I was recently looking at ISA Server’s logging features, trying to see where we might have opportunities to improve in future versions. As part of this process, I installed SQL on my ISA Server firewall. And noticed the following phenomenon.
In general, when you configure ISA Server to log to a SQL server, ISA Server presents itself as domainname\machinename$. ISA Server always presents these credentials when asked to authenticate itself over the network. Furthermore, and happily, these credentials are considered valid when ISA Server is not located on the same computer as SQL.
However, when ISA Server and SQL are both installed on the same computer, ISA Server presents different credentials. Specifically, ISA Server identifies itself as NT AUTHORITY\NETWORK SERVICE. Sadly, these credentials are not what SQL Server expects--and so logging fails. Furthermore, you can’t configure SQL server to accept these credentials (at least I couldn’t figure out how to do it…if you know how to, please--enlighten me).
So what’s the workaround? Configure ISA Server to use SQL authentication.
ISA Server Sustained Engineering