Microsoft KB Archive/921130

= You cannot use Routing and Remote Access service logging after you change the firewall policy on a Windows Server 2003-based computer that is also running ISA Server 2004 =

Article ID: 921130

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
Consider the following scenario:
 * You have a Microsoft Windows Server 2003-based computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.
 * You configure the server as a Routing and Remote Access server.
 * You configure as Windows Authentication the authentication provider for remote access clients.
 * You configure as Windows Accounting the accounting provider that maintains a log of connection requests.
 * You enable Routing and Remote Access service logging to log accounting requests to a local file.

In this scenario, when you make a configuration change to the ISA Server firewall policy, you may experience the following behavior:
 * The accounting provider configuration is changed and set as none.
 * The accounting requests option in the Routing and Remote Access server is not available.
 * The Routing and Remote Access server does not log accounting information.



CAUSE
ISA Server 2004 Services overwrites changes that are made to the Routing and Remote Access service. You may reconfigure the accounting provider configuration by selecting Windows Accounting. However, when there is a configuration change to the ISA Server firewall policy, you may experience the behavior that is mentioned in the &quot;Symptoms&quot; section. This is the expected behavior in ISA Server 2004.



RESOLUTION
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

To resolve this behavior, you can use the Visual Basic script that is described in this section. The logging option is not available as an ISA User Interface. You can only set the logging option by using a script. To do this, follow these steps.  Click Start, point to Programs, point to Accessories, and then click Notepad. Copy and paste the following code into a new Notepad document, and then save it to a file name with a .vbs extension, such as .vbs :

******************************** set fpc = CreateObject(&quot;FPC.Root&quot;) set arr = fpc.GetContainingArray set vpn = arr.NetworkConfiguration.VpnConfiguration 'RADIUS accounting must be disabled before enabling windows accounting vpn.EnableRADIUSAccounting = false 'enable windows accounting vpn.EnableWindowsAccounting = true vpn.Save '********************************

 To run the code, type the following command at a command prompt, and then press ENTER:

cscript .vbs

 Click Start, click Run, type regedit, and then click OK. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Fpc\Storage\Array-Root\Arrays\GUID\NetConfig\VpnConfig

 Make sure that the following registry entries are set to the correct values: </li> Exit Registry Editor.</li></ol>

Keywords: kbtshoot kbbug KB921130

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.