Using Sysinternals Tools to Troubleshooting ISA Server Issues

Introduction

 

Sysinternals tools are just amazing to troubleshoot a huge amount type of issues: networking, AD, core OS, etc. But, one thing that many security administrators don’t realize it yet is that those tools also are great to troubleshoot ISA Server issues in different scenarios. Before move on to the tool that I want to talk about, here are some other articles that I wrote where Sysinternals tools were used:

 

Article: Firewall Client is Unable to Connect to ISA Server 2006

Tool: FileMon

 

Article: Unable to open a link for a MHT file using Internet Explorer 6 through ISA Server 2006

Tool: FileMon

 

Article: Hardening ISA Server in a Supported Manner

Tool: Regmon

Article (Portuguese): O Internet Explorer executou uma operação ilegal e será fechado

Tool: Process Explorer

 

Now, let’s play with a cool tool called: ADInsight.

 

Using ADInsight to Track ADAM Calls

 

ADInsight is a tool that allows you to view LDAP calls on the fly from a nice GUI interface. For the purpose of this example I’m going to follow the steps below to generate some data:

1. Launch ADInsight

2. Launch ISA Server 2006 Management Console

3. Review the data created by this operation

 

As soon as we execute step two ADInsight starts to collect information and notice in the sample below that the process is still MMC.exe but it is already accessing the local ADAM on port 2171:

 

Figure 1 – Initial information when launch ISA Management Console.

 

After complete load the ISA Server Management console the process changes and if you click in one of the lines in the upper pane and the lower pane will show in more details the parameters that were used during that operation:

 

 

Figure 2 – LDAP information with more details in the lower pane.

 

Now you can dig in and see more what’s going on behind the scenes. Enjoy it !!

 

Note: If you want to learn more about Sysinternals tools, read Windows® Sysinternals Administrator's Reference (Inside Out) by Mark Russinovich.