Microsoft KB Archive/922946

= ISA Server 2004 Standard Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails =

Article ID: 922946

Article Last Modified on 9/27/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-





SYMPTOMS
If MSDE logging is enabled, and you change the default behavior that puts the firewall into lockdown mode and stops the Microsoft Firewall service when logging fails, Microsoft Internet Security and Acceleration (ISA) Server 2004, Standard Edition might start accumulating log records in memory and eventually stop responding in heavy traffic.



CAUSE
By default, when logging fails, ISA Server automatically goes into lockdown mode and stops the Microsoft Firewall Service. This problem occurs if you change this default behavior by using either of the following procedures:  You disable &quot;Stop selected services settings&quot; on the Log Failure alert properties. To check this setting in ISA Server Management, follow these steps:  Click the Monitoring node, and then click the Alerts tab. In the Task pane, click Configure Alert Definitions. Double-click the Log Failure alert, and verify that the Stop selected services checkbox is selected under the Actions tab.  You run the DisableLockdownOnLogFailure.vbs script that is available at the following Microsoft TechNet Web site:

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/disablelockdownonlogfailure.mspx

</ul>

<div class="workaround_section">

WORKAROUND
To work around this issue, use text logging instead of MSDE logging. To configure text logging, follow these steps:
 * 1) In the ISA Server Management console tree, click Monitoring, and then click the Logging tab in the center pane.
 * 2) In the right pane, click the Tasks tab, and then click the appropriate task. Use the following guidelines to determine the appropriate task:
 * 3) * To log the Firewall service data in a file, click Configure Firewall Logging.
 * 4) * To log the Web Proxy service data in a file, click Configure Web Proxy Logging.
 * 5) * To log the SMTP message screener service in a file, click Configure SMTP Message Screener Logging.
 * 6) On the Log tab, click File.
 * 7) If you want to confirm or to modify any of the following settings, click Options:
 * 8) * Store the log files in
 * 9) * Log file storage limits
 * 10) * Maintain log storage limits by
 * 11) * Delete log files older than
 * 12) * Compress log files

<div class="resolution_section">

RESOLUTION
To resolve this problem, install the ISA Server 2004 hotfix rollup package that is described in the following Microsoft Knowledge Base article:

923330 Description of the ISA Server 2004 hotfix package: July 27, 2006

To resolve this problem in ISA Server 2004, Enterprise Edition, see the following Microsoft Knowledge Base article:

920893 ISA Server 2004 Enterprise Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbhotfixserver kbqfe kbfix kbbug kbpubtypekc KB922946

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.