Using Sysinternals Tools to Troubleshooting ISA Server Issues
Introduction
Sysinternals tools are just amazing to troubleshoot a huge amount type of issues: networking, AD, core OS, etc. But, one thing that many security administrators don’t realize it yet is that those tools also are great to troubleshoot ISA Server issues in different scenarios. Before move on to the tool that I want to talk about, here are some other articles that I wrote where Sysinternals tools were used:
Article: Firewall Client is Unable to Connect to ISA Server 2006
Tool: FileMon
Article: Unable to open a link for a MHT file using Internet Explorer 6 through ISA Server 2006
Tool: FileMon
Article: Hardening ISA Server in a Supported Manner
Tool: Regmon
Article (Portuguese): O Internet Explorer executou uma operação ilegal e será fechado
Tool: Process Explorer
Now, let’s play with a cool tool called: ADInsight.
Using ADInsight to Track ADAM Calls
ADInsight is a tool that allows you to view LDAP calls on the fly from a nice GUI interface. For the purpose of this example I’m going to follow the steps below to generate some data:
1. Launch ADInsight
2. Launch ISA Server 2006 Management Console
3. Review the data created by this operation
As soon as we execute step two ADInsight starts to collect information and notice in the sample below that the process is still MMC.exe but it is already accessing the local ADAM on port 2171:
Figure 1 – Initial information when launch ISA Management Console.
After complete load the ISA Server Management console the process changes and if you click in one of the lines in the upper pane and the lower pane will show in more details the parameters that were used during that operation:
Figure 2 – LDAP information with more details in the lower pane.
Now you can dig in and see more what’s going on behind the scenes. Enjoy it !!
Note: If you want to learn more about Sysinternals tools, read Windows® Sysinternals Administrator's Reference (Inside Out) by Mark Russinovich.