ISA Server 2004 Best Practices Analyzer Tool V2

Two weeks ago, we released a new version (V2) of the ISA Server 2004 Best Practices Analyzer Tool, which is commonly knowns as the IsaBPA.

What is changed in the new version?

 

  • We added new checks to the IsaBPA. Now we have about 150 rules! We focused especially on authentication and Outlook Web Access checks. We also added SP2 checks, Configuration Storage server (CSS) checks, connection limit checks, and more. Below is a full list of the checks that were added.
  • View more settings. The Detailed View Pane contains almost all of the ISA Server settings that can be viewed in the ISA Server 2004 UI. For instance: all policy rules, network rules, networks, alerts, and the list goes on and on… We now display more than 500 settings!
  • Pack ISA Diagnostics Tool was added. This tool packs the ISAInfo Report, the IsaBPA Report, and possibly the ISA Server traces into a single cabinet file and places it on the desktop, ready for easy transfer to the ISA Server Support Team in case there is a problem. You can run it from the program menu.
  • Bug fixes. We fixed bugs that were found in the last version.

Check

Error level

ISA Server configuration is being updated from the Configuration Storage server.

Warning

The ISA Server configuration is not up-to-date.

Warning

ISA Server cannot connect to the specified Configuration Storage server.

Error

The port specified for HTTP redirection is not 80.

Warning

The port specified for HTTP redirection in an Outlook Web Access publishing rule is not 80.

Warning

The port specified for HTTPS redirection is not 443.

Warning

The port specified for HTTPS redirection in an Outlook Web Access publishing rule is not 443.

Warning

The port specified for FTP redirection is not 21.

Warning

ISA Server does not delegate Basic credentials.

Warning

Configured authentication method is never required.

None

A Web listener is not listening on the default HTTPS port.

Warning

A Web listener is not listening on the default HTTPS port in an Outlook Web Access publishing rule.

Warning

An Outlook Web Access publishing rule is listening on an HTTP port.

BestPractice

A Web listener is not listening on the default HTTP port.

Warning

The rule uses Basic authentication, but the Web server requires NTLM authentication.

Error

The rule uses Basic authentication, but the Web server requires Digest authentication.

Error

The rule uses Basic authentication, but the Web server requires forms-based authentication.

Warning

A Web publishing rule is listening on the External network in a single network adapter scenario.

Error

Forms-based authentication is configured on both the rule and on the Web server.

Error

The rule uses forms-based authentication, but the Web server requires NTLM authentication.

Error

The rule uses forms-based authentication, but the Web server requires Digest authentication.

Error

The rule uses NTLM authentication, but the Web server requires Basic authentication.

Warning

The rule uses NTLM authentication, but the Web server requires forms-based authentication.

Warning

The rule uses NTLM authentication, but the Web server requires Basic authentication.

Warning

RADIUS authentication is configured, although no RADIUS servers are specified.

Warning

RADIUS authentication is configured, although the RADIUS filter is disabled.

Error

The RADIUS server cannot be accessed.

Warning

The connection limit is below the default after upgrade from ISA Server 2000.

Warning

ISA Server 2004 Service Pack 2 (SP2) is not installed.

Warning

The connection limit is below the default.

Warning

BITS caching is used in a cache rule other than the Microsoft Update Cache Rule.

Error

Getting the new IsaBPA

The IsaBPA is available for download for free and can be found at:

http://www.microsoft.com/downloads/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en

You can also update your old IsaBPA by clicking on the “Update the ISA Server Best Practices Analyzer” link from the IsaBPA itself.

Idan Plonsky, ISA Server Team