The dial-up network connection %2 failed. The error description is: %1. The error code shown in the data area of the event properties is specific to the Routing and Remote Access service.

Details
Product: Internet Security and Acceleration Server
Event ID: 14142
Source: ISA Server Streaming Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The dial-up network connection %2 failed. The error description is: %1. The error code shown in the data area of the event properties is specific to the Routing and Remote Access service.
   
Explanation
This log entry or event is generated by the dial-up entry component of ISA Server when a dial-attempt fails. The problem could be related to authentication.
   
User Action
Verify that the specified phonebook entry in the dial-up entry configuration can be dialed manually. To do this, in the console tree of ISA Server Management, click Configuration, then click General. In the details pane, click Specify Dial-Up Preferences. In addition, check the authentication settings.

Related:

A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections.

Details
Product: Internet Security and Acceleration Server
Event ID: 14007
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections.
   
Explanation
The ISA Server computer cannot support additional connections for the server.
   
User Action
To address this problem, try the following:
Check the number of current connections and reduce that number to an acceptable level.To address a low physical memory condition, do one of the following: Close or stop one or more applications, services, or processes. For more information about managing memory resources, see Windows Help. Add physical memory to the computerMove applications to one or more additional serversIf the system has been adequately provisioned with physical memory and application load but it continually exceeds the available physical memory threshold over time, it is possible that an application is leaking memory. To identify an application that is leaking memory, open System Monitor and monitor the following system wide performance counters over time:Paging File\% UsagePaging File\% Usage PeakMemory\Pool Nonpaged BytesMemory\Pool Paged Bytes
If any one of these counters continually increase over time, it is possible that an application may be leaking memory. If the system appears to be leaking memory, the specific application can be identified by monitoring the following counters for each running process:
Process\Page File BytesProcess\Pool Nonpaged BytesProcess\Pool Paged BytesProcess\Private BytesProcess\Thread Count
If you observe a consistent and significant increase in any of these counters, it may be necessary to contact the application vendor for support.

Related:

%1 failed to start. The failure occurred during %4 because the system call %3 failed. Use the source location %5 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: %2.

Details
Product: Internet Security and Acceleration Server
Event ID: 11004
Source: Microsoft Firewall RPC Filter
Version: 3.0
Message:

%1 failed to start. The failure occurred during %4 because the system call %3 failed. Use the source location %5 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: %2.

   
Explanation

The failure is due to a shortage of resources, probably memory.

   
User Action

Close other applications that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources. Make sure that Active Directory is working. For more information about managing memory resources, see Windows 2000 Help.

Related:

The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer.

Details
Product: Internet Security and Acceleration Server
Event ID: 15112
Source: ISA Server LDAP Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer.
   
Explanation
The event occurs when ISA Server rejects a connection from a client because its connection limit was exceeded. The event could indicate a flood attack.
   
User Action
Use the log filter to determine if the source of the connection is legitimate or the result of a flood attack. To do this, in the console tree of ISA Server Management, on the node for the server, click Monitoring. In the Logging tab edit the log filter properties to view the source of the connection.If the connection should be allowed, increase the connection limit threshold. To do this, in the console tree of ISA Server Management click Configuration, then click General. In the details pane, select Define Connection Limits, and then use the options in the Connection Limits properites page to increase the number of concurrent connections allowed.

Related:

The Firewall service failed to apply the Network Load Balancing configuration on the local computer.

Details
Product: Internet Security and Acceleration Server
Event ID: 21107
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: The Firewall service failed to apply the Network Load Balancing configuration on the local computer.
   
Explanation
Changes made to the Network Load Balancing configuration could not be saved. This event may be caused by any of the following:
Low memory resources.An internal error occured during Windows NLB configuration.The Properties page for a network adapter (connection) is open on any array member.NLB was previously configured for the operating system.
   
User Action
Close any memory-intensive applications to free memory. You may need to add additional memory to the computer.Check the System event log for Windows NLB events. This may help to identify Windows NLB problems.If the properties page for a network adapter (connection) is open on any array member, close it and restart the NLB service.If NLB was previously configured for the operating system, completely remove the NLB configuration and restart the NLB service.
For more information about NLB see Network Load Balancing topic in ISA Server Help.
For more information about Microsoft implementation of load balancing protocol, see the Network Load Balancing (NLB) topic in http://msdn.microsoft.com.

Related:

ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048.

Details
Product: Internet Security and Acceleration Server
Event ID: 15104
Source: ISA Server NNTP Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048.
   
Explanation
A possible well-known port scan attack was attempted against a computer protected by ISA Server. This event occurs when an attempt is made to scan ports on this computer in order to detect the services running on these ports.
   
User Action
If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in the log viewer. You can use this log to monitor any further intruder activity. To do this, in the console tree of ISA Server Management, click Monitoring. In the Logging tab, edit the log filter to view the relevant details. Take additional steps against intruder activity. For example, you may want to add access rules denying traffic from the source of the intrusion. To do this, in the console tree of ISA Server Management, click Firewall Policy. On the Tasks tab, click Create Access Rule.

Related:

%1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0

Details
Product: Internet Security and Acceleration Server
Event ID: 11001
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: %1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0
   
Explanation
This error occurs when the service fails to start because the data in the storage is corrupt. This may be due to incorrect configuration of either the registry or Active Directory.
   
User Action
Review other events to determine the cause of the problem.If a backup exists, use the ISA Server Restore option to restore the backed-up configuration. For details about restoring an ISA Server configuration, see ISA Server Help.If you are unable to restore the configuration, or doing so does not solve the problem, then uninstall and subsequently reinstall ISA Server. When you uninstall, all the configuration information is discarded. Do not reinstall ISA Server without first uninstalling.

Related:

Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software.

Details
Product: Internet Security and Acceleration Server
Event ID: 14012
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software.
   
Explanation
Firewall Client for ISA Server 2004 uses a protocol that encrypts the channel between the Firewall client and ISA Server. Firewall clients running earlier versions of the Firewall Client software are supported only if the option allowing them to connect is enabled. Encryption will not be used for these connections.
   
User Action
If the Firewall client software is older than the ISA Server software, upgrade the Firewall client software.Alternatley, you can enable Firewall clients running older versions of the Firewall Client software to connect to ISA Server 2004. To do this, in the ISA Server Management console, click Configuration, and then click General. In the General details pane, click Define Firewall Client Settings, click the Application Settings tab, and then select Allow non-encrypted Firewall Client connections.

Related:

Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls.

Details
Product: Internet Security and Acceleration Server
Event ID: 20066
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls.
   
Explanation
Communication with the Gatekeeper could not be established.
   
User Action
Check that the Gatekeeper details are configured correctly and that there is network connectivity. For details about configuring Gatekeeper details, see topic “To configure H.323 filter” in ISA Server Help.

Related:

Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1).

Details
Product: Internet Security and Acceleration Server
Event ID: 21147
Source: FTP Access Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1).
   
Explanation
The ISA Server SMTP Message Screener could not read the registry configuration.
   
User Action
Verify that the Message Screener filter has access to the registry by looking at the security event log and verify that the registry is configured correctly.

Related: