting to the Firewall as the Source Port and the TMG acting as the Destination .

Can ISA Server 2006 authenticate users in domain when it is located in a workgroup ?

Sun, 08 Nov 2009 18:33:07 Z

Hello Friends :

I have a standalone ISA Server 2006 installed, and i also have an active directory domain, can ISA server authenticate users from active directory when it is not joined to it ?

thank you.

Network is my LOVE

ISA 2006 Network and routing Help please?

Wed, 04 Nov 2009 08:57:29 Z

Hi all,

I have a problem that I am stuggling with, and need some help please?

Here is what I have:

3 leg ISA configuration, external IP, 192.x.x.x for DMZ and 10.0.0.1 - 10.0.7.255 for the internal network.

IThe internal network split in two, Site A IP range 10.0.0.1/22 and Site B 10.0.4.0/22 with a router 10.0.3.1 and 10.0.7.1 inbetween.

ISA internal IP address is 10.0.0.1 located at Site A.

Client PC DHCP default gateway is 10.0.0.1 (ISA Server) at site A and 10.0.7.1 (router) at Site B.

What I would like to do, or should I say, have to do, is to direct all traffic destined for site B to be routed via ISA to the router for site B (10.0.3.1).

At the moment, we are planning to replace the existing firewall and do an inplace swap, therefore keeping the exitxting firewall static route. I am trying to preconfig ISA so that we can just unplug the old firewall, and pop in the ISA server.

Does anyone know how to route all 10.0.4.1/22 traffic through a specific router?

Thanks,

Amathus.

ISA Firewall Policy rule

Tue, 27 Oct 2009 13:51:51 Z

Hi,

I have ISA 2006 setup and running. I created a rule for access to the isa server using the following protocols "Microsoft CIFS (TCP) and NetBios Session". Withe this rule, I can connect to the isa server drives using \\server name\c$.

The problem I have right now is not sure what rule to create to enable isa server connect to other systems drives on the internal network. Also when I do nslookup on the isa server, i get:

DNS request timed out.
timeout was 2 seconds.
*** Can't find server name for address 172.xx.xx.xx: Timed out
Default Server: UnKnown
Address: 172.xx.xx.xx

Note: I can connect to this systems via their IP address but not by their dns names.

Any one with any idea?

Thanks

Isaac2k2

TMG MBE installation error

Mon, 02 Nov 2009 18:45:33 Z

Hello,

Getting an error on the installation of TMG MBE. It says "Setup failed while registering Forefront TMG filters"

Installing on 2K8R2, member server & tried stand-alone. Has 2 networks physically connected and statically assigned addresses. Have installed (what I've read/been told) are the pre-reqs, but maybe I missed one. Install log available upon request.

Please help!

access rule for Argent remote monitoring of ISA server 2006

Mon, 19 Oct 2009 08:53:35 Z

Hi,
We need to perform remote monitoring of ISA server 2006 using Argent TCP port 3190 from an Argent server. Our ISA server 2006 is multihomed with 2 NIC. We added a new access rule from Argent server to localhost for TCP 3190 but it doesn't work. The access is still denied recorded in the ISA logs. Appreciate any help to enlighten me. The Argent server is located in the Internal network. Thank you.

ISA 2004 Web Proxy Auto Discover

Tue, 22 Sep 2009 15:20:25 Z

Hi,
I was wondering if it would be possible for auto discover to work with this setup. We have 2 connections to the internet, one is for our network and the other is for a guest wireless. I am trying to set up auto discover on the guest wireless. The server specs, the operating system is Windows 2003 R2 and ISA 2004 Enterprise with 3 NICs and is part of our domain. NIC 1 connects to a wireless access point that has dhcp running that users will initially connect to. NIC 2 connects to our network to access active directory for users to authenticate against. NIC 3 connects to a managed router that goes out to the internet. If a user specifies the ip address for the proxy in internet options, the user will be prompt for credentials and it works. Since this server is part of our domain and we already have 2 DCs both running dns and dhcp and the guest wireless users can not access the domain, Can autodiscovery work in this setup?

TMG RC and Exchange Edge

Thu, 29 Oct 2009 16:56:38 Z

Hi, I've configured TMG with Exchange Edge. I can receive mail however send mail doesn't work. Does anyone know what might be the cause? The edge server is getting the send connectors created with the subscription file.

-Trung

UPDATE: After looking at the firewall logs, it's saying that there is a failed connection attempt via SMTP from Exchange 2010 RC to the TMG server (with Exchange Edge). I've enabled the system rule that allows for this.

TMG Cluster SSetup

Tue, 27 Oct 2009 09:40:24 Z

Hi All!

   Now we have 2 ISA 2006 Ent with following config:
   Primary config storage on the same computer
   Second pointing on other ISA Server
   No Clustering (NLB, CARP etc) configured

Now i'm prepare to moving to TMG Ent and cluster configuration

I'm setup one EMS Server with config storage, and 2 TMG Ent Servers, as described http://isaserver.org/tutorials/Configure-Forefront-TMG-integrate-TMG-Array.html
But after joining to array and entering to EMS Server and open TMG Console, in Internal network properties i cannon see NLB tab, and version of server switched to standart (and button Upgrade is present, asking me a key). Also in System status both servers marced red with error cannot connect to specified server. After Disjoining one server from array i can see NLB tab in internal network properties. So i have following questions:

1) Is it possible to store configuration on same server as TMG and alternate is second TMG (as configured now) or i need dedicated servers for config storage (no more that 2 servers are planned per array, in Enterprise will be 2 arrays with 2 nodes in array)
2) Do i need to configure internal network properties for array and creating rules for allow traffic within array on EMS Server before joining TMG Servers to array or not?

MCSE: M+S, SMS/SCCM, CCNA

TMG RC: Getting Started Wizard fails in Configure Network Settings

Tue, 20 Oct 2009 16:47:39 Z

I installed the TMG RC on a fresh install of Windows 2008 R2 Std. (joined to the domain) last night. The setup went flawlessly (love the prerequisites handler!). However, I cannot get past the Configure Network Settings phase of the Getting Started Wizard. I selected the "3-leg perimeter" option.

The network setup looks something like this:

LAN
IP: 192.168.1.254
Subnet mask: 255.255.255.0
Default gateway: (blank)
DNS: 192.168.1.200

Internet:
IP: (static public IP address)
Subnet mask: 255.255.255.248
Gateway: (gateway for that subnet)
DNS: (ISP DNS)

DMZ
IP: 192.168.100.254
Subnet mask: 255.255.255.0
Default gateway: (blank)
DNS: (blank, also tried 192.168.1.200)

When I click Finish at the end of the setup, it gives a variety of errors (unfortunately, it doesn't list which NIC is the "specified network adapter"):

0xC004045E: The list of DNS addresses for the specified network adapter includes duplicates.

0xC004045C: The list of IP addresses for the specified network adapter includes duplicates.

Or 0x80004005: Unspecified error.

I've tried quite a few things--backing out and setting up the NIC properties directly then re-running the Configure Network Settings wizard, uninstalling TMG and reinstalling and re-running the wizard, and starting from scratch with a complete reinstall of Windows, TMG, and re-running the wizard. Any thoughts?

Thanks!
Ryan

Problem creating rules and then test or view properties

Mon, 26 Oct 2009 10:45:40 Z

I have installed Win 2008 R2 build7600(RTM) in a hyperv machine connected to a domain then installed TMG RC
This all looks fine then i created a new array and a publishing rule for a website.

When i try to open the properties i get following critical screen
http://www.twitpic.com/la36e

after a whole lot of ignores it shows properties but this is no good. then when i try to run the test it prompts me again with errors.

Can someone tell me what is going on and if there is a solution to this problem?

kind regards,

Paul Keijzers
Http://www.kbworks.nl

Trihomed ISA

Sun, 25 Oct 2009 03:20:47 Z

Hello friends :

I have a network with two subnets , and one active directory database , i want to place all the servers in one subnet and all the clients in the other in order to control access and get reports of them , i also want to share internet for the client computers , I decided to use ISA server 2006 Enterprise sp1 with a trihomed structure, I do not have any public services :

1-Can i place the Domain Controller in the other subnet ?
2-Can ISA Server handle theses amount of traffic ?
3-What kind of hardware should i use to handle ISA with these amount of traffic ? ( i have DL-380- ML-580 HP Servers )
4-I do not want ISA to be a single point of failure ! ( How can i implement NLB or FAilover for ISA )

Is there any guide or solution about this ?

Please help.

Network is my LOVE

which type of template for exchange pop, imap, owa and proxy?

Fri, 23 Oct 2009 23:01:31 Z

We have deployed isa 2006 sp1. We are currently deployed in a single nic configuration, only using it for proxy for a couple of servers.
We've added exchange 2007 owa and activesync. We now need to change the ISA template so we can publish secure pop and imap, as well.
We already have edge servers deployed and they are firewalled and secured via an alternate method, not isa.
We would like isa behing the edge servers and the exchange CAS/hub behind isa.
I'm just getting familiar with isa and don't quite know where to put the 2nd nic. I was thinking of not changing the isa template, just add the 2nd nic to a perimeter network. and use that ip for the outside facing. It will get it's nat from a different firewall, not from isa.
Will that work?
Is there a better way?

TMG installation error

Wed, 21 Oct 2009 10:15:24 Z

Iam trying to install Microsoft Forefront Threat Management Gateway, but i get this error
setp failed while registering forefront TMG filter

what is the problem and how to solve it plz

How to configure NLB not using ISA NLB integration

Wed, 14 Oct 2009 07:02:34 Z

Hi,

Currently we are using ISA with NLB integration. But now we need to change the NLB affinity from single affinity to no affinity. Therefore we disabled the NLB integration in ISA and try to configure NLB using NLB manager.

But we can only configure one node NLB. We got "Could not locate NLB on the specified computer" when connecting to other node. Is there any suggestion to configure ISA NLB with no affinity?

Issue after applying kb916106 on the ISA Server 2004

Fri, 16 Oct 2009 15:33:24 Z

After applying kb916106, it kissed all the external access (incoming\outgoing), we had to remove it, anyone has similar issues?

TMG 2010 RC fails to install due to Windows SP not installed

Wed, 14 Oct 2009 15:29:43 Z

The preparation tool reports that the "required windows server 2008 service pack" is not installed and stops the installation. But, the server has SP 1 installed.

Winver reports that the server is running Version 6.0 (Build 6001: Service Pack 1). The hardware is an Intel 64 bit dual quad core that is running hyper-v.

In addition to SP 1 the Server Window Updates are competely up to date. Can anyone tell me what might be going wrong with the prep tool step?

Cannot Joined the Workstation to D.C. thru ISA Server 2006

Wed, 07 Oct 2009 18:13:34 Z

Good day Guyz,

     I'm also at the Visual Foxpro General Forum, but I also here at Windows Server Forums because I have been a hard times to be able to joined one of the workstations at D.C. thru ISA Server below are the following informations:

     Windows Server 2003 SP2 - A.D. DNS Integrated, Domain Controller
          1 NIC Card - Public IP Address of 178.197.225.194/27

     Windows Server 2003 SP2, ISA Server 2006 - Member Server of A.D. DNS Integrated, Domain Controller, DHCP, RRAS
          3 NIC Card:
               1st NIC Card - Public IP Address of 178.197.225.195/27
               2nd NIC Card - Private IP Address of 172.18.0.1/16 - Internal Network
               3rd NIC Card - Private IP Address of 172.17.0.1/24 - for VPN Clients

     Windows XP Pro SP2
          1 NIC Card:
                With IP Address of 172.18.0.6

     At ISA Server 2006 Firewall:
          1. Created Internal (172.18.0.0 - 172.18.255.255) - Networks
          2. Created All Access with Route Internal to External - Network Rules
          3. Created DHCP Request, DHCP Reply - Firewall Policy
          4. Created LAN Internet Access - Firewall Policy
          5. Created Server Internet Access - Firewall Policy

     All are working fine but I cannot joined my Workstation WinXP to Domain Controller, should I make another Firewall Policy to be able to joined workstations? any idea to help me out, thanks guyz...

TMG Beta3: STOP-error from netio.sys

Thu, 01 Oct 2009 20:14:40 Z

Today I installed Forefront TMG Beta 3 on my Windows 2008 R2-server (Enterprise). After installing, my system wouldn't reboot anymore. It's loading Windows, then starts loading the system-configuration and then I get a BSOD telling me about a 'DRIVER IRQ LESS OR EQUAL'. The source is the file netio.sys.

Does anyone know what could be wrong? I guess it has something to do with the network-drivers or the filter TMG installs, but when I start in Safe Mode with Networking, I'm able to boot and log on.

This system used to be a DC, but I demoted it before installing TMG.

I hope someone has had the same problem or know a solution.

Moving ISA Server 2000 to a new Server

Sun, 04 Oct 2009 14:17:08 Z

We have ISA Server 2000 running on a Windows 2000 Server. I've bought a new Server to be based on Windows 2003.

Is there a simple way to move the existing ISA Server 2000 setup, configuration and rules to the new Server?

VPC and ISA Server configuration help!

Mon, 28 Sep 2009 16:36:14 Z

I'm using VPC's here and just cannot seem to make this happen.

I want all traffic to go through ISA Server but this does not seem to be working.

I am using VPC's here and ISA 2006.

however, when pinging or access say the exchange server VPC, it pings just fine and bypasses ISA completely.

What am I doing wrong?

I want to eventually publish exchange and other apps through ISA Server but cannot do this until this configuration is sorted.

how should my VPC's be configured?

This is my configuration:

VPC Settings:

Client WS2003: Local Only
DC/AD/DNS: Local Only
Exchange 2003: Local Only
OCS: Local Only
ISA Server: LoopBack Adapter #2, Host NIC, Loopback Adapter #3

IP Settings in the VPC's

Client WS2003:
IP: 10.10.10.3
Subnet: 255.255.255.0
Default Gateway: 10.10.10.1

DC/AD/DNS:
IP: 10.10.20.1
Subnet: 255.255.255.0
Default Gateway: 10.10.20.2
DNS: 127.0.0.1

Exchange 2003
IP: 10.10.20.3
Subnet: 255.255.255.0
Default Gateway: 10.10.20.2
DNS: 10.10.20.1

OCS:
IP: 10.10.20.5
Subnet: 255.255.255.0
Default Gateway: 10.10.20.2
DNS: 10.10.20.1

ISA Server:
LoopBack Adapter #2 (Internal) IP: Obtain IP Automatically

LoopBack Adapter #3 (External)
IP: 10.10.10.1
Subnet: 255.255.255.0

NIC (Contoso Networl):
IP: 10.10.20.2
Subnet: 255.255.255.0
DNS: 10.10.20.1

Where am I going wrong?

I am not a pro so please can someone explain step by step on what the configurtion should be rather than just posting links?

Thanks!

Need 2 be back @ MS - MS All the way! Follower since 1995 MS Super Evangelist| MSDN Forums Moderator

Reverse Proxy HTTP > HTTPS and vice versa.

Wed, 09 Sep 2009 15:33:34 Z

Hello,
I have an issue with reverse proxying and looking for guidance.

We have an issue with translating information between HTTPS and HTTP between two servers and are attempting to use ISA server 2006 on a windows 2003 box in the middle to pass data back and forward.

http traffic from the internal server1 must be re-formatted to https traffic and sent to internal server 2 whilst https traffic from the internal server 2 must be converted to http to send to internal server 1. Is ISA 2006 capable of this, and if so which would be the best (only) method for achieving it?

I'm completely stumped.
Thanks in advance for any help.

ISA 2006 as upstream for ISA 2000

Fri, 11 Sep 2009 15:02:11 Z

Hi folks.

We have a pair of ISA 2000 enterprise that will be upgraded to ISA 2006 enterprise. They are configured as an NLB array.

This array has another ISA 2000 enterprise as a downstream proxy. Due to changes on the AD architecture in the near future, the upgrade of this downstream proxy will be postponed for a while.

The question is:
Can the ISA 2006 work as upstream proxy for ISA 2000? Are there any official documentation from microsoft regarding this specific issue?

Thanks in advance.

Regards,

SP1 can not be installed on ISA 2006

Tue, 08 Sep 2009 05:15:30 Z

Dear Admin:

    I installed ISA 2006 to a Windows 2003 server, but when I install SP1 for the ISA 2006, I met a error, the detailed information was attached, can you have some solutions regarding this case, thank you so much, good day.

Event Type: Error
Event Source: LoadPerf
Event Category: None
Event ID: 3009
Date:  9/8/2009
Time:  12:11:59 PM
User:  N/A
Computer: N/A
Description:
Installing the performance counter strings for service w3proxy (w3proxy) failed. The Error code is the first DWORD in Data section.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: f2 03 00 00 b3 11 00 00 ò...3...

Split Routing/Source IP Routing

Tue, 08 Sep 2009 14:28:28 Z

I want to find out if it is possible to do split routing/source IP routing on ISA 2006/Forefront Edge Security server.

Here is my scenario:

1x ISA/Forefront Edge Security server
2x DSL Internet connections
30x Client computers

I need to configure the Edge Security Server in such a way that 10 of the client computers use the second DSL line for all internet traffic and the rest of the clients use the first DSL line.

ISA 2006 Network Load Balancing

Fri, 04 Sep 2009 08:37:24 Z

Dear Technet Members,

I have two ISA 2006 SP1 servers in an array on Win2k3 SP2 servers, and two configuration servers on seperate servers Win2k3 SP2. I have confgirured NLB using ISA console for my internal interface, which works just fine.

One of my ISA server NLB members has weeker hardware compared to the other ISA server. I need to tell NLB that the server which is more powerfull has more connection than the other one.

In advance thank you

TMG Beta 3 installation just stops

Wed, 15 Jul 2009 00:41:05 Z

Hi,
I downloaded both SE and EE versions and got the same result:
the preparation tool ran successfully - all items indicated 'no action taken' (already installed)
then the message "all required prerequisites have been installed" and "Launch TMG Setup" box is checked -- I click "finish" (the only button) and the window closes and the TMG installation does not start. Retried several times with the same result.

Some details:
- This server is not a member of a domain
- Running Windows 2008 64-bit (AMD) on a vm server.
- 2 GB ram
- One NIC

What are we doing wrong?

We appreciate any assistance.
Thanks,
John

Routes that don't correlate with the network adapter - 10.x.x.x (cluster) mixed in with the Internet Adapter (edge network)

Sat, 15 Aug 2009 01:16:59 Z

I keep getting the following alert:

Description: ISA Server detected routes through the network adapter T1 that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 10.255.255.255-10.255.255.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.

I have configured our FIrewall servers as Edge servers.

We have an external addreses range with a public IP, the T1 adapter mentioned above.

I have an internal NIC with 192.168 addresses for the protected network.

I have a 3rd NIC with 10.x.x.x as the Cluster Interconnect.

I've check both the IPConfig, and the T1 adapter doesn't have the 10.x.x.x associated with it:

Ethernet adapter Cluster:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 10.10.42.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter T1:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : x.x.x.246
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : x.x.x.243
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : x.x.x.242
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   IP Address. . . . . . . . . . . . : x.x.x.244
   Subnet Mask . . . . . . . . . . . : 255.255.255.248
   Default Gateway . . . . . . . . . : x.x.x.241

Ethernet adapter Internal LAN:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 192.168.253.251
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

PPP adapter RAS Server (Dial In) Interface:

   Connection-specific DNS Suffix  . :
   IP Address. . . . . . . . . . . . : 172.20.0.128
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . :

and here's the route print:

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10005 ...00 21 91 19 9e d0 ...... D-Link DGE-560T PCI Express Gigabit Ethernet
 Adapter
0x50002 ...00 13 72 fc 06 9d ...... Broadcom NetXtreme Gigabit Ethernet
0xa0003 ...00 13 72 fc 06 9c ...... Broadcom NetXtreme Gigabit Ethernet #2
0xc0004 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   xx.xxx.xxx.241   xx.xxx.xxx.244     10
       10.10.42.0    255.255.255.0       10.10.42.2       10.10.42.2     10
       10.10.42.2  255.255.255.255        127.0.0.1        127.0.0.1     10
   10.255.255.255  255.255.255.255       10.10.42.2       10.10.42.2     10
   xx.xxx.xxx.240  255.255.255.248   xx.xxx.xxx.244   xx.xxx.xxx.244     10
   xx.xxx.xxx.242  255.255.255.255        127.0.0.1        127.0.0.1     10
   xx.xxx.xxx.243  255.255.255.255        127.0.0.1        127.0.0.1     10
   xx.xxx.xxx.244  255.255.255.255        127.0.0.1        127.0.0.1     10
   xx.xxx.xxx.246  255.255.255.255        127.0.0.1        127.0.0.1     10
   68.255.255.255  255.255.255.255   xx.xxx.xxx.244   xx.xxx.xxx.244     10
     72.19.61.220  255.255.255.255   xx.xxx.xxx.241   xx.xxx.xxx.244     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
       172.20.0.0  255.255.255.128       10.10.42.1       10.10.42.2      1
     172.20.0.128  255.255.255.255        127.0.0.1        127.0.0.1     50
     172.20.0.130  255.255.255.255     172.20.0.128     172.20.0.128      1
      192.168.0.0      255.255.0.0  192.168.253.251  192.168.253.251     10
  192.168.253.251  255.255.255.255        127.0.0.1        127.0.0.1     10
  192.168.253.255  255.255.255.255  192.168.253.251  192.168.253.251     10
        224.0.0.0        240.0.0.0       10.10.42.2       10.10.42.2     10
        224.0.0.0        240.0.0.0   xx.xxx.xxx.244   xx.xxx.xxx.244     10
        224.0.0.0        240.0.0.0  192.168.253.251  192.168.253.251     10
  255.255.255.255  255.255.255.255       10.10.42.2       10.10.42.2      1
  255.255.255.255  255.255.255.255   xx.xxx.xxx.244   xx.xxx.xxx.244      1
  255.255.255.255  255.255.255.255  192.168.253.251  192.168.253.251      1
Default Gateway:    xx.xxx.xxx.241
===========================================================================
Persistent Routes:
  None

I've checked the Enterprise and the Array configuration, but I don't see anything setup wrong there (or the overlapping of the 10.x addresses with the array).

I have a DNS record that makes server-fwall-1b and server-fwall-2b 'point' to the 10.10.42.1 and 10.10.42.2 IP addresses, which are the cluster interconnect static IP's.

Any ideas? I think this is preventing NLB from functioning correctly.

Thanks!

== John ==

Colocating ISA 2006 and WSUS on the same server

Thu, 27 Aug 2009 15:26:13 Z

I will like to know f it possible to isa 2006 in a single nic mode and also runs wsus service on it at the same time.

The client only have one server to use as against my initial advise on spliting th service onto two different hardware.

if the co-location is supported by Microsot best pratices, I will appreciate links that confirms and explain the configuration involve.

Thanks in advance

Toyin

TMG Beta3 installation

Fri, 14 Aug 2009 17:30:29 Z

I am installing TMS Beta3 on a new windows 2008 std server 64 bit with two nics not a member of a domain yet it will be, I also UAC is disenabled . I tried installing but it stops after notified me of items that need to be preinstalled it istructs me to click on Finish to install. It stops.

I did. I followed the instructions but it stopped when I clicked FINISH. I am very frustrated. I get no errors.

"Failed to run ADAM setup Error : 0x80074e46" with Windows 2003 SP2 and ISA 2006 installation

Sun, 16 Mar 2008 05:23:02 Z

Hi,

I have encountered the error message

"Failed to run ADAM setup Error : 0x80074e46"

Here are the excerpt that i have obtained from ISA installation log :

12:50:50 ISA setup CA INFO   : Running command line: C:\WINDOWS\ADAM\adaminstall.exe /answer:"C:\Program Files\Microsoft ISA Server\ADAM\\AdamAnsFile.ini"
12:51:10 ISA setup CA ERROR : Installation of the ISA instance (ADAM) failed. hr: 0x80074e46
12:51:10 ISA setup CA INFO   : ADAM source log file: C:\WINDOWS\DEBUG\adamsetup.log, destination file: C:\WINDOWS\TEMP\ISAADAM_INSTALL_813.log
12:51:10 ISA setup CA ERROR : Failed to run ADAM setup. Error: 0x80074e46
12:51:10 ISA setup CA ERROR : ExecuteAdamSetup: Adam_Install(1) failed, hr=0x80074e46
12:51:10 ISA setup CA ERROR : ExecuteAdamSetup failed
12:51:10 ISA setup CA ERROR : DisplayPopup: Setup failed to install ADAM.
(0x80074e46)
12:51:10 ISA setup CA INFO   : UI Level is ok to display a message box
12:53:11 ISA setup CA ERROR : EXIT: InstallADAM, Custom Action failed (0x643)

I have tried to manually install ADAM from Win 2003 R2 Disc 2 setup as well as downloading manually the ADAM SP1 from http://www.microsoft.com/downloads/details.aspx?familyid=9688f8b9-1034-4ef6-a3e5-2a2a57b5c8e4

After i read further from this article below:
http://blogs.technet.com/isablog/archive/2007/03/27/isa-server-and-windows-server-2003-service-pack-2.aspx
it's related to Windows 2003 SP2. Fortunately i have Windows 2003 SP2 installed before installing ISA 2006

Please let me know how to resolve this issue.

Regards,

Hadi Teo.

ISA 2006 Video Stream Splitting

Tue, 11 Aug 2009 15:27:04 Z

Hi,

Does ISA 2006 have the capability of "splitting" a streaming video amound clients? Currently we have ISA 2006 Standard Edition with SP1 installed. We would like to stream a live video of a meeting to approximately 30 clients without destroying our network by using up all of the bandwidth. I was hoping to have one feed from the video source to the proxy and then multiple feeds from the proxy to the clients. I have read that ISA 2000 contained some software that did something similar to this but that was removed in the release of 2004. I have not found whether or not 2006 has this capability. If this is not a possiblity, do you have any recommendations for products that can handle this request?

Can ISA 2006 Standard SP1 work under Svr 2008 Domain Functional Level ?

Thu, 06 Aug 2009 06:50:32 Z

Can a legend out there please tell me if ISA 2006 standard with SP1 will function under the Windows Server 2008 Domain Functional Level ? Any reference I have seen says it must be 2003, e.g http://technet.microsoft.com/en-au/library/bb794821.aspx. I am wondering if this is just old info or is still relevant ?

Any lead to an official confirmation of this would be greatly appreciated.

Thanks,

Tony.