ISA 2004 Lockdown Mode Issue (Cont’d)
I finally got a callback from Microsoft today for our ISA 2004 Lockdown issue. The support engineer told me that the logs that he collected pointed to the Web Proxy component of ISA on one of our firewalls was causing it not to start the firewall services. We rummaged around the ISA settings looking for the “HTTP Filter” in the Enterprise Add-Ins section of the ISA console. We noticed that this was disabled so we enabled it. Went to the Sevices MMC and tried to restart the firewall services. No go…. Same error message.
Next we looked through the NTFS permissions in the “Microsoft ISA Server” directory on the C: drive. All permissions seemed to be correct and not modified.
I downloaded the latest ISA 2004 patch from KB article 954264 (http://support.microsoft.com/kb/954264) as per the MS engineer and applied it to the box and rebooted. Checked the firewall services and they did not start.
The support engineer suggested doing a repair of ISA 2004 using the original installation media. Needless to say I wasn’t to keen on doing this given the awful track record of doing a repair on Windows installation from the installation media. But, I reluctantly went along for the ride. I downloaded the ISA installation files from one of our file shares to the local drive of the firewall. Then we proceeded to run the installer and selected the “Repair” option. After about 10 minutes of holding my breath, the repair process completed and we rebooted the ISA server.
To my total astonishment, the firewall services restarted as if nothing ever happened. Now I can breath again. I really wasn’t looking forward to a ISA server re-build. Needless to say, I will monitor the server for the next couple days for any issues.
Read Full Post | Make a Comment ( None so far )
