Hi All,
I have found the solution to the issue.
The CSS really needs to be installed on a seperate server to that of the ISA
Array nodes. The reason is because if the node which has the primary CS role
is down the second node can not function as it can not reference the CS, even
though it may have a copy of the CS on it. This seems to be a design issue
with the Array.
Microsoft recommend creating an architecture whereby the Array has ISA with
firewall and proxy features on one box and the ISA with CS feature on another
box. This way if one of the ISA node fail or is taken off line, the other
node can still function as the CS is on a seperate box.
The only problem I see in this is that does Microsoft expect us to buy
additional ISA 2006 Ent Ed licenses just to have CS on it. Even through my
EA licensing, the cost is just over £4,000. Therefore, to make my
architecture fully redundent this will cost me arount £8,000 in addition to
what I have already spent.
Unless I am wrong, I think MS has got this really wrong if I have to
purchase additional licenses!!.
Atul
"Atul Patel" wrote:
> I have checked the NLB on the network interface and found that the Host
> Parameters under Network Load Balancing, the Initial host state is set to
> "Stopped" state. This is the same setting on the other node. Is this
> correct in terms of ISA NLB?
>
> I also checked all other TCP/IP settings and they are all correct. Client
> PCs can connect to both nodes when they are both running.
>
> On furhter investigation I have found that I do have internet connecticity
> from the node when the other node is switched off. I do not however, have
> the ability to access our Head Office intranet sites via the proxy chaining
> rules I have.
>
> I do not understand why I can get general internet but can not seem to get
> any intranet hosts via the proxy chainging from the secondary node when the
> primary node is off.
>
> Thanks for any help you can give.
>
> Atul
> "Atul Patel" wrote:
>
> > Thanks, I'll check this and come back....
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> > > Then you probably have a TCP/IP connectivity problem. I believe ISA 2K6 is
> > > using NLB - you may need to start with basic TCP/IP troubleshooting.
> > >
> > >
> > > --
> > > Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > > -= F1 is the key =-
> > >
> > > * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> > >
> > >
> > > "Atul Patel" <AtulPatel@discussions.microsoft.com> wrote in message
> > > news:F53D0474-0522-4034-9454-97894B840C4B@microsoft.com...
> > > >I have checked the logs (event and isa) and there is nothing there.
> > > > Has anyone else experienced this before?
> > > > Atul
> > > >
> > > > "S. Pidgorny <MVP>" wrote:
> > > >
> > > >> 1. Examine event logs and ISA logs, there must be some details.
> > > >> 2. Use microsoft.public.isa.* hierarchies, over there you'll find ISA
> > > >> specialists
> > > >>
> > > >> regards
> > > >>
> > > >>
> > > >> --
> > > >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> > > >> -= F1 is the key =-
> > > >>
> > > >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> > > >>
> > > >>
> > > >> "Atul Patel" <AtulPatel@discussions.microsoft.com> wrote in message
> > > >> news:57879543-972B-4D14-9543-B1325E8435C0@microsoft.com...
> > > >> >I have a ISA 2006 Array of which when one node is switched off the other
> > > >> >node
> > > >> > does not process any client requests at all. I use the ISA array for
> > > >> > proxy.
> > > >>
> > > >>
> > > >>
> > >
> > >
> > >