Stefaan Pouseele Blog RSS

All Blogs  »  Stefaan Pouseele Blog  »  ISA Corner  »  Blog article: ISA Server 2006 and KB917025

ISA Server 2006 and KB917025

This week I upgraded my ISA lab from ISA Server 2004 SP2 to ISA Server 2006. The inline upgrade went very well  except on the ISA Server box ‘ISA Local’ where some third-party Web Filters were installed. Although I first deinstalled all non-compatible ISA Server 2006 third-party products, the Firewall Service refused to start because of a failure in loading the Link Translation filter as shown below:

Thereafter, a bunch of other events are logged, all linked to Web Proxy filter problems. Disabling the rules who used those third-party Web Filters fixed the problem. Hmm… apparently the deinstall procedure of those third-party Web Filters didn’t clean up the configuration very well!

Because I’m very concerned about IPSec tunnel mode site-to-site VPN connections, due to the need for integration with third-party products, the first thing I checked out was if the problem described in my blog When using an IPSec tunnel mode site-to-site VPN you are noticing frequent ISA 2004 error messages “0xC0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED” was resolved are not. I was a little bit disappointed that that issue wasn’t fixed with ISA 2006. So,  I contacted Microsoft to find out why. Apparently, because there was a valid workaround for this issue, check out KB917025 for more info, it was not worth the effort to fix the problem in ISA Server 2006. Hopefully the next ISA Server version will have a much better support for IPSec tunnel mode site-to-site VPN connections.

HTH,
Stefaan

This entry was posted on Friday, October 20th, 2006 at 7:40 am and is filed under ISA Corner. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “ISA Server 2006 and KB917025”

  1. Stefaan Pouseele Blog » Blog Archive » Redirecting OWA Users to the Correct Directories and Protocols with ISA Server 2006 Says:

    November 1st, 2006 at 7:48 am

    […] With ISA Server 2006 the solution to redirect the HTTP requests to SSL (HTTPS) requests is very easily implemented by properly configure the Connections properties of the Web Listener as explained in Tom’s blog Redirecting HTTP Requests to SSL Requests using the 2006 ISA Firewall. One of the solutions to redirect the users to the /Exchange folder was to include a special path mapping translating the root path “/” to the special Exchange path “/Exchange”. However with ISA Server 2006 this is no longer possible because it generate the Event ID 21177 as mentioned in my previous blog ISA Server 2006 and KB917025 and the following ISA Alert: […]

Leave a Reply

This is a captcha-picture. It is used to prevent mass-access by robots. (see: www.captcha.net)

You must read and type the 6 chars within 0..9 and A..F, and submit the form.

  

If CAPTCHA image is missing or you cannot read the characters above, please generate a




Receive all the latest articles by email!

Receive Real-Time & Monthly ISAserver.org article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become an ISAserver.org member!

Discuss your ISA Server issues with thousands of other ISA Server experts. Click here to join!

Solution Center