Archive for category MS ISA / Forefront TMG

SCOM 2007 R2, Windows Server Operating System Management Pack for Operations Manager 2007 (BaseOS MP) version 6.0.6958 and ISA 2006 VPN issue

Network utilization scripts in BaseOS MP version 6.0.6958.0 may cause the following issue with ISA 2006 (installed on Windows 2003 Standard Edition x86 SP2 in my case):

  1. From client perspective: VPN connections stop working.
  2. Windows Server Application log: error with Event ID 1000, “Faulting application svchost.exe, version 5.2.3790.3959, faulting module netman.dll, version 5.2.3790.3959, fault address 0x00008930“
  3. SCOM 2007 R2 reports the following errors:
    1. The Windows Server service on server servername.domain.name has stopped running
    2. The Windows Workstation service on server servername.domain.name has stopped running
    3. The Windows Management Instrumentation service and ConfigMgr Advanced Client are unavailable
    4. Remote Access Service State is 1 – not running
    5. Microsoft.Windows.Server.NetwokAdapter.BandwidthUsed.ModuleType.vbs : The class name ‘Win32_NetworkAdapter Where MacAddress <> Null And ServiceName <> ‘PptpMiniport’ And ServiceName <> ‘RasPppoe’ And ServiceName <> ‘VMSMP” did not return any valid instances. Please check to see if this is a valid WMI class name.. The remote procedure call failed
    6. The Logical Disk Manager service on server servername.domain.name has stopped running
    7. The Computer Browser service on server servername.domain.name has stopped running

Resolution:

  1. Restart ISA 2006 server.
  2. Disable rules AND monitors according to Kevin Holman article “OpsMgr: Network utilization scripts in BaseOS MP version 6.0.6958.0 may cause high CPU utilization”  http://blogs.technet.com/b/kevinholman/archive/2011/12/12/opsmgr-network-utilization-scripts-in-baseos-mp-version-6-0-6958-0-may-cause-high-cpu-utilization.aspx
Advertisements

Leave a comment

Security Update 2509553 breaks ISA 2006 RAS

Security Update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553)

Breaks PPTP VPN access through RAS on a ISA 2006 Server

Issue indication:

  • From client side (Windows 7 x64 workstation) the error message is:

Client-VPN-error

  • From server side:
  1. There are no any errors in System or Application even logs.
  2. Log on process from local console or Remote Desktop is unresponsive and takes long time sometimes.
  3. “Task Manager” hangs up when switching to “Networking” tab sometimes.
  4. “Routing and Remote Access” MMC console does not show any available VPN ports or routing table (it seems that RRAS process not working as expected).
  5. When capturing network traffic on ISA server between VPN client and ISA, it seems that ISA server does not replay to “GRE LCP:Configure-Request” packets.
  • After server restart all is working fine:
  1. “Routing and Remote Access” MMC console shows available VPN ports and VPN clients connect normally.
  2. When capturing network traffic on ISA server between VPN client and ISA, ISA server replays to first “GRE LCP:Configure-Request” packet.
  • After some time (1-12 hours) the issue reappears again.

Issue resolution:

  • uninstall security update: Vulnerability in DNS Resolution Could Allow Remote Code Execution (2509553) http://support.microsoft.com/kb/2509553 (for Windows Server 2003 Service Pack 2 aggregate severity rating is “Important” not “Critical”).

1 Comment

Useful ISA 2006 / TMG 2010 links

Leave a comment

“The specified secure socket layer (SSL) port is not allowed. ISA server is not configured to allow SSL requests from this port. Most WEB-browsers use port 443 for SSL requests”

Leave a comment