From: johan on
Dear Jenny,

Thank you for your help. I have verified all the below settings and
done the things you recommended. Unfortunately it didn't help. I have
also restarted the DHCP service and re-authorized it.
Anymore suggestions?

Best regards

Johan

"Jenny wu [MSFT]" skrev:

> Hi Johan,
>
> Thanks for your update. I am glad to know that things are getting fine now.
>
> I. For current situation, let us check the following settings to trouble
> shoot the DHCP issue
>
> 1. Please verify the rules settings are correct on ISA 2004:
>
> a. Please open the ISA2004 Management Console, in the left panel, expand to
> Configuration->Networks. Under "Networks panel", double click "Internal".
> Switch to "Web Proxy" panel, click "Authentication" and then uncheck the
> "Require all users to authenticate" option.
>
> b. Navigate to Firewall Policy, can you find the rule "SBS Protected
> Network Access rule" listed in the right panel? Please ensure the SBS
> Protected Network Access rule applies to "ALL USERS".
>
> c. Please also ensure the SBS Protected Network Access rule at the bottom
> of the firewall policy rules. However the rule "SBS internet access rule"
> and the "SBS Microsoft update sites access rule" should locate lower place
> than the SBS Protected Network Access rule.
>
> d. After verify above settings, please click Apply button to take effect
> the change.
>
> 2. Then please logon client computers and update the TCP/IP settings as
> follows:
>
> Open a command prompt, type the following commands:
>
> IPCONFIG /RELEASE
>
> IPCONFIG /RENEW
>
> What is the result? Can client computers get IP address from DHCP server?
>
> II. If the issue persists, let us try the following tests:
>
> 1. Please stop the ISA services.
>
> 2. Then please clean the ISA cache. To do so:
>
> A. Stop the Web Proxy service.
> B. Locate the Urlcache folder.
> C. From the multiple files in this folder, locate the *.cdat file in this
> folder.
> D. Delete the *.cdat file.
> E. Start the Web Proxy service.
>
> 3. Then please logon client computers and update the TCP/IP settings to
> check if the issue resolved.
>
> Hope above information helps.
>
> Have a nice day!
>
> Sincerely,
>
> Jenny Wu
> Microsoft CSS Online Newsgroup Support
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> --------------------
> >From: johan(a)georgson.com
> >Newsgroups: microsoft.public.windows.server.sbs
> >Subject: Re: Multiple errors
> >Date: 8 Aug 2006 00:31:59 -0700
> >Organization: http://groups.google.com
> >Lines: 255
> >Message-ID: <1155022319.562580.228050(a)h48g2000cwc.googlegroups.com>
> >References: <1154968314.008773.88230(a)p79g2000cwp.googlegroups.com>
> > <eFYhNdkuGHA.5056(a)TK2MSFTNGP06.phx.gbl>
> >NNTP-Posting-Host: 62.119.128.137
> >Mime-Version: 1.0
> >Content-Type: text/plain; charset="iso-8859-1"
> >X-Trace: posting.google.com 1155022325 5332 127.0.0.1 (8 Aug 2006 07:32:05
> GMT)
> >X-Complaints-To: groups-abuse(a)google.com
> >NNTP-Posting-Date: Tue, 8 Aug 2006 07:32:05 +0000 (UTC)
> >In-Reply-To: <eFYhNdkuGHA.5056(a)TK2MSFTNGP06.phx.gbl>
> >User-Agent: G2/0.2
> >X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
> .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
> >X-HTTP-Via: 1.1 AGNES
> >Complaints-To: groups-abuse(a)google.com
> >Injection-Info: h48g2000cwc.googlegroups.com; posting-host=62.119.128.137;
> > posting-account=vYzdLwwAAAC9LEvnWXzut7wKIIRigtdT
> >Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00
> .sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.
> giganews.com!nntp.giganews.com!postnews.google.com!h48g2000cwc.googlegroups.
> com!not-for-mail
> >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:287869
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Thank you Adrian,
> >
> >I managed to solve most of the problems with the links you supplied. It
> >turned out to be one of the newly created ISA firewall rules for
> >Exchange RPC that was not done right.
> >
> >Everything is working now except the DHCP server. I'm able to connect
> >to DCHP server through the DHCP snap-in, but no clients nor RRAS is
> >able to get an IP address. If I put the clients on static IP addresses
> >everything works like normal. I have reinstalled the DHCP server
> >service and recreated the scope. I have also triple checked the ISA
> >server, but I can't find any firewall rules that shouldn't be there.
> >
> >The server has two NICs and 192.168.0.3 is the IP address of the
> >internal network card. I'm able to ping the server from the
> >workstations both when using the IP address and also when using it's
> >name.
> >
> >Any ideas what to try now?
> >
> >Thanks in advance
> >
> >Johan
> >
> >Adrian Grigorof skrev:
> >
> >> How many network cards do you have on this server? Is 192.168.0.3 its
> >> current IP address? If you ping ADMINSERVER.astrand.local - does it work?
> >>
> >> See also the comments for these events here:
> >>
From: johan on
Hi again,

I found out, don't ask me how, that if you restart the RRAS service at
the same time as you run the CEICW it will get IP addresses from the
DHCP server. If you restart the RRAS service at any other time, it wont
get any addresses. Does that make any sense to anyone? I'm just getting
more confused.

Johan

johan(a)georgson.com skrev:

> Dear Jenny,
>
> Thank you for your help. I have verified all the below settings and
> done the things you recommended. Unfortunately it didn't help. I have
> also restarted the DHCP service and re-authorized it.
> Anymore suggestions?
>
> Best regards
>
> Johan
>
> "Jenny wu [MSFT]" skrev:
>
> > Hi Johan,
> >
> > Thanks for your update. I am glad to know that things are getting fine now.
> >
> > I. For current situation, let us check the following settings to trouble
> > shoot the DHCP issue
> >
> > 1. Please verify the rules settings are correct on ISA 2004:
> >
> > a. Please open the ISA2004 Management Console, in the left panel, expand to
> > Configuration->Networks. Under "Networks panel", double click "Internal".
> > Switch to "Web Proxy" panel, click "Authentication" and then uncheck the
> > "Require all users to authenticate" option.
> >
> > b. Navigate to Firewall Policy, can you find the rule "SBS Protected
> > Network Access rule" listed in the right panel? Please ensure the SBS
> > Protected Network Access rule applies to "ALL USERS".
> >
> > c. Please also ensure the SBS Protected Network Access rule at the bottom
> > of the firewall policy rules. However the rule "SBS internet access rule"
> > and the "SBS Microsoft update sites access rule" should locate lower place
> > than the SBS Protected Network Access rule.
> >
> > d. After verify above settings, please click Apply button to take effect
> > the change.
> >
> > 2. Then please logon client computers and update the TCP/IP settings as
> > follows:
> >
> > Open a command prompt, type the following commands:
> >
> > IPCONFIG /RELEASE
> >
> > IPCONFIG /RENEW
> >
> > What is the result? Can client computers get IP address from DHCP server?
> >
> > II. If the issue persists, let us try the following tests:
> >
> > 1. Please stop the ISA services.
> >
> > 2. Then please clean the ISA cache. To do so:
> >
> > A. Stop the Web Proxy service.
> > B. Locate the Urlcache folder.
> > C. From the multiple files in this folder, locate the *.cdat file in this
> > folder.
> > D. Delete the *.cdat file.
> > E. Start the Web Proxy service.
> >
> > 3. Then please logon client computers and update the TCP/IP settings to
> > check if the issue resolved.
> >
> > Hope above information helps.
> >
> > Have a nice day!
> >
> > Sincerely,
> >
> > Jenny Wu
> > Microsoft CSS Online Newsgroup Support
> > Get Secure! - www.microsoft.com/security
> > ======================================================
> > This newsgroup only focuses on SBS technical issues. If you have issues
> > regarding other Microsoft products, you'd better post in the corresponding
> > newsgroups so that they can be resolved in an efficient and timely manner.
> > You can locate the newsgroup here:
> > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> >
> > When opening a new thread via the web interface, we recommend you check the
> > "Notify me of replies" box to receive e-mail notifications when there are
> > any updates in your thread. When responding to posts via your newsreader,
> > please "Reply to Group" so that others may learn and benefit from your
> > issue.
> >
> > Microsoft engineers can only focus on one issue per thread. Although we
> > provide other information for your reference, we recommend you post
> > different incidents in different threads to keep the thread clean. In doing
> > so, it will ensure your issues are resolved in a timely manner.
> >
> > For urgent issues, you may want to contact Microsoft CSS directly. Please
> > check http://support.microsoft.com for regional support phone numbers.
> >
> > Any input or comments in this thread are highly appreciated.
> > ======================================================
> > This posting is provided "AS IS" with no warranties, and confers no rights.
> >
> > --------------------
> > >From: johan(a)georgson.com
> > >Newsgroups: microsoft.public.windows.server.sbs
> > >Subject: Re: Multiple errors
> > >Date: 8 Aug 2006 00:31:59 -0700
> > >Organization: http://groups.google.com
> > >Lines: 255
> > >Message-ID: <1155022319.562580.228050(a)h48g2000cwc.googlegroups.com>
> > >References: <1154968314.008773.88230(a)p79g2000cwp.googlegroups.com>
> > > <eFYhNdkuGHA.5056(a)TK2MSFTNGP06.phx.gbl>
> > >NNTP-Posting-Host: 62.119.128.137
> > >Mime-Version: 1.0
> > >Content-Type: text/plain; charset="iso-8859-1"
> > >X-Trace: posting.google.com 1155022325 5332 127.0.0.1 (8 Aug 2006 07:32:05
> > GMT)
> > >X-Complaints-To: groups-abuse(a)google.com
> > >NNTP-Posting-Date: Tue, 8 Aug 2006 07:32:05 +0000 (UTC)
> > >In-Reply-To: <eFYhNdkuGHA.5056(a)TK2MSFTNGP06.phx.gbl>
> > >User-Agent: G2/0.2
> > >X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
> > .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
> > >X-HTTP-Via: 1.1 AGNES
> > >Complaints-To: groups-abuse(a)google.com
> > >Injection-Info: h48g2000cwc.googlegroups.com; posting-host=62.119.128.137;
> > > posting-account=vYzdLwwAAAC9LEvnWXzut7wKIIRigtdT
> > >Path:
> > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!newsfeed00
> > .sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca.
> > giganews.com!nntp.giganews.com!postnews.google.com!h48g2000cwc.googlegroups.
> > com!not-for-mail
> > >Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:287869
> > >X-Tomcat-NG: microsoft.public.windows.server.sbs
> > >
> > >Thank you Adrian,
> > >
> > >I managed to solve most of the problems with the links you supplied. It
> > >turned out to be one of the newly created ISA firewall rules for
> > >Exchange RPC that was not done right.
> > >
> > >Everything is working now except the DHCP server. I'm able to connect
> > >to DCHP server through the DHCP snap-in, but no clients nor RRAS is
> > >able to get an IP address. If I put the clients on static IP addresses
> > >everything works like normal. I have reinstalled the DHCP server
> > >service and recreated the scope. I have also triple che
From: "Jenny wu [MSFT]" on
Hi Johan,

Thanks for your update. I appreciate your time and efforts the issue.

Let us perform the following test to trouble shoot the issue:

Please run command "net stop fweng" to stop all ISA services on the server
box, and then go to client computers to check if the computer can get IP
address from the DHCP server.

I. If the issue disappears, that indicates that it is some firewall rule
that block the DHCP traffic. Please collect the ISAinfo of the ISA 2004 for
me to analyze.

II. If the issue persists, that indicates that it is DHCP server issue.
Please help me collect the DHCP log for analyze. The DHCP audit logs are
located by default at %windir%\System32\Dhcp. Please mail me all logs under
the DHCP folder.

More info:
Analyzing server log files
http://technet2.microsoft.com/WindowsServer/en/Library/2a535b4d-1771-485b-8b
fa-459d35d563fb1033.mspx

The steps to gather the ISA info and ISA logs:

- To collect the ISA info:

1) Download the file from the following URL:

http://www.isatools.org/isainfo/ISAInfo.zip

2) Extract all files to a folder on ISA server.
3) Double click Isainfo.js. This will generate 2 files
ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
current folder.
4) Please send these files to me at v-yanniw(a)microsoft.com

- To collect the ISA logs:

1) Schedule a down time.

2) Open ISA 2004 management console.

3) Expand the server node and highlight 'Monitoring'.

4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
Pane' is showed there.

5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

6) Switch to the 'Fields' tab, click 'Select All', and then click OK.

7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
Tasks', and then switch the 'log storage format' from 'MSDE database'
(default) to 'File'.

8) Switch to the 'Fields' tab, click 'Select All', and then click OK.

9) Click 'Apply' to save changes and update the configuration.

10) Temporarily disable the Firewall service. To do that, please click
Monitoring | Services tab, and then right click 'Microsoft Firewall' to
choose 'Stop'.

11) Clear the current existing W3C logs. To do that, go to the log saving
directory and clean any existing .W3C logs. By default, the logs will be
saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may not
be able to deleted, that's normal.) You may backup them first and then
delete them.

12) Go back to the ISA 2004 management console, and then Start the stopped
'Microsoft Firewall' service.

13) Reproduce the problem, stop the service, and then gather the resulting
W3C files to me for analysis.

14) Please also let me know the IP address of the testing clients so that I
can filter the data.

I am glad to be further assistance to you.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
>From: johan(a)georgson.com
>Newsgroups: microsoft.public.windows.server.sbs
>Subject: Re: Multiple errors
>Date: 8 Aug 2006 12:41:30 -0700
>Organization: http://groups.google.com
>Lines: 408
>Message-ID: <1155066090.516053.24270(a)n13g2000cwa.googlegroups.com>
>References: <1154968314.008773.88230(a)p79g2000cwp.googlegroups.com>
> <1155022319.562580.228050(a)h48g2000cwc.googlegroups.com>
> <iSL77IuuGHA.760(a)TK2MSFTNGXA01.phx.gbl>
> <1155046598.954623.125510(a)75g2000cwc.googlegroups.com>
>NNTP-Posting-Host: 213.64.165.217
>Mime-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>X-Trace: posting.google.com 1155066095 30576 127.0.0.1 (8 Aug 2006
19:41:35 GMT)
>X-Complaints-To: groups-abuse(a)google.com
>NNTP-Posting-Date: Tue, 8 Aug 2006 19:41:35 +0000 (UTC)
>In-Reply-To: <1155046598.954623.125510(a)75g2000cwc.googlegroups.com>
>User-Agent: G2/0.2
>X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
InfoPath.1),gzip(gfe),gzip(gfe)
>Complaints-To: groups-abuse(a)google.com
>Injection-Info: n13g2000cwa.googlegroups.com; posting-host=213.64.165.217;
> posting-account=vYzdLwwAAAC9LEvnWXzut7wKIIRigtdT
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed.c
w.net!cw.net!news-FFM2.ecrc.de!newscon06.news.prodigy.com!prodigy.net!border
1.nntp.dca.giganews.com!nntp.giganews.com!postnews.google.com!n13g2000cwa.go
oglegroups.com!not-for-mail
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:288037
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Hi again,
>
>I found out, don't ask me how, that if you restart the RRAS service at
>the same time as you run the CEICW it will get IP addresses from the
>DHCP server. If you restart the RRAS service at any other time, it wont
>get any addresses. Does that make any sense to anyone? I'm just getting
>more confused.
>
>Johan
>
>johan(a)georgson.com skrev:
>
>> Dear Jenny,
>>
>> Thank you for your help. I have verified all the
From: "Jenny wu [MSFT]" on
Hi Johan and Henrik,

Thanks for your update. I appreciate your time.

I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!

For current situation, let us perform the following tests to see if it
works:

1. Open ISA 2003 server console, Navigate to Firewall Policy -> SBS
Protected Networks access rule, move the "SBS Protected Networks access
rule" to the top order.

2. Then navigate to Firewall Policy->View->Show System Policy Rules,
disable the following two system rules:

1). Allow DHCP requests from ISA Server to all networks

2). Allow DHCP replies from DHCP servers to ISA Server

3. Click Apply button to take effect the change.

Then please test to see if client computers can receive IP address
properly.

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
The customer mail content:
===========================
Hi,

Johan are now not available because of vacation. So I, Henrik, have made the
tests and gathered the logs. When I turned off the firewall the DHCP worked
fine and one of the clients got 192.168.0.117 as IP-address. Hope you got
all information you need.

Best Regards
Henrik Georgon

===========================

--------------------
>X-Tomcat-ID: 183736240
>References: <1154968314.008773.88230(a)p79g2000cwp.googlegroups.com>
<1155066090.516053.24270(a)n13g2000cwa.googlegroups.com>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: v-yanniw(a)online.microsoft.com ("Jenny wu [MSFT]")
>Organization: Microsoft
>Date: Wed, 09 Aug 2006 10:58:45 GMT
>Subject: Re: Multiple errors
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>Message-ID: <MmBPNL6uGHA.5584(a)TK2MSFTNGXA01.phx.gbl>
>Newsgroups: microsoft.public.windows.server.sbs
>Lines: 590
>Path: TK2MSFTNGXA01.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:288219
>NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
>
>Hi Johan,
>
>Thanks for your update. I appreciate your time and efforts the issue.
>
>Let us perform the following test to trouble shoot the issue:
>
>Please run command "net stop fweng" to stop all ISA services on the server
>box, and then go to client computers to check if the computer can get IP
>address from the DHCP server.
>
>I. If the issue disappears, that indicates that it is some firewall rule
>that block the DHCP traffic. Please collect the ISAinfo of the ISA 2004
for
>me to analyze.
>
>II. If the issue persists, that indicates that it is DHCP server issue.
>Please help me collect the DHCP log for analyze. The DHCP audit logs are
>located by default at %windir%\System32\Dhcp. Please mail me all logs
under
>the DHCP folder.
>
>More info:
>Analyzing server log files
>http://technet2.microsoft.com/WindowsServer/en/Library/2a535b4d-1771-485b-8
b
>fa-459d35d563fb1033.mspx
>
>The steps to gather the ISA info and ISA logs:
>
>- To collect the ISA info:
>
>1) Download the file from the following URL:
>
>http://www.isatools.org/isainfo/ISAInfo.zip
>
>2) Extract all files to a folder on ISA server.
>3) Double click Isainfo.js. This will generate 2 files
>ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
>current folder.
>4) Please send these files to me at v-yanniw(a)microsoft.com
>
>- To collect the ISA logs:
>
>1) Schedule a down time.
>
>2) Open ISA 2004 management console.
>
>3) Expand the server node and highlight 'Monitoring'.
>
>4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
>Pane' is showed there.
>
>5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
>Tasks', and then switch the 'log storage format' from 'MSDE database'
>(default) to 'File'.
>
>6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
>
>7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
>Tasks', and then switch the 'log storage format' from 'MSDE database'
>(default) to 'File'.
>
>8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
>
>9) Click 'Apply' to save changes and update the configuration.
>
>10) Temporarily disable the Firewall service. To do that, please click
>Monitoring | Services tab, and then right click 'Microsoft Firewall' to
>choose 'Stop'.
>
>11) Clear the current existing W3C logs. To do that, go to the log saving
>directory and clean any existing .W3C logs. By default, the logs will be
>saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
not
>be able to deleted, that's normal.) You may backup them first and then
>delete them.
>
>12) Go back to the ISA 2004 management console, and then Start the stopped
>'Microsoft Firewall' service.
>
>13) Reproduce the problem, stop the service, and then gather the resulting
>W3C files to me for analysis.
>
>14) Please
From: "Jenny wu [MSFT]" on
Hi Henrik,

Thanks for your update. I am glad to know that things are getting fine now.
I appreciate your time and effort to try my suggestions and get this
resolved.

Basically the ISA server uses the "SBS Protected Networks access rule" to
allocate IP address to the LAN clients. If there is any deny rule or rules
that applied to specific users/groups placed above the "SBS Protected
Networks access rule", the DHCP request may not apply to the correct access
rule. From your ISA info, I find that there are several deny firewall rules
placed above the "SBS Protected Networks access rule", this leads that the
DHCP requests are blocked since they are not applied by correct access
rule.

Now you just need keep the "SBS Protected Networks access rule" at the top
order. And enable those two system rules: Allow DHCP requests from ISA
Server to all networks; Allow DHCP replies from DHCP servers to ISA Server

Please do not hesitate to post in this newsgroup if you need any assistance
in the future! We are glad to help-)!

Have a nice day!

Sincerely,

Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
The customer mail content:
=======================
Hi,

Thank you for your answer.

I did as you told me, and it works! Great! Do we need to change anything
now?

Henrik Georgson

=======================

--------------------
>X-Tomcat-ID: 134305717
>References: <1154968314.008773.88230(a)p79g2000cwp.googlegroups.com>
<1155066090.516053.24270(a)n13g2000cwa.googlegroups.com>
<MmBPNL6uGHA.5584(a)TK2MSFTNGXA01.phx.gbl>
>MIME-Version: 1.0
>Content-Type: text/plain
>Content-Transfer-Encoding: 7bit
>From: v-yanniw(a)online.microsoft.com ("Jenny wu [MSFT]")
>Organization: Microsoft
>Date: Mon, 14 Aug 2006 08:48:41 GMT
>Subject: Re: Multiple errors
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>Message-ID: <GjEb153vGHA.3028(a)TK2MSFTNGXA01.phx.gbl>
>Newsgroups: microsoft.public.windows.server.sbs
>Lines: 396
>Path: TK2MSFTNGXA01.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:289477
>NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
>
>Hi Johan and Henrik,
>
>Thanks for your update. I appreciate your time.
>
>I am sorry for the delayed response due to weekend. Please understand that
>the newsgroups are staffed weekdays by Microsoft Support professionals to
>answer your systems and applications questions. Your understanding is
>greatly appreciated!
>
>For current situation, let us perform the following tests to see if it
>works:
>
>1. Open ISA 2003 server console, Navigate to Firewall Policy -> SBS
>Protected Networks access rule, move the "SBS Protected Networks access
>rule" to the top order.
>
>2. Then navigate to Firewall Policy->View->Show System Policy Rules,
>disable the following two system rules:
>
>1). Allow DHCP requests from ISA Server to all networks
>
>2). Allow DHCP replies from DHCP servers to ISA Server
>
>3. Click Apply button to take effect the change.
>
>Then please test to see if client computers can receive IP address
>properly.
>
>Have a nice day!
>
>Sincerely,
>
>Jenny Wu
>Microsoft CSS Online Newsgroup Support
>Get Secure! - www.microsoft.com/security
>======================================================
>This newsgroup only focuses on SBS technical issues. If you have issues
>regarding other Microsoft products, you'd better post in the corresponding
>newsgroups so that they can be resolved in an efficient and timely manner.
>You can locate the newsgroup here:
>http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
>When opening a new thread via the web interface, we recommend you check
the
>"Notify me of replies" box to receive e-mail notifications when there are
>any updates in your thread. When responding to posts via your newsreader,
>please "Reply to Group" so that others may learn and benefit from your
>issue.
>
>Microsoft engineers can only focus on one issue per thread. Although we
>provide other information for your reference, we recommend you post
>different incidents in different threads to keep the thread clean. In
doing
>so, it will ensure your issues are resolved in a timely manner.
>
>For urgent issues, you may want to contact Microsoft CSS directly. Please
>check http://support.microsoft.com for regional support phone numbers.
>
>Any input or comments in this thread are highly appreciated.
>======================================================
>This posting is provided "AS IS" with no warranties, and confers no rights.
>The customer mail content:
>===========================
>Hi,
>
>Johan are now not available because of vacation. So I, Henrik, have made
the
>tests and gathered the logs. When I turned off the firewall the DHCP worked
>fine and one of the clients got 192.168.0.117 as IP-address. Hope you got
>all information you need.
>
>Best Regards
>Henrik Georgon
>
>===========================
>
>--------------------
>>X-Tomcat-ID: 183736240
>>References: <1154968314.008773.88230(a)p79g20