Beware Windows Server 2003 SP2 — Possible Danger to Your Enterprise Edition’s Health
From Jim Harrison:
“For those of you who are considering deployment of Windows 2003 Sp2 on your ISA 2004 or 2006 CSS server, you better be reading the SP2 relnotes (you better be doing it anyway, yanumpty).
The short story is this:
If you install WS03 SP2 over ADAM RTM (as is delivered in ISA 2004 & 2006 for WS03 RTM & SP1), you will break ADAM. This does not occur if your ADAM instance was installed as part of WSo3 R2. Otherwise, you *MUST* get and install ADAM SP1 before installing WS03 SP2.
You can get ADAM SP1 (already part of WS03 R2) here:
http://www.microsoft.com/downloads/details.aspx?Fa...1034-4
EF6-A3E5-2A2A57B5C8E4
You can get Windows 2003 SP2 here:
http://www.microsoft.com/technet/windowsserver/sp2.mspx
You can check out the readme here:
http://go.microsoft.com/fwlink/?LinkId=75002
You can get the WS03 SP2 Relnotes here:
http://go.microsoft.com/fwlink/?LinkId=75107”
HTH,
Tom
Tarek Majdalani Says:
March 18th, 2007 at 1:10 pm
Hi,
Any issues related to ISA 2004/2004 SE ??
I Didn’t install WIN03 SP2 on any of my SE ISA server.
Thanks,
Tarek
Thomas Shinder Says:
March 18th, 2007 at 1:37 pm
Hi Tarek,
The issue appears to be ADAM related, so ISA SE should not have any problems. However, I haven’t tested it yet, so I can’t say for sure that there won’t be any other problems.
Tom
Tarek Majdalani Says:
March 19th, 2007 at 10:22 am
Hi Tom,
I am planning to take a ghost image of one ISA Server 2004 and installing WIN03 SP2 on it.
Will test it for a while and report back if any issues was reported.
Thanks,
Tarek
Thomas Shinder Says:
March 19th, 2007 at 10:44 am
Hi Tarek,
That will be great!
Thanks!
Tom
Cory B Says:
March 19th, 2007 at 7:27 pm
I installed win3k sp2 on several isa 2004 and 2006 se servers without incident.
Cheers
Cory
Thomas Shinder Says:
March 20th, 2007 at 7:44 am
Hi Cory,
Thanks for the info! I’ll give it a try today.
Tom
Tarek Majdalani Says:
March 20th, 2007 at 4:46 pm
Hi Again,
I’ve installed Win2k3 SP2 on my ISA 2004 SE sp2, and so far no problems were reported.
Thanks,
Tarek.
Daniel Klaeger Says:
March 21st, 2007 at 3:12 am
I installed SP2 on ISA Server 2004 Version 4.0.2165.616 - No problems found !
Hayim Says:
March 21st, 2007 at 3:40 am
checked on clean instalation - isa2004 sp2 under sbs2003 sp2:
sp2 for windows2003 (comes as part of sus) there is a conflict in rpc version that blocks rpc data from stations to server (internal>localhost and external>localhost).
2 solutions:
1. block the rpc filter under addones.
2. uninstall sp2 for windows2003…
Hayim
Brian Courtie Says:
March 21st, 2007 at 3:49 am
I’ve installed SP2 on SBS 2003 Premium R2 followed by ISA 2004 SP2 and all PPTP access has stopped working.
Brian Courtie Says:
March 21st, 2007 at 9:39 am
I have just resolved the PPTP issue using the following:
http://blogs.technet.com/sbs/archive/2007/03/19/vp...m.aspx
Henri Says:
March 21st, 2007 at 3:48 pm
ISA 2004/2006 Enterprise users wo wants to install sp2 and have load balancing enabled:
Read this:
http://www.microsoft.com/technet/community/newsgro...8e0e3c
Jason Says:
March 26th, 2007 at 6:23 pm
I am working on a new install of WS2003 R2 with SP2 and ISA 2004 sp2 and cannot for the life of me get PPTP working properly.
Thomas Shinder Says:
March 26th, 2007 at 6:26 pm
Yep, PPTP access would be stopped in its tracks due to the RSS bug. See my blog post on how SP2 can destroy your ISA Firewall! You might also find that your publishing rules and more do not work.
Tom
Jason Says:
March 26th, 2007 at 7:08 pm
!!!! I’ve been stuck on this for a week. Thank goodness for ISAServer.org and Tom. Changing the registry entry and a reboot. 2 minute fix. I am also using Dell equipment with Broadcom NetExtreme II NICs. Should I consider disabling this on ALL of the new Dell equipment purchased for this location (3×2950 and 2×1950)?
Thanks again…you made my night!
Thomas Shinder Says:
March 27th, 2007 at 5:43 am
Hi Jason,
Great! Glad we could help
Tom
Walter Bojorge Says:
March 28th, 2007 at 11:00 am
I’m traying to install ISA 2006 on Windows 2003 R2 I allrady installed the SP2, the problem is, when I install ISA 2006 the server lose communication with Active Directory… Can some one helpme.
Thomas Shinder Says:
March 28th, 2007 at 6:33 pm
Did the setup routine create the Domain Controllers computer set?
Tom
alexander Says:
March 29th, 2007 at 1:27 am
Walter Bojorge Says:
March 28th, 2007 at 11:00 am
——-
I have the same problem after installation of ISA Server 2004 SE on win2003 SP1…
setup routine didn’t create the Domain Controllers computer set.
I see errors logged in System event log related to NETLOGON (ID 5783, 5719) and Kerberos (7) and GPOs are not applyed, but domain users can be authenticated when rule require authentication.
alexander Says:
March 29th, 2007 at 2:12 am
May be this is because after installation of ISA Server I applyed template “Egde Firewall” and it deleted rules created by se.tup routine.
Tim Says:
May 24th, 2007 at 1:04 pm
I have the same problem as Water Walter. I need help from you guyz or my boss will fire me with a AK47
Michael Winter Says:
July 11th, 2007 at 9:50 am
I dont suppose any of you have come across issue with Ghost Solution Suite with these new service packs?
Pre-sp2 (2003) install my GSS worked perfectly. Post install and no client can see the server and visa versa. I dont profess to be anything other than an ISA ‘Learner driver’ and this is driving me around the bend… There was nothing in the release notes that i could see that would suggest suddenly Ghost Solutions Suite would cease to work…
Tom Shinder Says:
July 11th, 2007 at 10:00 am
Hi Michael,
Might be the RSS bug. Did you check that out yet?
Tom
Michael Winter Says:
July 12th, 2007 at 3:24 am
Hi tom,
Thanks for that this machine has broadcom netxtreme cards and when i checked the registry the setting for rss was at 1. I just need time to reboot to see what will happen.
Michael Winter Says:
July 12th, 2007 at 5:58 am
Right apparently ISA does not like multicast (according to symantec) from what ive seen so far i would have to agree with them. ISA is taking things rather literally, when gss is using the multicast id 229.55.150.208 ISA is dropping the request as it seems to think its being spoofed. Its reason is the network adapter that is sending the packet 100.0.0.183 (our local range) cannot possibly reach that address…
I tried the RSS which wasnt an immediate fix. Have you any idea on ISA and mulicasting, according to the symantec guys i should try turning multicasting off in the console, i thought i had tried that but it still seems to be broadcasting from the clients over that multicast channel…
damn this is frustrating.
Michael Winter Says:
July 12th, 2007 at 9:53 am
Apprently ISA was blocking WINS resolution… which is the secondary method for GSS. This resolves my client access issues at least! why on earth would it do this? surely this config is resolved at the dcpromo stage - completely confused.
Fawad Says:
November 14th, 2007 at 1:01 am
Iam using ISA 2004 on W2k3 server with SP2, but i did’nt find any problem during installation and running fine. But i want to upgrade to ISA 2006. what are the new fetures.
Golando Says:
March 29th, 2008 at 5:43 pm
hiya all ..
i noticed that when you have a clean install of windows 2003 then install sp2 and after that install ISA 2006 , ISA gives you problems with smtp telnet etc etc. from internal network to outside..
so i tried a clean isntall of 2003 with sp1 then install isa 2006 and all worked like a charm
then installed SP2 for 2003 and it kept working without a problem .. might be some files that get fixed in SP1 and they forgot to put it in SP2 ??
maybe this helps a few peeps resolving other issues..