Announcement

Collapse
No announcement yet.

ISA as DNS cash-only server and firewall client not authenticate

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA as DNS cash-only server and firewall client not authenticate

    hello,all


    I have problem with ISA 2004 std ,after I made the isa as cashonly dns server i get the clients can not authenticate by using firewall client
    when they get firewall client desable: can not authenticate
    I dont know if there are some rules must be added in to make my domain integrted with internal DNS or what ?????

    ISA as DNS cash-only server and firewall ,Butclient not authenticate

  • #2
    Messenger not works with ISA 2004

    hello,

    messenger "Trade manager "(belongs to alibaba website) not working with ISA server2004 on that client I installed the Firewall clinet but when I click on logon the firewll clinet disable and message "firewall clinet can not authenticate"

    plz,can any one give me how i wll solve this

    Comment


    • #3
      Re: Messenger not works with ISA 2004

      Both threads merged. please do not double post.
      Also I'm not sure where you are talking about. You might rephrase your questions and your current setup.
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: ISA as DNS cash-only server and firewall client not authenticate

        I am sorry for my qustion may it was not clear

        here I will write my quistion:

        my ISA clinets sometime the firewall clints works and sometimes not
        the messege comes with red x and "disable: firewall clients can not authenticate"

        I donot know what cause this problem??

        but I had do some changes of ISA server ,I installed DNS on my ISA server and I had changed this server to be cash only server!!!

        and messenger for yahoo not works only this messenger???

        I hope now my proble is clear and I hope to get solution for this problem??

        Comment


        • #5
          Re: ISA as DNS cash-only server and firewall client not authenticate

          Why have you installed DNS on the ISA server itself?
          Is your ISA server configured as a firewall or as a web proxy?
          Have you configured automatic discovery for ISA?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: ISA as DNS cash-only server and firewall client not authenticate

            thank you Dumber for you replay

            I had instlled cashonly dns on isa after i get problem with isa (the internet is very slow)
            so,somone told me to install dns cash only to make it faster but the authentication for client on firewall clinent stoped and gave me "disable message can not authenticate"
            autodicover not configured but i think it will not solve my problem because the isa is standalone server and cach-only server. i dont have any web server i have only simple network without nay internal web server or exchange server.
            i need the internet to be fast like there is no isa but i need isa for security and applaing policy for download and firewall capability.

            Comment


            • #7
              Re: ISA as DNS cash-only server and firewall client not authenticate

              Well I think you have other issues you should look at.
              You are thinking in the wrong way. DNS is pretty fast and I'm sure that this won't help.

              Can you tell us a bit more about your network environment?
              Maybe creating a simple drawing might help?
              What do you have on the internal side?
              Can you post an IP config (rule out any external addresses) etcetc
              Marcel
              Technical Consultant
              Netherlands
              http://www.phetios.com
              http://blog.nessus.nl

              MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
              "No matter how secure, there is always the human factor."

              "Enjoy life today, tomorrow may never come."
              "If you're going through hell, keep going. ~Winston Churchill"

              Comment


              • #8
                Re: ISA as DNS cash-only server and firewall client not authenticate

                ok
                my network consistes of 2 servers
                server1 domain controller + dns+dhcp
                server2:database server (oracle and SQL server)+file server

                ADSL modem with internal IP 10.0.0.30

                Isa server 2004 std SP3 with 2 NIC internal 192.168.0.6 and external 10.0.0.40
                I had make the order for internal NIC befor External
                configured the rule for dns internal allow-->DNS-->internla to server1-->all users
                Rules:
                and configured the rule for all not application users set (the application users not have internet but the "not application user set "have internet access) to access HTTP HTTPS and FTP with upload FTP

                the firewall clients configured on clients but also SecureNAT configured by destribute the Default gate way for intenal NIC for ISA2004
                also proxy client is running on clients.

                the DNS make forward to OPENDNS ip 208.67.222.222 & 208.67.220.220
                which also configured on the ADSL modem instead of our ISP .


                this is all my configuration but i get alot of problems:
                1)internet is slow
                2)messenger yahoo and other messengers not working
                3)some websites not running like http: // www dot 4share dot com
                4)the logging contains alot of deny like netbios service
                5)port 443 for messenger of alibaba not running and gave me the following log :
                port 443 protocol ssl-tunnel rule allow from internal to external URL :ims.us.alitalk.alibaba.com:443

                after this configuration and all of this problem i get solution from one person he told me to configure the cash-only server on the ISA but this not solve my problem some litle bit about speed it increase but not as desired.

                i am watting for any solution??
                Last edited by biggles77; 6th April 2009, 08:50. Reason: removed live link

                Comment

                Working...
                X