Client computers cannot access external resources, and event ID 14147 appears in the Application log in ISA Server 2006 or in ISA Server 2004 (884496)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition

SYMPTOMS

On the computer that is running Microsoft Internet Security and Acceleration (ISA) Server, you may experience all the following symptoms:
  • Some client computers on the internal network cannot connect to the ISA Server computer or connect to external resources through the ISA Server computer.
  • You may receive an IP spoofing message.
  • One or both of the following events may appear in the Application log in Event Viewer.
    • Event Source: Microsoft Firewall
      Event Category: None
      Event ID: 14147
      Date: date
      Time: time
      Type: Error
      User: N/A
      Computer: computer name
      Description: ISA Server detected routes through adapter "adapter name" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: start IP address - end IP address;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a mobile site network, check if the event recurs. If it does not, you may safely ignore this message.
    • Event Source: Microsoft Firewall
      Event Category: None
      Event ID: 15108
      Date: date
      Time: time
      Type: Error
      User: N/A
      Computer: computer name
      Description: ISA Server detected a spoof attack from Internet Protocol (IP) address IP address. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.

CAUSE

This issue occurs if the ISA Server network objects do not match the routing table entries that ISA Server uses to understand the network topology. Event ID 14147 may be logged when you first create a remote site network when you configure a site-to-site VPN connection in ISA Server.

ISA Server requires that only one network adapter is associated with a single ISA Server network, and that network adapter IP addresses are not configured in more than one network. IP address ranges must be configured correctly for ISA Server network objects, and match the routing table. Network object definitions should include all remote subnets that can be reached through the adapter that is associated with the network. Additionally, persistent static routes should be defined in the routing table for each remote subnet.

RESOLUTION

For more information about how to troubleshoot network configuration issues, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=60491

For more information about how to configure ISA Server network objects, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=56780

Modification Type:MinorLast Reviewed:9/22/2006
Keywords:kbISA2006Swept kbFirewall kbenv kbtshoot kbprb KB884496 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.