Windows services may fail to start after installing ISA Server 2004 Service Pack 3

  • Article

In the following scenario, the Windows operating system may not run correctly after installing ISA Server 2004 Service Pack 3:

1.       ISA Server 2004 is installed on a computer which is a member of an Active Directory domain.

2.       The Enteprise Admins group (which exists by default on the Active Directory root domain) has been assigned any of the following roles:

·         ISA Server 2004 Enterprise Edition: ISA Server Enterprise Administrator role

·         ISA Server 2004 Standard Edition: ISA Server Full Administrator role

3.       You install ISA Server 2004 Service Pack  3  and restart the computer.

In this scenario, the computer may not run correctly after restarting. You can log in, but many services do not run. The following event in issued in the Event Viewer: 6015 – "The custom security descriptor for the event log ISA Server Diagnostics is invalid. Please ask an administrator to correct the CustomSD value in the registry for this event log."

 

 

Cause: The problem occurs because ISA Server formats the CustomSD registry value of the new ISA Server Diagnostics events folder in a way which is not supported by the EventLog service.

Resolution:

Complete the following steps to resolve this issue:

In Active Directory:

1. Open the Active Directory Users and Computers snap-in.

2. Right-click the required OU, point to New, and then click Group.

3. Create a group, ensuring that the Group scope is set to Universal.

4. Add the Enterprise Admins group to the new group.

On the ISA Server computer, do the following:

1. Manually start the netlogon service. To do this, in a command window type: net start netlogon.

2. Manually start the Microsoft Firewall service. To do this, type the following in a command window:

· For ISA Server 2004 Standard Edition type: net start fwsrv.

· For ISA Server 2004 Enterprise Edition type: net start isastgctrl, and then type: net start fwsrv.

3. Remove Service Pack 3 using Add/Remove Programs in the Control Panel.

4. Restart the computer.

5. Log on to the computer, and then run the Registry Editor. To do this, click Start, point to Run, and then type regedit.

6. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

7. Right-click ISA Server Diagnostics, and then click Delete.

8. Restart the computer to ensure that the diagnostic events log folder is removed.

9. Start ISA Server Management console and remove the Enterprise Admins group from the ISA Server roles, as follows:

· In ISA Server 2004 Standard Edition, right-click the server name, and then click Administration Delegation. On the Delegate Control page of the Administration Delegation Wizard, select the ISA Server Full Administrator entry, and then click Edit. Replace the Enterprise Admins entry with the new universal group you created.

· In ISA Server 2004 Enterprise Edition, right-click the enterprise name, and then click Properties. On the Assign Roles tab select ISA Server Enterprise Administrator from the roles list, and then click Edit. Replace the Enterprise Admins entry with the new universal group you created.

10. Reinstall ISA Server 2004 Service Pack 3.

· ISA Server 2004 Standard Edition Service Pack 3 is available from the Microsoft Download Center at http://www.microsoft.com/downloads/details.aspx?FamilyID=a05a074a-5033-4792-af8b-58b90d841436&DisplayLang=en.

· ISA Server 2004 Enterprise Edition Service Pack 3 is available from the Microsoft Download Center at http://www.microsoft.com/downloads/details.aspx?FamilyID=d2752df9-7249-4cea-b4d4-dfa53686186f&DisplayLang=en.

Thanks to Philip Bailey who helped with this.

Doron Juster

ISA Server sustained engineering group.