Announcement

Collapse
No announcement yet.

Unable to add ISA server to existing array

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to add ISA server to existing array

    Guys i have been trying to add a secondary ISA server to an existing array but unfortunately i keep getting an error which i have attached below.
    "An attempt to use windows authentication to authenticate the request sent to the configuration storage server computer failed. Refer to getting started guide for help on setting up windows authentication."

    I have 2 nic on my existing primary ISA SERVER which is also hosting the CSS. I have admin rights on CSS array as well as Enterprise server. Two NIC are named as DMZ which is having default gateway with no DNS entry specified and the other INTERNAL with no default gateway but dns entry specified. We will be using this server to publish Websites which are partly hosted on dmz segment and on internal.
    Please let me know where the problem could be and why i am not able to add this secondary server.
    Thank you.
    Attached Files

  • #2
    Re: Unable to add ISA server to existing array

    please review:
    http://support.microsoft.com/kb/921173

    Also check your firewall logs an post back
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Unable to add ISA server to existing array

      Well i have already read that article and enabled RPC filter also that article applies for ISA 2004 and we are using ISA 2006.
      I am unable to retrieve any kind of logs while adding the server to the array.

      Comment


      • #4
        Re: Unable to add ISA server to existing array

        ERrr you can start the monitoring on the current ISA server itself?
        Also I didn't know you are using ISA 2006.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Unable to add ISA server to existing array

          Hi,

          I just came across an article listed in ISA 2006 Enterprise installation guide.
          "Now that you have created an array, you can install ISA Server computers into the array. Perform these steps on the computer you have designated to be the array member. Perform the installation with the same user account that you were logged on to when you performed the installation of the Configuration Storage server."

          Point to be highlighted here is "Perform the installation with the same user account that you were logged on to when you performed the installation of the Configuration Storage server". The CSS was installed by x user and i am trying to add ISA server using Y as X user is on leave. Please note user Y is a domain admin and also Y is listed as Enterprise array admin.
          Do i need X user credentials to carry out this task??
          Also please check the logs attached as per your request.

          ----------------------------------------------------
          MS Firewall Storage Initiated Connection [System] Allow access from trusted servers to the local Configuration Storage server 0x0 ERROR_SUCCESS
          --------------------------------------------------------
          MS Firewall Storage Closed Connection [System] Allow access from trusted servers to the local Configuration Storage server 0x80074e20 FWX_E_GRACEFUL_SHUTDOWN-------------------------------------------------------------------------------

          Comment


          • #6
            Re: Unable to add ISA server to existing array

            i guess i need to use the same account that was used for installing CSS. This has been confirmed by Tom Shinder from ISASERVER.ORG. Let me try that option first and then try the others suggested by you.

            Comment


            • #7
              Re: Unable to add ISA server to existing array

              Actually after contacting user X, he suggested to do a repair install of ISA enterprise or simply uninstall ISA completely and then reinstall it back. User X was not keen in resetting his password so i had to uninstall ISA as repair didnt work. After uninstalling ISA it would not install again and would give an error "Setup failed while trying to repair the data in ISA server storage" After doing some research on the net i disjoint the computer from the domain and then carried out ISA installation which went smooth, joined the computer back to the domain and everythg seemed to be normal except for the fact that i was still not able to join secondary server to this array.
              I dont understand why the server would not allow me to complete ISA installation when its joined to the domain. It seems the installation completes only when its in workgroup.

              Comment


              • #8
                Re: Unable to add ISA server to existing array

                Although Tom has confirmed it, it sounds weird to me.
                What if the user is leaving? Then you're never be able to add a additional array member.

                I haven't seen this issue before though what permissions do you have within ISA?

                edit: I just noticed you should have full access and the CSS isn't on a DC.
                Are their any serviceaccounts in place?

                Are their anything in the eventlogs or something?
                Last edited by Dumber; 3rd December 2008, 13:49.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Unable to add ISA server to existing array

                  Actually none of the logs observed in the eventlog seem to be relevant to the error. Yes i am trying to install ISA ENT using domain admin account.
                  There was one service ISASTCTRL i guess which was running under networkservice account, but i dont think this might be causing any issue.

                  Comment


                  • #10
                    Re: Unable to add ISA server to existing array

                    Hey dumber check this out.
                    ---------------------------------------------------------------------------------
                    Registering Intra-Array Adapter Service Principle Names
                    In a domain configuration where multiple ISA Server computers are connected through more than one network adapter, and Network Load Balancing (NLB) is configured, a request from an array member to a Configuration Storage server from a network adapter dedicated to intra-array communications may fail because Kerberos authentication does not recognize the network adapter name. As a workaround, register the intra-array adapter name in the Kerberos database using the Setspn.exe tool.
                    --------------------------------------------------------------------------------------------------
                    Do i have to do this and if yes on which computer do i execute the setspn.exe command. Also as of now we have not enabled NLB but will do it once i add the second server to the array.
                    I feel this might be one of the reasons as to why i am not able to add server to the array. Can you please confirm

                    Comment


                    • #11
                      Re: Unable to add ISA server to existing array

                      Can you post the source of it?
                      It might be handy to review the whole article and we don't allow to post text from other websites without referring to it.
                      Marcel
                      Technical Consultant
                      Netherlands
                      http://www.phetios.com
                      http://blog.nessus.nl

                      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                      "No matter how secure, there is always the human factor."

                      "Enjoy life today, tomorrow may never come."
                      "If you're going through hell, keep going. ~Winston Churchill"

                      Comment


                      • #12
                        Re: Unable to add ISA server to existing array

                        I read it from the following document.

                        http://download.microsoft.com/downlo...tion_Guide.doc

                        Comment


                        • #13
                          Re: Unable to add ISA server to existing array

                          Guys has anyone managed to join ISA server to an existing array. I feel there is some bug with Windows Enterprise 2003 R2 and ISA ENT 2006.

                          Comment


                          • #14
                            Re: Unable to add ISA server to existing array

                            I need to try it in my lab however I haven't the time for it yet.
                            Probably I have some time between Christmas and new year.
                            This because I'm currently rebuilding my home lab environment.

                            If you can give us as much details as possible then I can check it out.
                            For me it sounds ridiculous that you can't add another ISA server with an other account then the account who has installed the first ISA server.
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment


                            • #15
                              Re: Unable to add ISA server to existing array

                              Anyways you can try it in your lab too but just for your info we thought of installing css and isa services the other way round by making the second server primary and vice versa.
                              The wierd part is that the installation fails on the second server as well. After selecting css services and ISA service during installation we get the same error " Unable to create server storage space" but the installation works fine when the server is in workgroup.
                              We have spent quite a lot of time trying to solve this issue. We might raise a call with microsoft.

                              Comment

                              Working...
                              X