Sysinternals tools are just amazing to troubleshoot a huge amount type of issues: networking, AD, core OS, etc. But, one thing that many security administrators don’t realize it yet is that those tools also are great to troubleshoot ISA Server issues in different scenarios. Before move on to the tool that I want to talk about, here are some other articles that I wrote where Sysinternals tools were used:
Now, let’s play with a cool tool called: ADInsight.
Using ADInsight to Track ADAM Calls
ADInsight is a tool that allows you to view LDAP calls on the fly from a nice GUI interface. For the purpose of this example I’m going to follow the steps below to generate some data:
1. Launch ADInsight
2. Launch ISA Server 2006 Management Console
3. Review the data created by this operation
As soon as we execute step two ADInsight starts to collect information and notice in the sample below that the process is still MMC.exe but it is already accessing the local ADAM on port 2171:
Figure 1 – Initial information when launch ISA Management Console.
After complete load the ISA Server Management console the process changes and if you click in one of the lines in the upper pane and the lower pane will show in more details the parameters that were used during that operation:
Figure 2 – LDAP information with more details in the lower pane.
Now you can dig in and see more what’s going on behind the scenes. Enjoy it !!