Microsoft KB Archive/926845

= ISA Server takes a long time to apply changes to the firewall configuration, or changes may not be applied to members of the array in ISA Server 2006 Enterprise Edition =

Article ID: 926845

Article Last Modified on 1/17/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

-



SYMPTOMS
When you use the ISA Server Management tool to change the firewall configuration in Microsoft Internet Security and Acceleration (ISA) Server 2006, you may experience the following symptoms:
 * ISA Server may take a long time to apply the changes to members of the array. Or, changes may not be successfully applied to members of the array.
 * CPU and memory use by the Firewall Service (Wspsrv.exe) may be very high until the configuration changes are successfully applied.

This problem occurs if you use link translation in the Web publishing rules that are configured in the array.



CAUSE
This problem occurs because of a limitation of the link translation filter in ISA Server 2006. For each public name that appears in a Web publishing rule and that uses link translation, ISA Server 2006 parses all the Web publishing rules that are configured in the array.

The problem may be more severe when there are more publishing rules for the array or for the ISA Server computer.



RESOLUTION
To resolve this problem, apply the hotfix package that is described in Microsoft Knowledge Base article 926846, and then enable the functionality that the hotfix package provides. For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:

926846 Description of the ISA Server 2006 hotfix package that is dated October 23, 2006

To enable the functionality that the hotfix package provides
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

To enable the functionality that the hotfix package provides, run the following script.  ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED.  Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_VALUE = &quot;BypassRulesWithDisabledLT&quot; Sub BypassDisabledLT ' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;) 'Declare the other objects needed. Dim array      ' An FPCArray object Dim Extensions ' An FPCExtensions object Dim WebFilters ' An FPCWebFilters object Dim WebFilter  ' An FPCWebFilter object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object ' Get references to the array object Set array = root.GetContainingArray On Error Resume Next Set Extensions = array.Extensions CheckError Set webFilters = Extensions.WebFilters CheckError Set WebFilter = WebFilters.Item(&quot;{9DEEF135-75DB-4aab-B2AC-314FBC98EF14}&quot;) Set VendorSets = WebFilter.VendorParametersSets Set VendorSet = VendorSets.Item( SE_VPS_GUID ) If Err.Number <> 0 Then Err.Clear ' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_VALUE) End If   VendorSet.Value(SE_VPS_VALUE) = true WebFilter.Save false, true WScript.Echo &quot;Done...&quot; End Sub Sub CheckError If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If End Sub BypassDisabledLT

To disable the functionality that the hotfix package provides
To restore ISA Server 2006 to its default behavior, run the following script.  ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED.  Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_VALUE = &quot;BypassRulesWithDisabledLT&quot; Sub BypassDisabledLT ' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;) 'Declare the other objects needed. Dim array      ' An FPCArray object Dim Extensions ' An FPCExtensions object Dim WebFilters ' An FPCWebFilters object Dim WebFilter  ' An FPCWebFilter object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object ' Get references to the array object Set array = root.GetContainingArray On Error Resume Next Set Extensions = array.Extensions CheckError Set webFilters = Extensions.WebFilters CheckError Set WebFilter = WebFilters.Item(&quot;{9DEEF135-75DB-4aab-B2AC-314FBC98EF14}&quot;) Set VendorSets = WebFilter.VendorParametersSets Set VendorSet = VendorSets.Item( SE_VPS_GUID ) If Err.Number <> 0 Then Err.Clear ' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_VALUE) End If   VendorSet.Value(SE_VPS_VALUE) = false WebFilter.Save false, true WScript.Echo &quot;Done...&quot; End Sub Sub CheckError If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If End Sub BypassDisabledLT



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbfirewall kbtshoot kbfix kbbug kbprb KB926845

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.