Converting a 2000 KB to a 2004 KB

On January 25, 2006, in ISA Server, by

“Connection Error: 10057” error message when you try to connect to the Lacerte Web site or to download updates of the Lacerte Tax program in SBS 2000 or in SBS 2003:;en-us;839503

So that KB is written for ISA 2000…and we need to 2004ish it….

So in 2000 we build protocol wizards… so how do we poke these holes in 2004?  Let’s see if we can figure this out…the KB says for 2000 we need to enter ‘protocol definitions’ and poke inbound ports in 10010, 10020, 10030, 10040, 10050, 10051, 10052, 10060, 10070 and 10099. [I know…yuck and stupid but that’s Lacerte for you who is owned by Intuit].

So….we go first to the 2004 interface and expand the tree under the domain name, and then look for “Firewall Policy”.  On the right hand side we have a section that has tabs for “Toolbox”, “Tasks”, and “Help”.  Let’s click on Tasks.  See that “Firewall Policy Task” there?  See “Create New Access Rule”? 

Okay lets start the wizard there….let’s call it a new access name..Lacerte….and click next, now click “Allow” and then “next”, then change this rule to “Selected Protocols”, and click “Add”, then click “New”, the “Protocol”, now define the Protocol, I’d call it something like “Lacerte TCP” just to be descriptive, click “next”, now click new and build a list of those inbound connections as shown above.  Click “next”, and say “no” to secondary connections, then click “next”, run the ‘protocol’ wizard.  Now in the back in the add protocol section, find that Lacerte protocol you just built, add it, click close, and now you should see in the “selected protocols screen” the “Lacerte Protocol”.  Click “Next”, and from the ‘applies to traffic from these sources, you can either say from external [probably not too wise] or build a new set of IP address ranges that include the to and then add an additional one for  Click “next”, then for the next screen where you are specifiying the destination, I think that’s “Internal” is what you want but I’ll probably run this by Chad and Amy to see if there’s a ‘tighter’ way to do this.  Click “next”, and the request should be only for SBS users on your network so click “next” for SBS Internet Users”, and remove the “all users” that is the default.

Click next… and that should be it….. I think…and don’t forget to hit “Apply” at the top to ensure that the rule has been applied.

I’m glad I’m running CCH these days… it doesn’t need all these icky ports and instead will just go out port 80/443 as needed.

(Please note… we found that the Lacerte rule posted by Amy works …rather than the instructions here converting the ISA 2000 info)


2 Responses to Converting a 2000 KB to a 2004 KB

  1. Matthew Frahm, CPA.CITP says:


    I just found out yesterday that CCH’s ProSystem fx Engagement 4.0 (we just upgraded from 3.5) requires local admin rights to run properly. I expressed by disappointment at their step backward with the new version.

    Time to start hacking away with filemon once the lab network is up and running, I guess.

  2. Amy says:

    Oh great. I have a CCH client too. Thanks for the heads up.