Last year Rayne Wiselman wrote in the ISABlog about the Windows Server 2008 DNS Block Feature and how this behavior can impact ISA Server deployments. With MS09-008 applied, the wpad and isatap blocking behavior is now present in Windows XP Professional (x64), Windows Server 2000 (SP4) and Windows Server 2003 (SP1 and SP2). Microsoft knowledgebase…
Year: 2009
Clients receives error 691 trying to connect to ISA Server 2006 as VPN Server
1. Introduction When ISA Server 2006 is configured to be a VPN Server there is always a doubt of what to do when something happens and data needs to be gathered since there are two major components in use: ISA Server and Windows RRAS. Depending on the error message you might be able to…
SQL Server 2005 Express Edition Service Pack 3 fails to install on a TMG machine
Problem description As you know, Forefront Threat Management Gateway (TMG) Beta2 and TMG Medium Business Edition (that ships in Windows Essential Business Server 2008) make use of SQL Server 2005 Express Edition (SSE) and SQL 2005 Reporting Services for the logging and reporting. Very recently we have encountered setup errors of SSE 2005 Service Pack…
Best practices for configuring ISA/TMG to allow SQM data
Consider a scenario where you have an Access Rule in ISA/TMG that uses a Domain Name Set for non web traffic (other than HTTP and HTTPS ) especially like selecting “All Outbound Traffic” then ISA will perform a reverse lookup to check whether destination IP is same as in the defined Domain set. Depending on…
Unable to Start Microsoft Firewall Service in ISA Server 2006
1. Introduction This scenario is based on a real experience that I was able to reproduce in a lab. The issue was that the Microsoft Firewall Service was not starting and was showing the following error message when tries to manually start: Figure 1 – Error trying to manually start Microsoft Firewall…
It worked for us: honey pot sensor catches malware
A terrific demonstration of the value of the Security Assessment Sharing (SAS) feature of Microsoft Forefront Codename “Stirling” just took place inside of one of the labs that we configured for testing. In the lab environment, a Forefront Threat Management Gateway (TMG) using the SAS technology was able to identify that one of the lab…
Internet Security and Acceleration (ISA) Server 2006 is Common Criteria Evaluated
I am very excited to announce to the community that we have completed our Common Criteria evaluation of ISA Server 2006 for both the Standard and Enterprise Editions. We started this evaluation during the development cycle of ISA 2006 and the evaluation and associated certification are now complete. Microsoft Internet Security & Acceleration (ISA) Server…
New Articles at Tales from the Edge
We just published two new articles at Tales from the Edge Community Site. Check it out here: Another Look at Server Publishing in ISA Server 2006 http://technet.microsoft.com/en-us/library/dd547089.aspx Considerations when Renewing Web Listener Certificates on ISA Server 2006 http://technet.microsoft.com/en-us/library/dd547090.aspx Gabriel Koren, TMG Server Test Team
How to Allow HTTP 301 through ISA Server 2006
Introduction When you publish a web site through ISA Server 2006, you can configure the action to take for requests that match that rule to deny (see Figure 1) and redirect the user for another URL. What is happening behind the scenes is that ISA Server 2006 sends an HTTP 302 redirect to the…
Cannot Browse a HTTPs Site Published by ISA Server 2006 without using TLS 1.0 on Internet Explorer
1. Problem This week I got a really interesting collaboration call from Michael Hunter from Directory Services Team where customer was having problem to access a HTTPS site published through ISA Server 2006 using a certificate issued by an internal CA. In summary the access to the HTTPS web site published by ISA Server…