ISA Server 2004 Best Practices Analyzer Tool V2



Two weeks ago, we released a new version (V2) of the ISA Server 2004 Best Practices Analyzer Tool, which is commonly knowns as the IsaBPA.


What is changed in the new version?


 



  • We added new checks to the IsaBPA. Now we have about 150 rules! We focused especially on authentication and Outlook Web Access checks. We also added SP2 checks, Configuration Storage server (CSS) checks, connection limit checks, and more. Below is a full list of the checks that were added.

  • View more settings. The Detailed View Pane contains almost all of the ISA Server settings that can be viewed in the ISA Server 2004 UI. For instance: all policy rules, network rules, networks, alerts, and the list goes on and on… We now display more than 500 settings!

  • Pack ISA Diagnostics Tool was added. This tool packs the ISAInfo Report, the IsaBPA Report, and possibly the ISA Server traces into a single cabinet file and places it on the desktop, ready for easy transfer to the ISA Server Support Team in case there is a problem. You can run it from the program menu.

  • Bug fixes.  We fixed bugs that were found in the last version.

 


 




































































































Check


Error level


ISA Server configuration is being updated from the Configuration Storage server.


Warning


The ISA Server configuration is not up-to-date.


Warning


ISA Server cannot connect to the specified Configuration Storage server.


Error


The port specified for HTTP redirection is not 80.


Warning


The port specified for HTTP redirection in an Outlook Web Access publishing rule is not 80.


Warning


The port specified for HTTPS redirection is not 443.


Warning


The port specified for HTTPS redirection in an Outlook Web Access publishing rule is not 443.


Warning


The port specified for FTP redirection is not 21.


Warning


ISA Server does not delegate Basic credentials.


Warning


Configured authentication method is never required.


None


A Web listener is not listening on the default HTTPS port.


Warning


A Web listener is not listening on the default HTTPS port in an Outlook Web Access publishing rule.


Warning


An Outlook Web Access publishing rule is listening on an HTTP port.


BestPractice


A Web listener is not listening on the default HTTP port.


Warning


The rule uses Basic authentication, but the Web server requires NTLM authentication.


Error


The rule uses Basic authentication, but the Web server requires Digest authentication.


Error


The rule uses Basic authentication, but the Web server requires forms-based authentication.


Warning


A Web publishing rule is listening on the External network in a single network adapter scenario.


Error


Forms-based authentication is configured on both the rule and on the Web server.


Error


The rule uses forms-based authentication, but the Web server requires NTLM authentication.


Error


The rule uses forms-based authentication, but the Web server requires Digest authentication.


Error


The rule uses NTLM authentication, but the Web server requires Basic authentication.


Warning


The rule uses NTLM authentication, but the Web server requires forms-based authentication.


Warning


The rule uses NTLM authentication, but the Web server requires Basic authentication.


Warning


RADIUS authentication is configured, although no RADIUS servers are specified.


Warning


RADIUS authentication is configured, although the RADIUS filter is disabled.


Error


The RADIUS server cannot be accessed.


Warning


The connection limit is below the default after upgrade from ISA Server 2000.


Warning


ISA Server 2004 Service Pack 2 (SP2) is not installed.


Warning


The connection limit is below the default.


Warning


BITS caching is used in a cache rule other than the Microsoft Update Cache Rule.


Error


 


Getting the new IsaBPA

The IsaBPA is available for download for free and can be found at:


http://www.microsoft.com/downloads/details.aspx?FamilyID=D22EC2B9-4CD3-4BB6-91EC-0829E5F84063&displaylang=en


You can also update your old IsaBPA by clicking on the “Update the ISA Server Best Practices Analyzer” link from the IsaBPA itself.


Idan Plonsky, ISA Server Team


 


Comments (1)

  1. Anonymous says:

    Thanks for the link.  Good information on ISA server.