Microsoft KB Archive/912943

= The Firewall service may not start when you enable 802.1Q VLAN tagging and integrated NLB in ISA Server 2004, Enterprise Edition with Service Pack 2 =

Article ID: 912943

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 2, when used with:
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition

-





SYMPTOMS
You are running Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition with Service Pack 2 (SP2). You enable 802.1Q Virtual Local Area Network (VLAN) tagging and integrated Network Load Balancing (NLB) on separate interfaces of the same network adapter. After you do this, the Firewall service may not start.



RESOLUTION
By default, ISA Server 2004 SP2 does not enable 802.1Q VLAN tagging and integrated NLB on different interfaces of a network adapter. To enable this functionality, you must run the following Microsoft Visual Basic Scripting Edition (VBScript) file on the computer that is running ISA Server 2004, Enterprise Edition with SP2. To do this, follow these steps:  Copy the following text into Notepad:

Sub AddAllowVLANandNLB

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(&quot;AllowVLANandNLB&quot;) End If

if VendorSet.Value(&quot;AllowVLANandNLB&quot;) <> true Then

Err.Clear VendorSet.Value(&quot;AllowVLANandNLB&quot;) = true

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with AllowVLANandNLB, saved!&quot; End If End If Else WScript.Echo &quot;Done with AllowVLANandNLB, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

AddAllowVLANandNLB

 In Notepad, click File, click Save As, and then type a name for the script. For example, type in the File name box, and then click Save. Run the file that you saved in step 2. Restart the Firewall service after you run the VBScript file.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



MORE INFORMATION
Notes <ul> For more information about the 802.1Q protocol that is defined by the Institute of Electrical and Electronics Engineers, Inc. (IEEE), visit the following IEEE Web site:

http://www.ieee802.org/1/pages/802.1Q.html

</li> 802.1Q functionality depends on network adapter drivers. Contact the network adapter manufacturer to determine whether a network adapter supports this protocol.</li> You cannot enable 802.1Q VLAN tagging and integrated NLB on the same interface of a network adapter. This limitation is imposed by NLB.</li> You cannot enable both 802.1Q VLAN tagging and integrated NLB on different interfaces of a network adapter on ISA Server 2004, Enterprise Edition computers. To enable this functionality, you must install ISA Server 2004 SP2 and run the VBScript file that is described in the &quot;Resolution&quot; section.</li></ul>

Keywords: kbtshoot kbprb KB912943

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.