Microsoft KB Archive/840472

= Internal DNS requests and internal LDAP requests may be sent to the external network adapter on a computer that is running ISA Server 2004 =

PSS ID Number: 840472

Article Last Modified on 8/26/2004

-

The information in this article applies to:


 * Microsoft Internet Security and Acceleration Server 2004, Standard Edition
 * the operating system: Microsoft Windows Server 2003

-





SYMPTOMS
Your computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004 is configured to use two network adapters. You expect one network adapter to resolve internal requests, and you expect the second network adapter to resolve external requests. Internal Domain Name System (DNS) networking protocol requests and internal lightweight directory access protocol (LDAP) requests may be sent to the external network adapter. Therefore, internal names may be exposed to the external network.



CAUSE
This issue may occur if you configure the external network adapter to be first in the binding order list on a computer that is running both ISA Server 2004 and DNS.



RESOLUTION
To resolve this issue, configure a computer that is running DNS to resolve internal DNS requests, and then configure a second computer that is running ISA Server 2004 to resolve external DNS requests.



WORKAROUND
To work around this issue, change the binding order of the network adapters so that the internal network adapter is first in the binding order list. To do this, follow these steps:
 * 1) Click Start, point to Control Panel, right-click Network Connections, and then click Open.
 * 2) In the Network Connections dialog box, click Advanced on the File menu, and then click Advanced Settings.
 * 3) In the Advanced Settings dialog box, click to select the internal network from the list of connections, and then click the up arrow button until the internal network connection is first in the list.

Note This workaround is not successful if DNS becomes unavailable. If DNS is becomes unavailable, internal requests may still be sent to the external network adapter, regardless of the binding order.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

