An update is available to prevent Configuration Storage server account settings from expiring when you use certificate authentication in ISA Server 2004, Enterprise Edition (894609)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition, when used with:
    • Microsoft Windows Server 2003, Enterprise Edition
    • Microsoft Windows Server 2003, Standard Edition

SUMMARY

Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition uses Configuration Storage server as a repository for the enterprise layout and for the array member configuration. This repository is an instance of Active Directory Application Mode (ADAM). ISA Server 2004, Enterprise Edition can use certificates to authenticate communications between array members and the Configuration Storage server. Certificates are used when array members are members of a workgroup. Certificates are also used when array members are installed in a domain that does not have a trust relationship with the domain where the Configuration Storage server is located. When array members use certificates to access the Configuration Storage server, the array members access the Configuration Storage server by using an ADAM account and by using the LDAP over SSL (LDAPS) protocol. ADAM accounts are internal accounts and are not available in the ISA Server Management user interface.

An update is available that configures ADAM account settings so that these account settings do not expire. If ADAM account settings have already expired and if there is no connection between array members and the Configuration Storage server, install this update to update account settings and to renew the connection.

INTRODUCTION

This article describes an ISA Server 2004, Enterprise Edition update that you can install to prevent ADAM account settings from expiring on your Configuration Storage server.

Note Install this update only on a computer that is running Microsoft Windows Server 2003.

RESOLUTION

To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

891024 How to obtain the latest ISA Server 2004 service pack

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Internet Security and Acceleration Server 2004 Service Pack 2.

MORE INFORMATION

When ISA Server 2004, Enterprise Edition uses certificate authentication between array members and the Configuration Storage server, ADAM account settings that are used during the authentication process may expire. When these account settings expire, the connection between your array members and the Configuration Storage server is broken. In this scenario, the following event is logged in the Application log on the ISA Server computer:Event Source: Microsoft ISA Server Control
Event ID: 21238
Date: date
Time: time
Type: Warning
User: N/A
Computer: ServerName
Description: ISA Server cannot connect to the Configuration Storage server ConfigurationStorageServer.example.com for one of the following reasons:
- The Configuration Storage server is not available.
- General networking or authentication issues.
- A policy misconfiguration on the array.

For information on resolving these issues, see "Troubleshooting installation and connectivity" in the ISA Server help or
http://go.microsoft.com/fwlink/?LinkId=37487. After you install this software update, the following event is logged in the Application log on the ISA Server computer: Event Source: Microsoft ISA Server Control
Event ID: 21239
Date: date
Time: time
Type: Warning
User: N/A
Computer: ServerName
Description: The Configuration agent has restored its connection to the Configuration Storage server
ConfigurationStorageServer.example.com.

Download information

The following file is available for download from the Microsoft Download Center:


DownloadDownload the ISA2004EE-KB894609-X86-ENU.msp package now.

Release Date: April 8, 2005

For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Update installation information

You must install this update on the Configuration Storage server. To install this update, follow these steps:
  1. Log on to the Configuration Storage server by using an account that has administrator rights.

    Important You must log on by using the same account that you used to run ISA Server Setup when you installed Configuration Storage server. If you install this update by using a different account, you receive the following error message:
    Setup cannot initialize ISA Server settings.
  2. Download and then run the update package to install this update on the Configuration Storage server.
Note You can also use an administrative installation to integrate, or slipstream, this update into the ISA Server installation point before you install Configuration Storage server. For more information about how to perform an administrative installation, visit the following Microsoft Web site:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/administrative_installation.asp

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

885957 How to install ISA Server hotfixes and updates

824684 Description of the standard terminology that is used to describe Microsoft software updates

Modification Type:MinorLast Reviewed:10/12/2006
Keywords:kbISA2006Swept kberrmsg kbPreInstall kbFirewall ATdownload kbBug kbfix kbHotfixServer KB894609 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.