ISA Server 2004 Standard Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails (922946)


The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition

SYMPTOMS

If MSDE logging is enabled, and you change the default behavior that puts the firewall into lockdown mode and stops the Microsoft Firewall service when logging fails, Microsoft Internet Security and Acceleration (ISA) Server 2004, Standard Edition might start accumulating log records in memory and eventually stop responding in heavy traffic.

CAUSE

By default, when logging fails, ISA Server automatically goes into lockdown mode and stops the Microsoft Firewall Service. This problem occurs if you change this default behavior by using either of the following procedures:
  • You disable "Stop selected services settings" on the Log Failure alert properties. To check this setting in ISA Server Management, follow these steps:
    1. Click the Monitoring node, and then click the Alerts tab.
    2. In the Task pane, click Configure Alert Definitions.
    3. Double-click the Log Failure alert, and verify that the Stop selected services checkbox is selected under the Actions tab.
  • You run the DisableLockdownOnLogFailure.vbs script that is available at the following Microsoft TechNet Web site:

    http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/disablelockdownonlogfailure.mspx

WORKAROUND

To work around this issue, use text logging instead of MSDE logging. To configure text logging, follow these steps:
  1. In the ISA Server Management console tree, click Monitoring, and then click the Logging tab in the center pane.
  2. In the right pane, click the Tasks tab, and then click the appropriate task. Use the following guidelines to determine the appropriate task:
    • To log the Firewall service data in a file, click Configure Firewall Logging.
    • To log the Web Proxy service data in a file, click Configure Web Proxy Logging.
    • To log the SMTP message screener service in a file, click Configure SMTP Message Screener Logging.
  3. On the Log tab, click File.
  4. If you want to confirm or to modify any of the following settings, click Options:
    • Store the log files in
    • Log file storage limits
    • Maintain log storage limits by
    • Delete log files older than
    • Compress log files

RESOLUTION

To resolve this problem, install the ISA Server 2004 hotfix rollup package that is described in the following Microsoft Knowledge Base article:

923330 Description of the ISA Server 2004 hotfix package: July 27, 2006

To resolve this problem in ISA Server 2004, Enterprise Edition, see the following Microsoft Knowledge Base article:

920893 ISA Server 2004 Enterprise Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Modification Type:MajorLast Reviewed:9/27/2006
Keywords:kbQFE kbfix kbbug kbhotfixserver kbpubtypekc KB922946 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.