Year: 2008

ISA Server 2006 SP1 – Problems that Go Beyond the Test Button

Introduction   ISA Server 2006 SP1 shipped last week and it represents a big milestone for the product. The troubleshooting tools that are now built in will help the administrators effectively test their publishing rules prior to deploy published server to the public. But, what if everything looks good in the “testing environment” and when…

Another Look at Kerberos Constrained Delegation on ISA Server 2006 – OWA Publishing Scenario

A really nice feature that was added in ISA Server 2006 is support for Kerberos Constrained Delegation (KCD). Kerberos Constrained Delegation allows ISA Server 2006 to verify the identity of a client using a non-Kerberos authentication method (in this case SSL Client Certificates). ISA Server is then able to request a Kerberos ticket on behalf…

Change Tracking – How secure is it?

I’m often asked “How secure is Change Tracking?”, and whether it can be referred to as Auditing. The correct answer is: The Change Tracking log is as secure as the ISA configuration it documents. No more, no less. No more: Change Tracking is not intended to be a hacker-proof, audit-trail-providing feature. A bad guy with…

Change Tracking – Preface and Reasoning

ISA2006 SP1 contains several features and enhancements to ISA2006. If you’re not familiar with it, head over to the official SP1 document on the download page or to Tom Shinder’s article. And definitely download and try it! One of the major features is Change Tracking. In the coming days, I intend to post several posts about…

ISA Server 2006 Service Pack 1 Released!

We are thrilled to announce that yesterday, 7/2/2008, the ISA Server Sustained Engineering team released the final version of ISA Server 2006 Service Pack 1 (Standard & Enterprise editions) to the Microsoft Download Center. You can find the ISA 2006 SP1 bits here. This release will also be uploaded to Microsoft Update on 7/22/2008.   What’s…

Just Published on TechNet: How to Configure ISA SSL Bridging for System Center Configuration Manager Internet-Based Client Management

The ISA Server product group and the Configuration Manager product group have collaborated to publish How to Configure ISA SSL Bridging for System Center Configuration Manager Internet-Based Client Management.   This article has step-by-step instructions for publishing an Internet-based site system server behind ISA Server, and using SSL to SSL bridging (also known as symmetric bridging)….

Understanding By-Design Behavior of ISA Server 2006: Using Kerberos Authentication for Web Proxy Requests on ISA Server 2006 with NLB

Introduction   With companies working more and more to achieve scenarios of high availability, ISA Server 2006 Enterprise Edition Integrated NLB is becoming very popular. High availability is also complemented by the need to offer performance improvement with Kerberos Authentication while browsing using Internet Explorer 7.   Note: For more information on the benefits offered…

Server Publishing with ISA Server 2004/2006 and Route Relationship Between Networks

Suppose you have the following scenario: You are running ISA Server in 3-Leg configuration with a route relationship between the Internal and Perimeter networks. There’s a FTP Server and some Web Servers operating in your Perimeter network. ISA IP-Addresses: Internal 172.118.115.15 Perimeter 39.1.1.15 External 192.168.101.15 FTP Server Address is 39.1.1.5 connected to Perimeter network You…