These release notes provide information and describe issues related to Microsoft Internet Security and Acceleration (ISA) Server 2004 Service Pack 3 (SP3).


1. Resources

Service pack features are described in detail in the document ISA Server 2004 Service Pack 3.

Important information about installation is available in the article How to install ISA Server hotfixes and updates. This includes instructions for creating a log file during installation, unattended mode installation, administrative installation, and important information about installation in ISA Server 2004 Enterprise Edition.

ISA Server context-sensitive Help was not updated for this service pack.

2. Installation Notes for Enterprise Edition

  1. This update should be installed on the Configuration Storage server, as well as on each ISA Server array member.

  2. When installing this service pack on an array in a workgroup, and the Configuration Storage server is in a domain, you must provide credentials to connect to the Configuration Storage server. This can be done when installing this service pack from a command prompt, using the following syntax.

    msiexec /p <msp> REINSTALL=all REINSTALLMODE=omus STORAGESERVER_CONNECT_ACCOUNT=cssdomainname\username STORAGESERVER_CONNECT_PWD=password /l*v installsp3log.log
    Where cssdomainname is the name of the domain in which the Configuration Storage server is located, username is the name of the user whose credentials can be used to connect to the server, password is the user's password, and installsp3log.log is the path and file name for the Service Pack 3 installation log. If you do not specify a path for the log, it will be created in the directory from which you ran the command.

Back to Contents

3. Installation

  1. After you install the service pack, the new version number for ISA Server will not appear in the ISA Server Management details pane (under Configuration). You can view the correct version number in the Windows Add or Remove Programs dialog box, by clicking Click here for support information.

  2. After installing this service pack, you may receive an alert indicating that the cache failed to initialize. You can safely ignore the alert. This alert will typically be followed by a second alert indicating that cache restoration has taken place, and the ISA Server cache will be fully functional.

  3. To be able to uninstall ISA Server 2004 Service Pack 3 after installation, Microsoft Windows Installer 3.0 must be installed before you install the service pack. This application is already installed with the latest Windows service packs. To determine whether the application is installed, verify that the version number of the file %windir%\system32\msiexec.exe starts with 3. Otherwise, download it from Windows Installer 3.0 Redistributable.

  4. If you install ISA Server 2004 with Service Pack 3 from a slipstream CD/share, clicking the Start menu shortcut ISA Server Performance Monitor may launch Setup in Repair mode. To avoid this issue, delete the shortcut from the Start menu.

  5. After installation of the service pack, the following event is issued in the Windows Event Viewer every time the computer is restarted: Event ID: 21252. "ISA Server Control service failed to enable tracing on startup".

    This is an erroneous event, and can be ignored. This issue can be solved by modifying the registry, as described in Knowledge Base article: "Event 21252 is issued on every computer restart after installing ISA Server 2004 Service Pack 3" (

Back to Contents

4. Uninstallation

  1. Before uninstalling Service Pack 3 from ISA Server 2004 Standard Edition, disable Routing and Remote Access.

  2. If you install Service Pack 3, and you had not previously installed Service Pack 2, and then you use the Modify mode of installation to install ISA Server 2004 services, uninstallation will not remove the Service Pack 2 Web filters (also included in Service Pack 3). Web filters that remain include the Web filters for the compression and Background Intelligent Transfer Service (BITS) caching features. We recommend that in this scenario, before uninstalling ISA Server Service Pack 3, run ISA Server installation in Repair mode.

Back to Contents

5. Operations

  1. When you publish Microsoft Exchange Server 2007 using ISA Server 2004 with Service Pack 3, Microsoft Outlook Web Access clients who have Exchange Server 2007 mailboxes and attempt to connect to Outlook Web Access using the /Exchange path will receive an error from ISA Server. To avoid this error, those clients should connect to Outlook Web Access using the /OWA path, for example,

Back to Contents

6. Hotfixes Included in the Service Pack

Service Pack 3 addresses the following issues, and includes the hotfixes described in the following Microsoft Knowledge Base articles:

  • 905662, Information about the version of Firewall Client for ISA Server that was released in September 2006

  • 914448, Error message when Web browser clients that are located behind an ISA Server 2004 firewall try to access certain external Web sites: "502 Proxy Error"

  • 914957, Error message when you query the log files in ISA Server 2004, Standard Edition

  • 915045, Error message when you try to access a Web site from a Web browser client that is located behind a computer that is running ISA Server 2004 with SP2: "Error Code: 502 Proxy Error"

  • 915421, Error message when a Web browser tries to access external Web sites from behind an ISA Server 2004 computer that has Service Pack 2 installed

  • 915422, Some content is unavailable when a user or a program tries to access a Web site through a computer that is running ISA Server 2004 Service Pack 2

  • 915461, ISA Server 2004 blocks UDP traffic between two networks

  • 915912, You cannot configure ISA Server 2004 to use different servers for RADIUS authentication and for RADIUS accounting

  • 916152, The Firewall service stops responding and Event IDs 14079, 1000, and 14057 are logged in the Application event log in ISA Server 2004

  • 916573, Error message in OWA when you try to download a .zip file from a server that is running ISA Server 2004 Service Pack 2: "500 Internal Server Error. Not implemented (-2147467263)"

  • 916705, After you configure the rules on a ISA Server 2004 Service Pack 2 (SP2)-based computer, the computer may try to authenticate users

  • 894679, Users who do not have the appropriate permissions can receive restricted content from ISA Server 2004

  • 917051, The Web Proxy Filter in ISA Server 2004 may log requests with an incorrect access rule when you use overlapped HTTP protocols

  • 917134, The "Background Intelligent Transfer Service" option is incorrectly available for any non-Microsoft Update cache rule that you create in ISA Server 2004

  • 917145, RPC clients cannot use Kerberos authentication to authenticate with a server that you publish behind ISA Server 2004, Enterprise Edition

  • 917265, Error message when client computers that are behind a proxy server access Web sites that are published by using ISA Server 2004: "404 Not Found. The requested item could not be located (12028)"

  • 917718, The ISA Server Control service may not start after you rename and then restart a computer that is running ISA Server 2004

  • 917803, You cannot query the Win32_PerfRawData_W3Proxy_ISAServerWebProxy performance counter by using WMI

  • 917903, You cannot join a computer that is running a 64-bit version of Windows Vista to a Windows domain on which ISA Server 2004 is configured as a firewall

  • 917936, An Office Outlook client that connects through ISA Server 2004 may be unable to reconnect for 24 hours

  • 919170, A hotfix is available to let you use a different upstream port for Secure Sockets Layer tunneling in Microsoft Internet Security and Acceleration (ISA) Server 2004

  • 919515, Multiple events are logged when you enable Web caching and set the FPCCacheConfiguration.QueueRequests COM property to True in ISA Server 2004

  • 919620, Internal firewall client computers and SecureNAT client computers cannot connect to external servers

  • 919871, Application filter events are not triggered on a computer that is running ISA Server 2004 with Service Pack 2

  • 920356, You experience a two minute delay when you access an HTTP Web site from an HTTPS Web site by using Internet Explorer configured as an ISA Server 2004 SP2 Web proxy client

  • 920715, Web Proxy clients do not directly access a Web site that you enter in the "Directly access these servers or domains" list in ISA Server 2004 SP2

  • 920893, ISA Server 2004 Enterprise Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails

  • 920913, ISA 2004 EE not following RFC 2616 regarding HOST header

  • 921363, Data that is contained in the Filter Information column may be truncated when you turn on HTTP Compression in the Microsoft Internet Security and Acceleration Server 2004 log viewer

  • 921944, A client computer takes longer than expected to connect to a Web site through an ISA Server 2004 Web proxy server

  • 922440, The Microsoft Firewall service on an ISA Server 2004 Standard Edition-based computer may stop responding to client computer requests, and Event ID: 7031 and Event ID: 14057 may be logged in Event Viewer

  • 922635, Error message when you view an ISA 2004 SSL Web site: "Error Code: 500 Internal Server error. The context has expired and can no longer be used"

  • 922790, A memory leak may occur when you use ISA Server 2004 to publish a Web site that uses link translation

  • 922851, You receive a blank page when your Web browser submits a POST request to an ASP Web site over an ISA Server 2004 access rule that requires client authentication

  • 922899, An ISA Server 2004 Web chaining rule may not redirect requests to the specified port

  • 922946, ISA Server 2004 Standard Edition may stop responding if the firewall does not go into lockdown mode when MSDE logging fails

  • 923318, Error message in SecureNAT clients after you configure a Web chaining rule to forward HTTP as HTTPS in ISA Server 2004: "The target principal name is incorrect"

  • 923322, A large file download fails when an ISA Server 2004 SOCKS client computer uses passive mode FTP

  • 923324, Virtual memory allocation for the Microsoft Firewall service increases by as much as 512 MB in ISA Server 2004

  • 923765, The Microsoft Firewall service stops responding to client computer requests and Event IDs 7034, 14057, and 1000 are logged after you publish an Outlook Web Access server in ISA Server 2004

  • 923766, A client computer may not be authenticated by ISA Server 2004 when you use integrated Windows authentication

  • 924404, Heap corruption when the compression filter issues error alerts/events

  • 924405, Client computers cannot download attachments when you use ISA Server 2004 forms-based authentication and run a third-party OWA add-in program to manage attachments

  • 925230, Error message when internal SecureNAT client computers access a Web site that is published by ISA Server 2004: "Cannot find server or DNS Error"

  • 925231, Error message when you access Outlook Web Access through ISA Server 2004: "Error Code: 500 Internal Server Error. The data area passed to a system call is too small."

  • 927265, Authentication fails when client computers use Internet Explorer 7 to authenticate with an upstream ISA Server computer through a downstream ISA Server computer that does not require authentication

  • 927778, Cookies from a published Web site are randomly lost after you publish an application that uses forms-based authentication in ISA Server 2004

  • 928273, Users may receive slow responses when you enable the Cache Array Routing Protocol in ISA Server 2004, Enterprise Edition

  • 929018, ISA Server 2004 may randomly stop responding to new TCP traffic

  • 931951, Stingray: WPAD script resolves different CARP exceptions to different nodes

  • 933523, ISA 2004 EE: Authentication + filter content causes triple HTTP POST

Back to Contents

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people, and events depicted herein are fictitious and no association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft, Outlook, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.

Back to Contents