[Dshield] dns & routing

Al Reust areust at comcast.net
Sat Jun 26 19:32:46 GMT 2004


Hello Guy

While I am not sitting front of my ISA Box for reference. I may have the 
answer you are looking for. There is a nice site that "sometimes" has a lot 
of answers.

http://www.isaserver.org/articles/14120_Errors_Discussion_and_Solution.html

Generally speaking you are having problems with Name Resolution and Forwarding.

Al

At 05:39 PM 6/25/2004 -0400, you wrote:
>Kinda off topic but I'm thinking you guys could offer much needed
>insight into this DNS nightmare I'm having on a windows server.  There
>are Lots of errors and problems but I'll keep this narrowed down to the
>main symptoms.
>
>I'm getting 20-30 Microsoft web proxy errors a minute, non stop, in the
>application log with event id: 14120.
>
>My log files are so over loaded with DNS and ISA errors the event
>viewing capability on the server is failing.  Its tough to find
>'intentional bad things' in the server logs when they are this bloated
>or bombing out completely.
>
>I was getting as many DNS errors in the DNS server log until I fixed
>missing entries in the LAT and rebuilt the tables.  Neither NIC or
>gateway on the server was listed in the LAT.  The DNS server errors have
>stopped completely for the last 2 hours since fixing the LAT.
>
>Users logging on to the network intermittently failed to reconnect any
>and all mapped drives although they could still surf and get email.
>They could not reconnect to mapped drives for up to 5-10 minutes and
>sometimes not at all until the magic MS ctrl-alt-del fix is used,
>meanwhile all of the other machines on the network are visible and
>accessible.
>
>I can find little information online about event id 14120 with minimal
>instructions to "check for a conflict between the LAT and routing
>table".  I'm looking at the results of 'route print' from the command
>line and trying to figure out if it matches up to the LAT and how to get
>it that way.
>
>First questions that come to mind; am I correct in assuming the missing
>entries in the LAT alone could cause the errors connecting to the server
>at logon time?  Should the routing table mirror the LAT?  How do you get
>the two to match?  What else should I look for as a possible cause?  For
>that matter what would cause errors like I've seen with neither of the
>servers NIC's or gateway IP's listed in the LAT?
>
>I would appreciate pointers to good information and instructional
>resources as much as any direct help!
>
>GLRB
>
>P.S. in case anyone asks about the IP's ISA can't create a packet for in
>the message body of the 14120 event id error; the IP's range across
>any/every valid (some few invalid) address any of the users on the
>network have browsed to.  I've manually checked a great number of them
>with every kind of web site in the range including Microsoft, CBS and
>others - no pattern there.
>_______________________________________________
>list mailing list
>list at lists.dshield.org
>To change your subscription options (or unsubscribe), see: 
>http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list