Introduction Microsoft Security Response Center (MSRC) issued bulletin MS08-037 to address vulnerabilities in DNS resolvers caused by predictable UDP source port usage. MSKB 956190 addresses behavior observed when traffic crosses a NAT-based firewall and provides workarounds to mitigate this behavior. Traffic crossing a NAT device cannot be assumed to maintain the original source port because…
Year: 2008
ISA Server 2006 SP1 – New Perfmon Counter
Introduction Within all the new features and enhancements that ISA Server 2006 SP1 brings there is one in particular that might be overlooked: the new performance counter. As the ISA Server 2006 SP1 release notes says this performance counter was added to measure the kilobytes per second for a HTTP/HTTPs requests and responses. If…
Tales from the Edge
Check out the Forefront Edge TechCenter community page, featuring the all-new Tales from the Edge – technical articles from the trenches, written by Yuri Diogenes and Jim Harrison.
Understanding how you use this blog
We are doing some research into how our readers view our blogs and how we can improve them. To that end, we are conducting a survey of our blog readers. Below is the request from Ed Jolly, one of our directors: Greetings Blog Readers, My name is Ed Jolly, and I am a director in…
New Article on Enhancing TS Gateway Security with ISA Server 2006
Dr. Thomas W. Shinder and Yuri Diogenes have published the article Enhance TS Gateway Security with ISA Server 2006 in September’s TechNet magazine. The article describes two TS Gateway scenarios, one in which the Network Policy Server (NPS) Role is implemented on the TS Gateway itself, and one in which there is a central NPS server….
Files larger than 512MB are not served from cache after ISA Server firewall service is restarted
Introduction The white paper Caching and CARP in ISA Server 2006 describes how the cache works in detail. The article states that the ISA Server first caches objects to RAM and then to the disk. Objects cached to memory can be retrieved faster than objects cached to the disk. Objects requested recently are in…
Publishing Microsoft CRM 4.0 through ISA Server 2006
1. Introduction Last February I collaborated with Henning Petersen from the CRM Team on CRM 3 through ISA Server 2006. After this post, we received a lot of requests for an article on publishing CRM 4 using the Internet Facing Deployment option (IFD). This post is going to answer those requests. For this post…
64-bit RPC traffic fails across ISA Sever 2006
1. Introduction This post describes an issue where two 64-bit Windows hosts are failing to communicate to each other using RPC . The hosts each operate in a network physically separated from each other by ISA Server 2006. Figure 1 illustrates the basic scenario. Figure 1 – Sample network diagram. All…
Change Tracking – Enterprise viewer
The Change Tracking tab is part of the ISA management console. But, it is implemented as an HTML files, and can operate outside the management console. To demonstrate this, I’ll show how to use it as an enterprise Change Tracking viewer. The HookIf you look in C:\Program Files\Microsoft ISA Server\UI_Htmls\ChangeTrackingTab.htm, you’ll notice that it has…
Change Tracking – Configuration via Script
Change Tracking configuration is stored together with ISA configuration, in a VPS (Vendor Parameter Set). Note that it’s a different VPS than the change log! As we already know, you can configure Change Tracking either on the array or on the enterprise. This is implemented as one VPS for each array, and one for the…