The external network adapter on your ISA Server 2006, ISA Server 2004, or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer cannot obtain an IP address from a DHCP server

Article translations Article translations
Article ID: 841141 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When you try to configure the external network adapter on your Microsoft Internet Security and Acceleration (ISA) Server 2006, ISA Server 2004, or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer to obtain its Internet Protocol (IP) address from a Dynamic Host Configuration Protocol (DHCP) server, the external network adapter does not receive a valid IP address.

CAUSE

This behavior occurs because the default ISA Server or Forefront Threat Management Gateway, Medium Business Edition system policy does not permit DHCP replies from external DHCP servers to the ISA Server or Forefront Threat Management Gateway, Medium Business Edition computer.

RESOLUTION

To resolve this behavior, follow these steps:
  1. Click Start, point to Programs, point to Microsoft ISA Server or to Microsoft Forefront TMG Server, and then click ISA Server Management or TMG Server Management.
  2. In the console tree, click Firewall Policy.
  3. In the right pane, click the Tasks tab, and then click Show System Policy Rules.
  4. Click Allow DHCP replies from DHCP servers to ISA Server.
  5. In the details pane, click Edit System Policy.
  6. Click the From tab.
  7. Click Add.
  8. If you know the IP address of the external DHCP server, follow these steps:
    1. In the New list, click Computer.
    2. In the New Computer Rule Element dialog box, type a name for the DHCP computer rule element in the Name box, type the IP address of the DHCP server in the Computer IP Address box, and then click OK.
    3. Expand Computers, click the DHCP computer rule element that you just created, click Add, and then click Close.
    To add the external network instead of the specific DHCP server, expand Networks, click External, click Add, and then click Close.

    Note Microsoft recommends that you add the specific DHCP server instead of the external network to make the ISA Server computer less susceptible to external attacks.
  9. Click OK, and then click Apply to save the changes and update the configuration.
Note This procedure is for renewals only. If you do not have an IP address, you may want to allow DHCP traffic from any network until an address is leased. If you do not already have a lease, the "specific DHCP server" setting in step 8 will not work because Windows will be forced into DHCP Discover mode. This mode is strictly for broadcast traffic.

Properties

Article ID: 841141 - Last Review: December 4, 2007 - Revision: 4.3
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • Windows Essential Business Server 2008 Standard
Keywords: 
kbisa2006swept kbfirewall kbprb KB841141

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com