Re: DHCP Problem



Yes, I do have custom rules and they were above the sbs protected networks
access rule.
Most importantly after moving the custom rules DHCP started working again

Thank a lot
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!:)

This has been driving me crazy since last Tuesday.

Ya done good!!!




"Merv Porter [SBS-MVP]" wrote:


+ I wonder if ISA 2004 SP3 needs to be reapplied. It may not installed
correctly.

Microsoft® Internet Security and Acceleration (ISA) Server 2004 Standard
Edition Service Pack 3
http://www.microsoft.com/downloads/details.aspx?FamilyId=A05A074A-5033-4792-AF8B-58B90D841436&displaylang=en

+ An ISA repair might be order.
+ Any custom Access Rules created? (see link below)

Why DHCP Stops Working After You Add a Custom Access Rule
http://64.233.167.104/search?q=cache:CqLad4pH8VcJ:securesmb.blogspot.com/2007/10/why-dhcp-stops-working-after-you-add.html+why-dhcp-stops-working-after-you-add.html&hl=en&ct=clnk&cd=1&gl=us

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BE28BF5D-5AA0-4AAD-8BA0-9A7231159C49@xxxxxxxxxxxxxxxx
Yes and its shows it to be at SP-3

Hey that last article you sent me to try a repair of the ISA server
installiation before uninstalling SP-3. That sounds like a good idea to
me.
What do you think?
I'm concerned that I do not have an item "ISA Server SP3" in add/remove
programs. If I do a repair I would have to do it for ISA server.?


"Merv Porter [SBS-MVP]" wrote:

A long shot, but have you tried the SBS Best Practices Analyzer:

Microsoft Windows Small Business Server 2003 Best Practices Analyzer
http://www.microsoft.com/downloads/details.aspx?FamilyId=3874527A-DE19-49BB-800F-352F3B6F2922&displaylang=en

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2B7B13F9-A63D-4877-BBA1-595B9B64C3A6@xxxxxxxxxxxxxxxx
???
About on the help menu is
Version: 4.0.2167.887 (SP3)

Add/Remove Programs doesn't show a item for SP3 and ISA shows the
version
at
Version: 4.0.2163 (SP1) ???
?????????




"Merv Porter [SBS-MVP]" wrote:

What SP level is ISA 2004 at (SP1,SP2, SP3)?

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8FDAB036-0B05-4D79-B430-83BC48D56158@xxxxxxxxxxxxxxxx
I've already attempted moving the rule up, but just tried again and
made
it
the first rule. Tried renewing the ip address on one of our pcs and
watched
the ISA logs and all the DHCP requests were denied.

"Merv Porter [SBS-MVP]" wrote:

What happens if you move the DHCP Firewall Policy rule(s), in ISA
2004,
to
the top of the list?

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:626B0C62-9F92-4FF8-AAF1-29D1E9C55EAD@xxxxxxxxxxxxxxxx
The event logs on the server are mostly clean. I get this once in
a
while
(always after running the Romote access wizard)

Unable to contact a DHCP server. The Automatic Private IP Address
169.254.9.0 will be assigned to dial-in clients. Clients may be
unable
to
access resources on the network.


Once in a while I get this but its rare.
DCOM was unable to communicate with the computer COUNTER5 using
any
of
the
configured protocols.


The client computer's logs are a mess due to not being able to
renew
ip
address. It starting to cause a lot of problems and I'm will need
to
start
assigning static addressses soon if I can't get this fixed.


Should the ISA server be rejecting requests from an ip address on
the
subnet
or 0.0.0.0 to 255.255.255.255 on port 67 (DHCP request) ??



"Merv Porter [SBS-MVP]" wrote:

Anything in the Event Logs?

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AE375D74-10B5-413F-8A48-4C9DA3FFC5DE@xxxxxxxxxxxxxxxx
Been there done that. I don't think this applies because our
systems
has
been
operating for over a month without any service packs being
applied.
We
did
install WSUS 3.0 and Sharepoint Services 3.0 during this time
peroid
but
the
system worked fine after the installs.


"Merv Porter [SBS-MVP]" wrote:

Something to check...

SBS SP1 + ISA 2004 = No DHCP
http://msmvps.com/blogs/cgross/archive/2005/06/22/54567.aspx

ISA Management console | expand <servername> | Configuration
|
Network.
Select the Internal network, and edit it to include .255

--
Merv Porter [SBS-MVP]
============================

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5A109C99-9C30-4E05-A34B-666541229222@xxxxxxxxxxxxxxxx
Yes, several times.

11/16/07 I restarted the system. We had installed
Blackberry
Enterprise
Server the week before. After the server started 11/16/07
all
of
the
client
computers were directed to the Blackberry MDS site on the
server.
This
is
when I ran CEICW. The log for the CEICW was dated 11/16/07
at
2:09
pm
and
the
Denied Connections started showing up in the ISA logs
seconds
later.
I
have
no idea if this is related to BES or was triggered by
running
CEICW.
Also
I
have reran CEICW several times. Updated the NIC drivers.
Set
EnableRSS
to
0,
DisableTaskOffload to 1 per the article about Common
networking
issues
after
applying windows server 2003 sp2 on SBS in The Official SBS
Blog.

The ISA logs are blocking all DHCP request and Replies from
0.0.0.0
or
255.255.255.255. Sometimes it allows a connection from
172.31.255.XXX
to
the
server 172.31.255.20. This puzzles me because before
11/16/2007
the
log
had
very few entries from or to 0.0.0.0. or 255.255.255.255
relating
to
DHCP.

I had to uninstall ISA a few months ago after doing a Swing
Migration
due
to
the network behaving flakey and things were fine. I ignored
the
advise
from
the Swing Migration guy and reloaded it. It has been
working
fine
for
the
last month or so but I'm thinking I made a mistake and
should
do
away
with
the ISA server altogether?


"Kevin Weilbacher" wrote:

You say the system was running fine until a few days ago.
What
happened
or
changed?

Have you tried rerunning CEICW?

--
Kevin Weilbacher [SBS MVP]
"The days pass by so quickly now, the nights are seldom
long"
*

"Mrc" <Mrc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:73C2D5C1-154C-46A8-93EF-FFC81F2DE65A@xxxxxxxxxxxxxxxx
SBS 2003 R2, ISA 2004
Dhcp server will not assign an IP address to a new
workstation
or
to
a
workstation after an ipconfig /release has been ran.

DHCP logs show that some clients are renewing. The
workstations
that
cannot
renew still function after assigning a static ip
address.

The system had been running fine until a few days ago.

This is what is showing up on the ISA logs.

Denied Connection DELLSRV 11/23/2007 3:19:03 PM
Log type: Firewall service
Status: The policy rules do not allow the user request.
Rule:
Source: Internal ( 172.31.255.72:68)
or
(
0.0.0.0:68)
Destination: Local Host ( 255.255.255.255:67)
Protocol: DHCP (request)



Windows IP Configuration

Host Name . . . . . . . . . . . . : DELLSRV
Primary Dns Suffix . . . . . . . : thompsonshonda.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
.



Relevant Pages

  • RE: VPN, RRAS & DHCP
    ... After researching your logs, I found the Event ID 20169 ... Please try to set RemoteAccess service to depend on the DHCP server ... Reboot the server to see whether the issue still occurs. ... The problem occurred after you install ISA server. ...
    (microsoft.public.windows.server.sbs)
  • Re: CA antivirus software will not update after installining ISA 2004
    ... Expand ServerName, where ServerName is the name of your ISA Server ... and then click Create New Access Rule. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: DHCP Problem
    ... What happens if you move the DHCP Firewall Policy rule, in ISA 2004, to ... Unable to contact a DHCP server. ... Denied Connections started showing up in the ISA logs seconds later. ...
    (microsoft.public.backoffice.smallbiz)
  • Re: DHCP Inside / Outside
    ... Two NICs can be "bridged" in WinXP or Windows 2003. ... RRAS DHCP relay agent (you said you turned RRAS ... Some weird effect of ISA (that I don't understand and ... DHCP is NOT coming from the interior DHCP server ...
    (microsoft.public.win2000.networking)
  • Re: Roger Wilco Audio Configuration
    ... You don't "open ports" on ISA. ... One Access Rule, one Server Publishing Rule. ... RW Audio UDP In - UDP 3782 Receive/Send ...
    (microsoft.public.isa.configuration)