Article ID: 894609 - View products that this article applies to.
Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition uses Configuration Storage server as a repository for the enterprise layout and for the array member configuration. This repository is an instance of Active Directory Application Mode (ADAM). ISA Server 2004, Enterprise Edition can use certificates to authenticate communications between array members and the Configuration Storage server. Certificates are used when array members are members of a workgroup. Certificates are also used when array members are installed in a domain that does not have a trust relationship with the domain where the Configuration Storage server is located. When array members use certificates to access the Configuration Storage server, the array members access the Configuration Storage server by using an ADAM account and by using the LDAP over SSL (LDAPS) protocol. ADAM accounts are internal accounts and are not available in the ISA Server Management user interface.
An update is available that configures ADAM account settings so that these account settings do not expire. If ADAM account settings have already expired and if there is no connection between array members and the Configuration Storage server, install this update to update account settings and to renew the connection.
This article describes an ISA Server 2004, Enterprise Edition update that you can install to prevent ADAM account settings from expiring on your Configuration Storage server.
Note Install this update only on a computer that is running Microsoft Windows Server 2003.
To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/891024/ )How to obtain the latest ISA Server 2004 service pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Internet Security and Acceleration Server 2004 Service Pack 2.
When ISA Server 2004, Enterprise Edition uses certificate authentication between array members and the Configuration Storage server, ADAM account settings that are used during the authentication process may expire. When these account settings expire, the connection between your array members and the Configuration Storage server is broken. In this scenario, the following event is logged in the Application log on the ISA Server computer:
Source: Microsoft ISA Server Control
Event Source: Microsoft
ISA Server Control
Download informationThe following file is available for download from the Microsoft Download Center:
Download the ISA2004EE-KB894609-X86-ENU.msp package now.
Collapse this imageExpand this image
Release Date: April 8, 2005
For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
(http://support.microsoft.com/kb/119591/ )How to obtain Microsoft support files from online services
Update installation informationYou must install this update on the Configuration Storage server. To install this update, follow these steps:
http://msdn2.microsoft.com/en-us/library/aa367541.aspxFor more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/885957/ )How to install ISA Server hotfixes and updates
(http://support.microsoft.com/kb/824684/ )Description of the standard terminology that is used to describe Microsoft software updates
Article ID: 894609 - Last Review: December 4, 2007 - Revision: 3.9
Contact us for more help
Connect with Answer Desk for expert help.