You are not prompted to restart Windows when you reinstall ISA Server 2004 (838133)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

SYMPTOMS

When you install Microsoft Internet Security and Acceleration (ISA) Server 2004 on a Microsoft Windows 2000-based computer or on a Microsoft Windows Server 2003-based computer, you receive the following message:You must restart your system for the configuration changes made to Microsoft ISA Server to take effect. Click Yes to restart now or No if you plan to restart later.However, if you subsequently remove and then reinstall ISA Server 2004, you are not prompted to restart your computer.

CAUSE

This behavior occurs because of the configuration changes that the ISA Server 2004 Setup program makes to Windows. The ISA Server Setup program modifies the following registry subkey to set the value of the SynAttackProtect registry entry to 2:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TcpIp\Parameters

To take effect, this registry change requires that you restart the computer. However, if you subsequently remove ISA Server 2004, the Setup program does not remove this registry entry. Therefore, when you later reinstall ISA Server 2004, you are not prompted to restart the computer.

MORE INFORMATION

If you install ISA Server on a Windows 2000-based computer where the value of the SynAttackProtect registry entry is already set to 2, you may still be prompted to restart your computer when the Setup program completes the installation. This behavior occurs because the Microsoft SQL Server 2000 Desktop Engine installation updates Microsoft Data Access Components (MDAC) from version 2.5 to version 2.7. This MDAC update operation requires that you restart Windows. However, MDAC is only updated when you first install ISA Server 2004. If you remove and then reinstall ISA Server 2004, you do not have to restart Windows, because the correct version of MDAC is already installed.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

324270 How to harden the TCP/IP stack against Denial of Service attacks in Windows Server 2003

Modification Type:MajorLast Reviewed:9/1/2004
Keywords:kbDeployment kbFirewall kbenv kbprb KB838133 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.