We’ve seen a few cases now where ISA Hotfix 916106 does not prompt for a reboot, as the hotfix indicates it should. The hotfix does, however, successfully install. In addition, after the hotfix is installed the following services will be in a stopped state:
- Microsoft Firewall
- Exchange Routing Engine
- Simple Mail Transfer Protocol (SMTP)
- World Wide Web Publishing Service
The Microsoft Firewall service not restarting will throw ISA in to lockdown mode, which can potentially prevent remote administrators from being able to connect to manually reboot the server. In either case, the server should be rebooted.
So, to prevent this, we are recommending that you install the hotfix manually using this command line:
msiexec <path to patch .msp file>ISA2004SE-KB916106-x86-ENU.msp REBOOT=FORCE
Special thanks to Susan Bradley, Marina Roos, Charlie Russel, Chris Hanna, and everyone else who helped for their work in testing and for bringing this to our attention.
Update: KB article has been edited – http://support.microsoft.com/default.aspx?scid=kb;EN-US;916106