Released: ISA 2006 Service Pack 1

by Bharat Suneja

ISA Server 2006 SP1 has been released. SP1 brings some new features, and improvements such as support for SAN certificates. Download SP1.

New features:

  • Configuration Change Tracking: Registers all configuration changes applied to ISA Server to help you assess issues that may occur as a result of these changes.
  • Test Button: Tests the consistency of a Web publishing rule between the published server and ISA Server.
  • Traffic Simulator:Simulates network traffic in accordance with specified request parameters, such as an internal user and the Web server, providing information about firewall policy rules evaluated for the request.

  • Diagnostic Logging Viewer: Now integrated as a tab into the ISA Server Management console, this feature displays detailed events on packet progress and provides information about handling and rule matching.

Improvements for existing features:

  • Support for integrated NLB mode in all three modes, including unicast, multicast, and multicast with Internet Group Management Protocol (IGMP). Previously, ISA Server integrated NLB-supported unicast mode only.
  • Support for use of server certificates containing multiple Subject Alternative Name (SAN) entries. Previously, ISA Server was able to use either only either the subject name (common name) of a server certificate, or the first entry in the SAN list.
  • Support for KCD cross-domain authentication. Credentials from users located in a different domain than the ISA Server, but in the same Forest, can now be delegated to an internal published Web site by using KCD .
  • Support for client certificate authentication in a workgroup deployment. This removes the requirement to map each client certificate to an Active Directory® directory user account when forms-based authentication is used as the primary authentication method and client certificates are used as the secondary method.

SP1 fixes the following issues:

  • 894679 Users who do not have the appropriate permissions can receive restricted content from ISA Server 2004
  • 920913 Error message in response to some HTTP requests on client computers that are running ISA Server 2004 as a proxy server: “400 Bad Request”
  • 921944 A client computer takes longer than expected to connect to a Web site through an ISA Server 2004 Web proxy server
  • 922851 You receive a blank page when your Web browser submits a POST request to an ASP Web site over an ISA Server 2004 access rule that requires client authentication
  • 922899 An ISA Server 2004 Web chaining rule may not redirect requests to the specified port
  • 923318 Error message in SecureNAT clients after you configure a Web chaining rule to forward HTTP as HTTPS in ISA Server 2004: “The target principal name is incorrect”
  • 923322 A large file download fails when an ISA Server 2004 SOCKS client computer uses passive mode FTP
  • 923765 The Microsoft Firewall service stops responding to client computer requests and Event IDs 7034, 14057, and 1000 are logged after you publish an OWA server in ISA Server 2004
  • 923766 A client computer may not be authenticated by ISA Server 2004 when you use integrated Windows authentication
  • 924405 Client computers cannot download attachments when you use ISA Server 2004 or ISA Server 2006 forms-based authentication and run a third-party OWA add-in program to manage attachments
  • 925288 One or more published sites may stop being available if you create more than 300 Web site publishing rules in ISA Server 2006 Enterprise Edition
  • 928273 Users may receive slow responses when you enable the Cache Array Routing Protocol in ISA Server 2004, Enterprise Edition
  • 929818 You receive an error message when you try to install or to run Windows Vista: “The Software Licensing Service reported that the license is invalid”
  • 930415 You cannot apply an OWA Web publishing rule that redirects users who connect to the root of the OWA Web site to an internal folder by using ISA Server 2006
  • 933523 When an Internet Security and Acceleration Server 2004 client performs an action that uses the HTTP POST method, the action may be performed multiple times
  • 934022 An ISA Server 2004 downstream server does not reuse the TCP connections to a third-party upstream server
  • 935767 The authentication delegation in the existing Web publishing rules does not work after you upgrade ISA Server 2004 Enterprise Edition to ISA Server 2006 Enterprise Edition
  • 938465 Error message when you try to access Web sites through a downstream server after you enable hotfix 927265 on an upstream server that is running ISA Server 2004: “502 Proxy Error”
  • 938550 An update enables multicast operations for ISA Server integrated NLB
  • 940659 Error message when you try to visit a Web site that is published in ISA Server 2004: “HTTP error 500: network name no longer exists”
  • 940708 The “401 Authentication Required” response that is sent by a Web site is dropped when you use ISA Server 2004 as a Web proxy
  • 941162 In ISA Server 2006, you cannot set a session time-out for private computers in a Web listener that has the RSA SecurID authentication method configured
  • 941296 An ISA Server 2006 computer may stop responding under a heavy load
  • 941634 After an ISA Server 2006 application filter establishes an HTTP connection, the connection closes before it can be used, and a “0x80004001 (E_NOTIMPL)” status code is logged
  • 941870 Only 1,000 PPTP ports and 1,000 L2TP ports are open in Routing and Remote Access if the maximum number of VPN clients is set to more than 1,000 in ISA Server 2006
  • 942313 Web pages do not appear as expected when you publish a Web site by using a publishing rule in Internet Security and Acceleration (ISA) Server 2006
  • 942637 A user cannot access a Web site that is published in ISA Server 2006 by using Kerberos constrained delegation if the user is not in the same domain as the ISA Server computer
  • 942638 POST requests that do not have a POST body may be sent to a Web server that is published in ISA Server 2006
  • 943200 The Microsoft Firewall service stops unexpectedly on a computer that is running ISA Server 2004
  • 943212 You cannot filter the RPC traffic based on universally unique identifiers (UUID) by using an access rule in ISA Server 2006
  • 943214 When you publish a back-end ISA Server 2006 computer on a front-end ISA Server 2006 computer that faces the Internet, you cannot enable forms-based authentication on both computers
  • 944699 The Microsoft Firewall service stops unexpectedly if a Web filter is used on a computer that is running ISA Server 2006
  • 944764 Requests that have large request bodies may fail when you publish a Web site in ISA Server 2006
  • 944824 Stop error message on a computer that has ISA Server 2006 installed: You receive a “Stop 0x0000007f”
  • 945224 ISA Server 2006 may forward requests to an incorrect Web server when a client computer accesses Web sites that have different public names in the same session
  • 945524 Some Web servers that are published in ISA Server 2006 by using the Web Publishing Load Balancing feature may be incorrectly detected as unavailable at random times
  • 945814 Error message when you try to change the password of a user account even if you configure ISA Server 2006 to allow users to change their passwords
  • 945882 HTTP SEARCH requests that do not have a SEARCH body may be sent to a Web server that is published in ISA Server 2006
  • 947254 A computer that is running ISA Server 2006 may randomly stop routing packets from certain VPN clients or from certain VPN site-to-site networks
  • 947255 Packets from the branch office may not reach the destination servers in the central office over a site-to-site VPN connection that you create through ISA Server 2006
  • 947521 When HTTP compression is enabled in Web publishing rules in ISA Server 2006, the compression filter may be unable to handle HTTP responses
  • 948711 A report may not display HTTPS traffic in ISA Server 2006
  • 949628 The Microsoft Firewall service crashes randomly when you use ISA Server 2006 to publish a Web server by enabling forms-based authentication
  • 950139 The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation
  • 951508 When you use ISA Server 2006 to publish a Web server, and authentication delegation is enabled, some Web content may not be displayed correctly when a user accesses the published Web server
  • 951509 Users cannot access a Web site that is published in ISA Server 2006 if the Web site accepts only the SPNEGO authentication package
  • 950150 Error message when you open a .gz file that you downloaded through an ISA Server 2004 Web proxy server: “Invalid archive directory”
  • 952675 You cannot log on to a local intranet site that you publish by using ISA Server 2006 when there are multiple user accounts that have the same account name in different domains

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: