This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft Internet Security and Acceleration (ISA) Server 2004, Enterprise Edition uses Configuration Storage server as a repository for the enterprise layout and for the array member configuration. This repository is an instance of Active Directory Application Mode (ADAM). ISA Server 2004, Enterprise Edition can use certificates to authenticate communications between array members and the Configuration Storage server. Certificates are used when array members are members of a workgroup. Certificates are also used when array members are installed in a domain that does not have a trust relationship with the domain where the Configuration Storage server is located. When array members use certificates to access the Configuration Storage server, the array members access the Configuration Storage server by using an ADAM account and by using the LDAP over SSL (LDAPS) protocol. ADAM accounts are internal accounts and are not available in the ISA Server Management user interface.
An update is available that configures ADAM account settings so that these account settings do not expire. If ADAM account settings have already expired and if there is no connection between array members and the Configuration Storage server, install this update to update account settings and to renew the connection.
This article describes an ISA Server 2004, Enterprise Edition update that you can install to prevent ADAM account settings from expiring on your Configuration Storage server.
Note Install this update only on a computer that is running Microsoft Windows Server 2003.
To resolve this problem, obtain the latest service pack for Internet Security and Acceleration Server 2004. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
891024 How to obtain the latest ISA Server 2004 service pack
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Internet Security and Acceleration Server 2004 Service Pack 2.
When ISA Server 2004, Enterprise Edition uses certificate authentication between array members and the Configuration Storage server, ADAM account settings that are used during the authentication process may expire. When these account settings expire, the connection between your array members and the Configuration Storage server is broken. In this scenario, the following event is logged in the Application log on the ISA Server computer:
Event Source: Microsoft ISA Server Control Event ID: 21238 Date: date Time: time Type: Warning User: N/A Computer: ServerName Description: ISA Server cannot connect to the Configuration Storage server ConfigurationStorageServer.example.com for one of the following reasons: - The Configuration Storage server is not available. - General networking or authentication issues. - A policy misconfiguration on the array.
For information on resolving these issues, see "Troubleshooting installation and connectivity" in the ISA Server help or http://go.microsoft.com/fwlink/?LinkId=37487.
After you install this software update, the following event is logged in the Application log on the ISA Server computer:
Event Source: Microsoft ISA Server Control Event ID: 21239 Date: date Time: time Type: Warning User: N/A Computer: ServerName Description: The Configuration agent has restored its connection to the Configuration Storage server ConfigurationStorageServer.example.com.
The following file is available for download from the Microsoft Download Center:
For more information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
Update installation information
You must install this update on the Configuration Storage server. To install this update, follow these steps:
Log on to the Configuration Storage server by using an account that has administrator rights.
Important You must log on by using the same account that you used to run ISA Server Setup when you installed Configuration Storage server. If you install this update by using a different account, you receive the following error message:
Setup cannot initialize ISA Server settings.
Download and then run the update package to install this update on the Configuration Storage server.
Note You can also use an administrative installation to integrate, or slipstream, this update into the ISA Server installation point before you install Configuration Storage server. For more information about how to perform an administrative installation, visit the following Microsoft Web site: