ISA Server or Windows Essential Business Server 2008 takes a long time to apply changes to the firewall configuration, or changes may not be applied to members of the array in ISA Server 2006 Enterprise Edition or in Windows Essential Business Server 2008

Article translations Article translations
Article ID: 926845 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

When you use the ISA Server Management tool or Microsoft Forefront Threat Management Gateway to change the firewall configuration in Microsoft Internet Security and Acceleration (ISA) Server 2006 or in Windows Essential Business Server 2008, you may experience the following symptoms:
  • ISA Server or Windows Essential Business Server 2008 may take a long time to apply the changes to members of the array. Or, changes may not be successfully applied to members of the array.
  • CPU and memory use by the Firewall Service (Wspsrv.exe) may be very high until the configuration changes are successfully applied.
This problem occurs if you use link translation in the Web publishing rules that are configured in the array.

CAUSE

This problem occurs because of a limitation of the link translation filter in ISA Server 2006 or in Windows Essential Business Server 2008. For each public name that appears in a Web publishing rule and that uses link translation, ISA Server 2006 or Windows Essential Business Server 2008 parses all the Web publishing rules that are configured in the array.

The problem may be more severe when there are more publishing rules for the array or for the ISA Server computer or for the Windows Essential Business Server 2008 computer.

RESOLUTION

To resolve this problem, apply the hotfix package that is described in Microsoft Knowledge Base article 926846, and then enable the functionality that the hotfix package provides. For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
926846 Description of the ISA Server 2006 hotfix package that is dated October 23, 2006

To enable the functionality that the hotfix package provides

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.

To enable the functionality that the hotfix package provides, run the following script.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_VALUE = "BypassRulesWithDisabledLT"
 
Sub BypassDisabledLT()
 
    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")
 
    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim Extensions  ' An FPCExtensions object
    Dim WebFilters  ' An FPCWebFilters object
    Dim WebFilter   ' An FPCWebFilter object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object
 
    ' Get references to the array object
    Set array = root.GetContainingArray
 
    On Error Resume Next
 
    Set Extensions = array.Extensions
    CheckError
 
    Set webFilters = Extensions.WebFilters
    CheckError
 
    Set WebFilter = WebFilters.Item("{9DEEF135-75DB-4aab-B2AC-314FBC98EF14}")
 
    Set VendorSets = WebFilter.VendorParametersSets
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )
 
    If Err.Number <> 0 Then
        Err.Clear
 
        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name
 
    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_VALUE)
    End If
 
    VendorSet.Value(SE_VPS_VALUE) = true
 
    WebFilter.Save false, true
 
    WScript.Echo "Done..."
 
End Sub
 
Sub CheckError()
 
    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If
 
End Sub
 
BypassDisabledLT

To disable the functionality that the hotfix package provides

To restore ISA Server 2006 to its default behavior, run the following script.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_VALUE = "BypassRulesWithDisabledLT"
 
Sub BypassDisabledLT()
 
    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")
 
    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim Extensions  ' An FPCExtensions object
    Dim WebFilters  ' An FPCWebFilters object
    Dim WebFilter   ' An FPCWebFilter object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object
 
    ' Get references to the array object
    Set array = root.GetContainingArray
 
    On Error Resume Next
 
    Set Extensions = array.Extensions
    CheckError
 
    Set webFilters = Extensions.WebFilters
    CheckError
 
    Set WebFilter = WebFilters.Item("{9DEEF135-75DB-4aab-B2AC-314FBC98EF14}")
 
    Set VendorSets = WebFilter.VendorParametersSets
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )
 
    If Err.Number <> 0 Then
        Err.Clear
 
        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name
 
    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_VALUE)
    End If
 
    VendorSet.Value(SE_VPS_VALUE) = false
 
    WebFilter.Save false, true
 
    WScript.Echo "Done..."
 
End Sub
 
Sub CheckError()
 
    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If
 
End Sub
 
BypassDisabledLT

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Properties

Article ID: 926845 - Last Review: January 17, 2007 - Revision: 1.2
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Windows Essential Business Server 2008 Standard
Keywords: 
kbfirewall kbtshoot kbfix kbbug kbprb KB926845

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com