Jump to content

SUBIECTE NOI
« 1 / 5 »
RSS
Incalzire in pardoseala etapizata

Suprataxa card energie?!

Cum era nivelul de trai cam din a...

probleme cu ochelarii
 Impozite pe proprietati de anul v...

teava rezistenta panou apa calda

Acces in Curte din Drum National

Sub mobila de bucatarie si sub fr...
 Rezultat RMN

Numar circuite IPAT si prindere t...

Pareri brgimportchina.ro - teapa ...

Lucruri inaintea vremurilor lor
 Discuții despre TVR Sport HD.

Cost abonament clinica privata

Tremura toata, dar nu de la ro...

Renault Android
 

ISA server - again

- - - - -
  • Please log in to reply
89 replies to this topic

#73
Baghera

Baghera

    Junior Member

  • Grup: Members
  • Posts: 63
  • Înscris: 16.08.2005
Am reusit pana la urma,mersi PreTXT,tacerea ta la urma m-a ambitionat  :coolspeak:

#74
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
ISA 2004 vine cu vreun log analizer tool ceva? sau trebuie cumparat separat? daca da, care ar fi cel mai complet dintre cele de pe piata?

#75
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002

View PostDeathRipple, on Dec 20 2005, 09:50, said:

ISA 2004 vine cu vreun log analizer tool ceva? sau trebuie cumparat separat? daca da, care ar fi cel mai complet dintre cele de pe piata?

ISA poate genera rapoarte sumare cu ....cel mai bine te uiti pe un astfel de raport :)

Attached Files


Edited by muntos, 20 December 2005 - 11:50.


#76
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
da...pe mine ma intereseaza de ex user-ul x a accesat site-urile a, b, c .... tampenii d-astea. iti foarte multumesc, insa tipul ala de raport nu face chiar ce vreau eu.

#77
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002
Banuiam eu ca nu asta te intereseaza,dar din moment ce n-ai specificat exact ce te intereseaza..:)
In cazul tau arunca un ochi la http://www.isaserver.../ISA/Reporting/
http://www.isaserver...toring-&-Admin/

De aici cel mai bun mi se pare SurfControl (www.surfcontrol.com)(dar este mai mult decat un tool de log analyzer) si WebSpy (www.webspy.com)

#78
PreTXT

PreTXT

    Moderator

  • Grup: Senior Members
  • Posts: 2,053
  • Înscris: 09.01.2003
surfcontrol nu este un log analyzer .. intra in categoria web filtering. Rapoartele care le ofera includ si site-uri vizitate de un anumit user.

#79
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
revin cu o noua si frumoasa problema...

in prezent am un calculator pe care ruleaza Win2k server cu ISA 2000 si AD. vreau sa pun pe o alta masina win2003 server, ISA 2004 si sa transfer AD-ul si politicile de la cel vechi. cu alte cuvinte, vreau un upgrade soft si hard, dar care sa se produca cat mai transparent pentru utilizatori. pana acum am dat peste tot felul de probleme, asa ca m-am decis sa sterg cu buretele si s-o iau de la capat.

a mai facut cineva asa ceva? un step-by-step pe undeva pe internet? cine poate sa ma ajute?

multumesc.

#80
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002

View PostDeathRipple, on Apr 27 2006, 10:32, said:

revin cu o noua si frumoasa problema...

in prezent am un calculator pe care ruleaza Win2k server cu ISA 2000 si AD. vreau sa pun pe o alta masina win2003 server, ISA 2004 si sa transfer AD-ul si politicile de la cel vechi. cu alte cuvinte, vreau un upgrade soft si hard, dar care sa se produca cat mai transparent pentru utilizatori. pana acum am dat peste tot felul de probleme, asa ca m-am decis sa sterg cu buretele si s-o iau de la capat.

a mai facut cineva asa ceva? un step-by-step pe undeva pe internet? cine poate sa ma ajute?

multumesc.

Legat de AD eu as face (de fapt am si facut cu exceptia ca era tot un Win2003) asa cum scrie gaurika in thread-ul de aici
Trecerea de la ISA2000 la ISA2004 o poti face in mai multe feluri.Poti exporta Firewall si System Policies-urile din ISA2000 si importa in ISA2004 (exista ceva tooluri si articole legate de acest proces pe www.isaserver.org).
Atentie la instalare sa bifezi optiunea ca vechile versiuni de Firewall Client sa poata comunica cu ISA2004.Sfatul meu este ca apoi sa migrezi toti clienti de firewall la noua versiune ( o poti face centralizat cu AD).
Bafta

#81
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
mai jos sunt rezultatele obtinute in urma diagnosticarii win 2003 server....

log-ul de la netdiag:




    Computer Name: NETPLANET
    DNS Host Name: netplanet.WORLDNET
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896422
        KB896424
        KB896428
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB904942
        KB905414
        KB905915
        KB908519
        KB908521
        KB908531
        KB910437
        KB911562
        KB911564
        KB911565
        KB911567
        KB911927
        KB912812
        KB912919
        KB913446
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Intern

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : netplanet
        Autoconfiguration IP Address : 172.16.1.200
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 172.16.1.1
                                     172.16.1.200


        AutoConfiguration results. . . . . . : Failed
            [WARNING] AutoConfiguration is in use. DHCP not available.

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Extern

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : netplanet
        IP Address . . . . . . . . : xxx.xxx.xxx.xxx
        Subnet Mask. . . . . . . . : 255.255.xxx.xxx
        Default Gateway. . . . . . : xxx.xxx.xxx.xxx
        NetBIOS over Tcpip . . . . : Disabled
        Dns Servers. . . . . . . . : xxx.xxx.xxx.xxx


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Failed
            No gateway reachable for this adapter.

        NetBT name test. . . . . . : Skipped
            NetBT is disabled on this interface. [Test skipped]

        WINS service test. . . . . : Skipped
            NetBT is disable on this interface. [Test skipped].


Global results:


Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{85B890CE-F304-4274-B67B-1DDD877F67AE}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '172.16.1.1' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '172.16.1.200' and other DCs also have some of the names registered.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 193.231.79.1, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{85B890CE-F304-4274-B67B-1DDD877F67AE}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{85B890CE-F304-4274-B67B-1DDD877F67AE}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
    [WARNING] Cannot call DsBind to netguardpro.WORLDNET (172.16.1.1). [RPC_S_CALL_FAILED_DNE]


Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'WORLDNET' is broken. [ERROR_NO_LOGON_SERVERS]


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'netguardpro.WORLDNET'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

Attached Files



#82
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
dcdiag...


Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
  
   Testing server: Default-First-Site-Name\NETPLANET
      Starting test: Connectivity
         ......................... NETPLANET passed test Connectivity

Doing primary tests
  
   Testing server: Default-First-Site-Name\NETPLANET
      Starting test: Replications
         [NETGUARDPRO] DsBindWithSpnEx() failed with error 1727,
         The remote procedure call failed and did not execute..
         ......................... NETPLANET passed test Replications
      Starting test: NCSecDesc
         ......................... NETPLANET passed test NCSecDesc
      Starting test: NetLogons
         ......................... NETPLANET passed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\netguardpro.WORLDNET, when we were trying to reach NETPLANET.
         Server is not responding or is not considered suitable.
         ......................... NETPLANET failed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: NETGUARDPRO is the Schema Owner, but is not responding to DS RPC Bind.
         Warning: NETGUARDPRO is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: NETGUARDPRO is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: NETGUARDPRO is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: NETGUARDPRO is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         ......................... NETPLANET failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... NETPLANET failed test RidManager
      Starting test: MachineAccount
         ......................... NETPLANET passed test MachineAccount
      Starting test: Services
         ......................... NETPLANET passed test Services
      Starting test: ObjectsReplicated
         ......................... NETPLANET passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... NETPLANET passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... NETPLANET failed test frsevent
      Starting test: kccevent
         ......................... NETPLANET passed test kccevent
      Starting test: systemlog
         ......................... NETPLANET passed test systemlog
      Starting test: VerifyReferences
         ......................... NETPLANET passed test VerifyReferences
  
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
  
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
  
   Running partition tests on : WORLDNET
      Starting test: CrossRefValidation
         ......................... WORLDNET passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... WORLDNET passed test CheckSDRefDom
  
   Running enterprise tests on : WORLDNET
      Starting test: Intersite
         ......................... WORLDNET passed test Intersite
      Starting test: FsmoCheck
         ......................... WORLDNET passed test FsmoCheck

#83
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002
Hmmm...nu arata prea bine output-urile tale.
Parerea mea este ca ar trebui sa-ti rezolvi mai intai problemele de pe DC, altfel risti sa nu-ti iasa replicarea.

#84
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
pai astea sunt otuput-urile de pe win 2003...cele de pe win 2000, unde e DC-ul original, sunt in regula...

#85
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002
Scuze,n-am fost atent.
Oricum, daca am inteles eu bine, este o idee fff proasta sa rulezi ISA pe un DC.

#86
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
combinatia isa 2000 win2k srv cu ad merge f bine....si nu de azi, de ieri...

#87
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002
Citeste aici de ce nu.
Nu ca nu se poate ci este o greseala mare de securitate.

#88
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
pt ca cineva sa ajunga la isa, tre' sa treaca de vreo 2 firewall-uri in prealabil. oricum, este interesant ce scrie acolo, insa daca esti atent si nu faci greseli ar trebui sa nu fie probleme asa mari. oricum este interesant articolul si confirma pasii efectuati de mine fara sa-l citesc :)

Edited by DeathRipple, 02 May 2006 - 09:30.


#89
DeathRipple

DeathRipple

    communist vampire

  • Grup: Senior Members
  • Posts: 15,937
  • Înscris: 11.08.2002
aaa...alta problema: care este diferenta intre clientii ISA care arata "configured to..." si "connected to..." ? in primul rand nu-mi explic de ce apare.

#90
muntos

muntos

    Member

  • Grup: Members
  • Posts: 549
  • Înscris: 03.08.2002
"Configured to" iti arata ca respectivul client are stabilita o conexiune cu ISA (vede serverul)
"Connected to", adica in momentul in care iti si apare o sagetuta verde pe icon-ul de client, inseamna ca s-a deschis o conexiune pe socket care necesita autentificare prin clientul de ISA.
In principiu daca un client este configurat sa aiba acess la Internet dupa ce se autentifica (Active Directory in mod normal) atunci in afara aplicatiilor care se pot autentifica prin web proxy (Internet Explorer sau alte programe configurate ca sa iasa printr-un proxy web) restul aplicatiilor trebuie sa se autentifice prin intermediul clientului de firewall.In acel moment clientul arata "connected to".

Anunturi

Bun venit pe Forumul Softpedia!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Forumul Softpedia foloseste "cookies" pentru a imbunatati experienta utilizatorilor Accept
Pentru detalii si optiuni legate de cookies si datele personale, consultati Politica de utilizare cookies si Politica de confidentialitate