ISA hot topics

>>> HOT TOPICS for OCTOBER 2007 <<<

The following “hot topics” were posted and resolved during the month of
September:

ISSUE
=====
When you try to access external FTP sites in an ISA environment, you may
experience ISA error message:

ISA Server: extended error message :
200 Type set to I.
200 PORT command successful.
550 Permission denied on server.  You are restricted to your account.

This mostly occurs when you visit some FTP sites which needs authentication
in IE7 using the URL form
ftp://username:password@ftp.site.com.

In IE6
——-
You can also access the FTP site using the URL
ftp://ftp.site.com. It will
prompts you to input username and password. After inputting username and
password, you can access the ftp site.

In IE7
——-
No matter what types of clients you are using (SecureNAT, web-proxy(BTW, it
will not work with folder view enabled) or firewall client). You just cannot
access it successfully.

CAUSE
======
This is because folder view is disabled in IE7, this is by design. This is
controlled by windows shell. Internet Explorer 6 and the Windows shell were
basically the same program but used different user interface (UI) entry
points. However, IE7 install new component of its own, it is not the same
program of Windows shell.

RESOLUTION
===========
To workaround the issue, you must access the website in Windows Explorer.

MORE INFORMATION
=================
Separation of Internet Explorer 7 from the Windows shell
http://support.microsoft.com/?id=928675



ISSUE
=====
ISA firewall service failed to start after you installed ISA 2004 Server on
the SBS. When we manually start firewall service, it retuned “Windows could
not start the Microsoft firewall on local computer. For more info review the
Event Log.  If this is a non-Microsoft service, contact the vendor and refer
to service specific error code -2147221005″.

In application log, you got Firewall error 14001: “The description for Event
ID ( 14001 ) in Source ( Microsoft Firewall ) cannot be found. The local
computer may not have the necessary registry information or message
DLL files to display messages from a remote computer. You may be able to use
the /AUXSOURCE= flag to retrieve this description; see Help and Support for
details.

Reinstalled ISA Server, however this issue persists.

CAUSE
======
Corrupted registry or components.

RESOLUTION
===========
Check the permission on following registry keys:

HEKY_CLASSES_ROOT/Fpc.FPCFilterExpressions
HEKY_CLASSES_ROOT /Fpc.FPCFilterExpressions.1 HEKY_CLASSES_ROOT /FPC.Root
HEKY_CLASSES_ROOT /FPC.Root.1 HEKY_CLASSES_ROOT /FPCSTG HEKY_CLASSES_ROOT
/FPCSTG.1 HEKY_CLASSES_ROOT /FPCSTG.FPCStorageEnvironment HEKY_CLASSES_ROOT
/FPCSTG.FPCStorageEnvironment.1 HEKY_CLASSES_ROOT /FPCSTG.FPCStorageFactory
HEKY_CLASSES_ROOT /FPCSTG.FPCStorageFactory.1

Set the above registry keys with following permission:

Administrator – Full Control
System – Full Control
Network Service – Full control
Authenticated Users – Full Control
Creator Owner – Full Control
Server Operators – Full Control


ISSUE
=====
OWA access problem via ISA 2006.  Error Code: 500 Internal Server Error. The
number of HTTP requests per minute exceeded the configured limit. Contact
the server administrator. (12219).


CAUSE
======
Incorrect authentication method, FBA was enabled on both ISA and Exchange.


RESOLUTION
===========
Disabled FBA on Exchange server and enabled it on the ISA web listener.

MORE INFORMATION
=================
Publishing Exchange Server 2003 with ISA Server 2006
http://www.microsoft.com/technet/isa/2006/deployment/exchange2003.mspx

Comments are closed.

Post Navigation