ISA 2004 upgrade Disaster Please help

Hi i had major issues in the past in running an isa 2000 server on SBS 2003
SP1 and finally i had to remove it to make OWA and VPN Workd and infact never
had any isuues with out isa

i was trying to convinve to myself that once ISA 2004 is in things would
work well.. i must say that it was wrong assumption

i have follwed the following path for the upgrade

Setup had NAT and OWA / VPN Accessing earlier "everything worked well"

later
1. installed ISA 2000/ SP1 / Sp1 / FP2 / and the patch

2. owa never worked with this setup used to get the following erros
"internal server error" etc etc etc

3, Recived the cd from MS after waiting weeks

4. Upgraded to ISA Server 2004 / ran publishihg rule / access policies

5. Current status - VPN works well
owan doesnt work at all i could see owa screen and onc ei enter the
username and password the following error displays


Error Code: 404 Not Found. The requested item could not be located. (12028)

6. Internal users complanints that the netaccess is very slow

Can someone advise

 

You aren't matching the way you enter the system with the name on the
SSL certificate that is being built by the wizard.

What's your DNS pointing to?

 

well i have actually 2 domains point to the firewall device ip address

basically the setup as follows

lan -----nic 1 10.0.10.1 ------- nic2 10.0.20.1 ---------
snapgearfirewall nic 1 10.0.20.254 -------- nic ext 2 ISP Routable
address ------------


welll yuo can see the snapgears box ext noc has got the internet interface
and i do natting to my ext card of isa

dns resolutions works well

have split dns / host file configured on it

have used cciew wizard to setup the certificate seems to be fine


thanks in adv anything you could figure out ?????

Sandeep

 

How about we start with the basics.. post ipconfig /all from the server
and a workstation.

 

Sure we could

------------------------
Server IPCONFIG
-------------------------



Windows IP Configuration



Host Name . . . . . . . . . . . . : wimesvr01

Primary Dns Suffix . . . . . . . : WIME.local

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : Yes

WINS Proxy Enabled. . . . . . . . : Yes

DNS Suffix Search List. . . . . . : WIME.local



Ethernet adapter LAN:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HP NC7781 Gigabit Server Adapter

Physical Address. . . . . . . . . : 00-14-C2-59-3D-0C

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.10.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : 10.0.10.1

Primary WINS Server . . . . . . . : 10.0.10.1



Ethernet adapter WAN:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI For
Complete PC Management NIC (3C905C-TX)

Physical Address. . . . . . . . . : 00-03-99-88-87-79

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.20.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.20.254

DNS Servers . . . . . . . . . . . : 10.0.10.1

Primary WINS Server . . . . . . . : 10.0.10.1

NetBIOS over Tcpip. . . . . . . . : Disabled



PPP adapter RAS Server (Dial In) Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

Physical Address. . . . . . . . . : 00-53-45-00-00-00

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 10.0.10.65

Subnet Mask . . . . . . . . . . . : 255.255.255.255

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled


Client IP Config
-----------------------------




Windows IP Configuration



Host Name . . . . . . . . . . . . : WILPT-SAL-09

Primary Dns Suffix . . . . . . . : WIME.local

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : WIME.local

WIME.local



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : WIME.local

Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection

Physical Address. . . . . . . . . : 00-08-0D-29-0A-C3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.10.38

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.10.1

DHCP Server . . . . . . . . . . . : 10.0.10.1

DNS Servers . . . . . . . . . . . : 10.0.10.1

Primary WINS Server . . . . . . . : 10.0.10.1

Lease Obtained. . . . . . . . . . : 11 February 2006 12:56:13

Lease Expires . . . . . . . . . . : 19 February 2006 12:56:13

==================

Split DNS

have put the FQDN on to the servers host file

--- 10.0.20.1 whihc is the ext interface of the sbs server directly
connected to
our cyberguard 560 firewall --------------- ext interface of the cyberguard
is actually the internet hitting point ------------ have static nat defined
on the cyberguard to foreward

http / https /smtp /ts ports to 10.0.20.1

 

Your two nics are talking to each other

10.0.10.1
with a 255.255.255.0

can talk to
10.0.20.1

You will need to change one of them as they are in the same subnet.
Did you run the connect to internet wizard as I'm surprised that didn't
freak.

Split DNS

have put the FQDN on to the servers host file

And there's no need to mess with "hosts" files.

 

Hello not enough dew.

Strike that post... the subnets break at the third octet.

They aren't talking... okay let 's review that

Netbios on the inside nic is disabled? Enable that.

 

Boy I think I need to go back to bed and start over...you do have
netbios enabled on the inside nic... I'm scrolling down and getting
confused as to which nic I'm looking at.... sorry...

I'm still concerned about that hosts files on your server. Like I said,
that's not needed and may be the cause of slowness.

And when you say "publishing rule" you ran the connect to internet
wizard to set the rules, correct?

 

Hi Susan
thank you so much for your response and effort you have put foreward


last evening i sat down thouhg i hv done this so many time in the past

i ready an article saying that u dnt hv to upgrade isa 2000 to isa 2004 to
make thinsg wrk well with SBS 2003 i think the one you have published
somewhere cant recollect from whihc site



plus i found out that there were so many ceritcates created

Step 1. removed isa 2004
2. removed certifcate services
3. removed all the certifcates
4. appkied sbs sp1
5. installed isa directly
6. ran net connect wiz

ohhhh man it worked...

i guess sbs team shoudl really test tehir product purtucluarly thinsg ISA
got to do

thanks again and have a great day