locked
Isa 2006 FW client strange issue with internal web sites

    คำถาม

  • Hi, i got an isa 2006 ent with 2 nic, internal 10.x and external with public IP.
    All the clients have the Firewall client installed.
    I've a DMZ (192.x) but is not directly connected to the ISA machine; the firewall client is configured, with LAT file, to bypass ISA for that range.
    All the clients are 99% the same (ghost image, wsus forced update, GPO configuration).


    I got a very strange issue with that....

    On some machines all works fine.
    On other random machines, i'm not able to browse internal (10.x site) and dmz (192.x) due to time out.

    On those machines, if i disable the firewall client service or if i manually configure Internet Explorer (and or Firefox) to use a proxy and putting the exclusion for those sites, all works.

    Unistalling and reinstalling the firewall clients on those bizarre machines didn't fix the problem.

    Any suggestion/idea ?
    Thanks in advance.
    • เปลี่ยนแปลงประเภท Pablo Moyo 19 พฤศจิกายน 2552 19:31 still in trouble
    23 กรกฎาคม 2552 13:38

ตอบทั้งหมด

  • Does this happen on non-ghosted installations?
    If not, the ghosting process is breaking Winsock.
    Do this:
    1. uninstall the FWC
    2. from an elevated cmd window, type netsh winsock reset <enter>
    3. reinstall the FWC

    If this doesn't work and non-ghosted installations woirk, it may be time to engage the ghost product vendor.


    Jim Harrison Forefront Edge CS
    23 กรกฎาคม 2552 15:20
  • Nothin changed doing

    1. uninstall the FWC
    2. from an elevated cmd window, type netsh winsock reset <enter>
    3. reinstall the FWC


    and the affected pc still having very very slow connection and/or timeouts.
    The new ghosted machine and/or the manually installed from scratch seems ok and i'm the one who made the ghost image/installation so i'm pretty sure that's nothing wired about it

    Strart having the suspicion that machines with problem are the ols ones where Symantec NAV 10 was installed and then removed due to the change of the corporate antivirus.

    Any suggestion on what i can do more strong then the netsh winsok reset but less invasive and time consuming then reinstalling the os ?

    Thanks in advance

     
    28 กรกฎาคม 2552 9:06
  • Good morning Pablo,
        More than likely your issue stems from ISA Firewall Clients' capability to configure your browser's proxy settings.  In this scenario I am assuming you have some form of inconsistency with the configuration of your workstations pertaining to their proxy server.
        One important thing to note about ISA server is that it will not allow you to publish a site on the same interface it is housed off of.  Because of this the proxy settings for yoru clients must be configured so that it bypasses the proxy server for any internal websites (i.e. *.yourdomain.com; ip.ip.*.*; etc.)  Try turning off ISA's ability to configure proxy settings or configuring all clients through group policy (this should be done at the site level in most networks)

    HTH,
    Michael
    A+, Network+, MCSE (2000 \ 2003), MCTS, CISSP LinkedIn
    31 กรกฎาคม 2552 12:00
  • You've generally disproved a bad FWC installation as the problem.
    If you suspect a bad Symantec AV removal, you should contact them to get help making sure it's removed.


    Jim Harrison Forefront Edge CS
    7 สิงหาคม 2552 0:41
  • Ok, i've finally got the time to resolve this issue.

    The problem was a bad FWC installation, the resolution was not so easy.

    The

    1. uninstall the FWC
    2. from an elevated cmd window, type netsh winsock reset <enter>
    3. reinstall the FWC


    didn't worked on point 2, so i've to done it manually.

    I've followed this http://support.microsoft.com/kb/811259 

    I've removed the FWC.
    I've manually deleted from registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock and     HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2
    Reebooted
    I've reinstalled the TCP/IP like the document said
    Reebooted
    I've reinstalled FWC.
    17 พฤศจิกายน 2552 16:57
  • bha...was too good to be true.

    After the clean-up and reinstallation of the Firewall client, all seems good.
    Even if i reboot the pc few times all seems perfect.
    But the day after the problems are coming back.

    I'm reposting my configuration/setup

    Isa 2006 ent with 2 nic, internal 10.x and external with public IP.
    All the clients have the Firewall client installed.
    I've a DMZ (192.x) but is not directly connected to the ISA machine; the firewall client is configured, with LAT file, to bypass ISA for that range.

    The internet explorer is not configured to use a proxy, nor to be automatic configured by the FWC.

    With internet sites, all is going good.
    With some iternal sites, too.

    With some others internal site, i've a very, very, slow response.

    Some are in the 10.X network (the same as my clients), some in the 192.x network.

    Strange thing is that if i use https instead of http the response is very fast (like should do).

    If i remove the firewall client and resetting winsock, all works good.
    If i reinstall the client all works good for some hours.
    The day after, they are so damn slow.


    Edited few hours later....

    Some new info about my problem.

    There's something related to FQDN name too.
    If i call the intranet site with http://www.contoso.com, is slow. (again, only in http and not in https)
    If i call with him machine name http://intranetserver is fast.

    19 พฤศจิกายน 2552 11:09