Error installing a replica of ISA Server 2006 CSS

1. Introduction

 

When you attempt to install a replica CSS, you may encounter the following error message:

 

Figure 1 – Error while installing ISA Server 2006 CSS.in replica mode

When ISA Server 2006 Setup displays the “Setup failed to start the configuration agent” message, this means that the Microsoft ISA Server Storage Control Service was unable to perform certain tasks that were supposed to be completed at that point in time. To understand this error, we need to review the ISA Sever 2006 Setup Log files.

2. Reviewing Setup Log files

ISA Server 2006 Setup log files are located in %windir%\temp, for this specific issue the log file that we should review starts with ISAFWSRV_NNN.log, which contains Firewall service setup information. The relevant part of this error in the setup file is shown here:

14:52:30 ISA setup CA INFO : Source path = C:\ISA Server 2006 Enterprise\FPC\Program Files\Microsoft ISA Server\msfpcstg.dll

14:52:30 ISA setup CA INFO : GetHandleToDllEx(msfpcstg.dll) succeeded

14:52:30 ISA setup CA INFO : LoadStorage succeeded

14:52:30 ISA setup CA INFO : StorageInitialized OK

14:52:30 ISA setup CA INFO : This is a deferred CA - ADAM server name should be already set in registry

14:52:30 ISA setup CA INFO : ADAM server name is: mycss.contoso.com

14:52:30 ISA setup CA INFO : Server=mycss.contoso.com, Username=(null), Domain=(null)

14:52:31 ISA setup CA ERROR : MixerSetup() failed, hr=0x80004005

Setup failed while initializing configuration agent.

MSI (s) (E4!E4) [15:09:26:746]: Product: Microsoft ISA Server 2006 -- Setup failed while initializing configuration agent.

15:09:26 ISA setup CA ERROR : Setup failed while initializing configuration agent.

15:09:26 ISA setup CA ERROR : (Error 37060) Setup failed while initializing configuration agent.

15:09:26 ISA setup CA ERROR : EXIT: InitConfigurationAgent, Custom Action failed (0x643)

15:09:26 ISA setup CA INFO : msfpc.DLL was successfully unloaded from delay-load list

The error code 0x80004005 is a very generic error, it actually means “unspecified failure” according to Common HRESULT Values MSDN article..

3. ISA Data Packager

One approach that can be used in scenarios like this is to get an ISA Data Packager in repro mode. . The following action plan can help you understand and resolve CSS replication problems encountered during installation:

1) On the original CSS, download the latest version of ISA BPA from www.isabpa.com and install it.

2) Go to Start / Programs / Microsoft ISA Server / ISA Tools and click ISA Data Packager

3) Click the option "Collect data using one of the following repro scenarios"

4) Select "Configuration Storage Server" and click Next;

5) Click Modify Options

6) Select:

a. ISA BPA

b. ISA Info

7) Click Start data collection

8) The Data Packager will start to run. When the option "Press spacebar to start the capture" appears, press the spacebar to begin the data capture

9) Try to install the CSS replica.

10) When the error message appears, click OK; wait until the installer completes the roll back process,

11) Return to the original CSS and press spacebar again to stop the capture. Wait until the CAB file is generated on the desktop.

4. Reviewing ISA Data Packager Result

One of the files within this CAB file that you can review to see if the whole ISA Data Packager collection was done successfully is called IDP.yyyy-mm-dd.hh-mm-ss.time.trace.log (for example IDP.2009-1-23.15-29-13.trace.log). This is a log that the IDP (ISA Data Packager) writes the details of the steps that were performed during the data collection. In this case one thing that didn’t look correct was the error below:

* -- Accessing "FPC.Root"

* Connecting to CSS "mycss.contoso.com"

* Connecting to "Containing" Array..

* -- Exporting ISA configuration (this may take some time)...

* *** Failed to gather ISA configuration data.

*

* Error Number : 8000FFFF

* Description : Catastrophic failure

*

* The error occurred on object 'My Application Protocol' of class 'Protocol Definition' in the scope of array 'mycss'.

When ISA Data Packager runs it tries to exports the ISA Server configuration to an XML file. In this case the export action failed with error 8000FFFF (Catastrophic failure). According to this log, the object “My Application Protocol” which is located in the “Protocol Definition” container in the “mycss” array couldn’t be exported.

5. Solution

When ISA Storage Control Service is initializing, the agent tries to gather ISA configuration data by synchronizing with the existing CSS . This action fails because of a corrupted object in the existing CSS. Putting the pieces together, it makes sense that the installation of the CSS replica would have failed.

The solution I this case is to manually remove the “My Application Protocol” object. ISA storage mechanisms can’t access the corrupted custom protocol object becaue of the schema validation that is performed during object access. Thus, you must use ADAM management tools to do this. You can use a similar approach as described in Method 2 of the KB935767 to access ADAM and make a manual modification. The actual DN (Distinguished Name) of the problematic object will be unique, but in the case of a protocol definition, it would be located in CN={ProtocolUUID},CN=ProtocolDefinitions,CN=RuleElements,CN={ArrayUUID},CN=Arrays,CN=FPC2

Author

Yuri Diogenes

Security Support Engineer – Microsoft CSS Forefront Edge Team

Technical Reviewers

Jim Harrison

Program Manager - Microsoft Forefront Edge

Mohit Saxena

Technical Lead - Microsoft CSS Forefront Edge Team