This newsletter is the first in a new series highlighting Microsoft® Internet Security and Acceleration (ISA) Server 2004 content. Content is updated on a regular basis with best practices papers, troubleshooting tips and hints, knowledge base articles, and useful tools. Customer feedback is monitored, and documentation is targeted in response to common issues and customer requests. A feedback link is included in each document, to allow you to respond on a document-by-document basis. Thank you for your feedback.
WHAT'S NEW ON ISA SERVER GUIDANCE
ISA Server Guidance provides an authoritative, comprehensive portal to deployment, maintenance, best practices, and troubleshooting information for ISA Server. ISA Server Guidance is located on Microsoft.com. All documents are hosted on the Microsoft Technet Web site.
The troubleshooting library is designed to document common issues you might encounter when installing, configuring, and maintaining ISA Server 2004. New for this quarter:
· Troubleshooting Configuration Storage Servers This paper describes a series of steps for troubleshooting the installation and maintenance of ISA Server 2004 Enterprise Edition Configuration Storage servers.
· Troubleshooting Networking Configuration. This document describes common issues that may occur when configuring network objects. It includes guidelines for defining network rules to determine how traffic passes between networks, and firewall policy rules to
specify how traffic is inspected and filtered.
· Troubleshooting Unsupported Configurations. This article provides a quick look-up resource for some common unsupported configuration scenarios that customers may encounter.
· Troubleshooting Logging. This document includes tips and hints for troubleshooting logging issues.
BEST PRACTICES AND RECOMMENDATIONS
Best practices documents include recommendations and guidelines for
deploying and configuring ISA Server. New documents include:
- Deployment Recommendations for Connection Limits in ISA Server 2004. This paper explains the connection limit quota mechanism, and how to define custom limits. It also includes information on troubleshooting connection limits.
- Logging Best Practices. This article provides tips for configuring ISA Server 2004 logging. It includes recommendations for logging formats, and capacity guidelines.
Providing external access to Microsoft Office Outlook® Web Access servers
is a common ISA Server publishing scenario. New this quarter:
- Outlook Web Access Publishing with Client Certificates and Forms-Based
Authentication.This document includes detailed procedures to help you publish an Outlook Web Access server over a secure connection. External Clients are authenticated by means of a client certificate, and prompted with a form to provide credentials to the Outlook Web Access server.
- Outlook Web Access Publishing with RADIUS and Forms-Based Authentication. This article walks you through the steps required to configure forms-based authentication on the ISA Server computer, and authenticate incoming requests against a RADIUS server.
OUTBOUND WEB ACCESS
In some business scenarios internal clients protected by ISA Server 2004 may require access to secure Internet Web sites. Configuring Internal Client Access to Web Sites over SSL explains how to configure an SSL tunnel between internal clients and an external Web server. Or alternatively, how to bridge HTTP client requests over HTTPS to an external Web server.
ISA SERVER TOOLS
There are a number of new and updated ISA Server Tools available.
- CacheDir Tool. View real-time cache contents, save cache content, and mark
items as obsolete in the cache.
- Firewall Kernel Mode Tool (FwEngMon.exe). Analyze and troubleshoot firewall
connectivity issues by monitoring the ISA Server kernel mode driver
(Fweng.sys). This new release includes support for ISA Server 2004
Enterprise Edition features, and can display a list of active Network Load
Balancing (NLB) hook rules.
- Remote Access Quarantine Tool. Prepare ISA Server running on Windows Server
2003 as an RQS listener component for VPN quarantine control.
- Microsoft SQL Server Reporting Services Sample Pack. This sample pack
includes a Reporting Services project with predefined Report Definition
Language (RDL) files for generating reports from ISA Server logs stored in
an SQL database using SQL Server Reporting Services.
MICROSOFT KNOWLEDGE BASE ARTICLES
Recent Microsoft Knowledge Base articles include:
- POP3 Clients Cannot Connect to an Exchange Server that is Behind an ISA Server Firewall (http://support.microsoft.com/kb/909130/en-us). This article describes an issue that might prevent POP3 clients from communicating with an Exchange server protected by ISA Server 2004. The solution includes modifying a registry setting.
- You May Experience High Memory Usage on an ISA Server 2004-based Computer
that Logs Messages to an MSDE database (http://support.microsoft.com/kb/909636/en-us). This article explains a problem that may occur because of the way in which SQL Server handles physical memory, and describes how to limit the physical memory allocated to SQL Server on the ISA Server computer.
- DHCP Clients may not Obtain the Configuration Script when you use DHCP Option 252 to Automatically Configure Internet Explorer (http://support.microsoft.com/kb/911072/en-us). This article describes an issue that may occur in specified network topologies when VPN client access is not enabled in ISA Server, and provides a resolution.
- ISA Server 2004 Firewall Client Program no Longer Works After you Update a
Computer to Microsoft Windows Vista Beta 2 (http://support.microsoft.com/kb/911077/en-us). This article describes compatibility issues between the ISA Server 2004 Firewall Client and the Vista Beta. There is no workaround.