| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14142 |
| Source: | ISA Server Streaming Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The dial-up network connection %2 failed. The error description is: %1. The error code shown in the data area of the event properties is specific to the Routing and Remote Access service. |
| Explanation | |
| This log entry or event is generated by the dial-up entry component of ISA Server when a dial-attempt fails. The problem could be related to authentication. | |
| User Action | |
| Verify that the specified phonebook entry in the dial-up entry configuration can be dialed manually. To do this, in the console tree of ISA Server Management, click Configuration, then click General. In the details pane, click Specify Dial-Up Preferences. In addition, check the authentication settings. | |
Category: Internet Security and Acceleration Server
A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14007 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections. |
| Explanation | |
| The ISA Server computer cannot support additional connections for the server. | |
| User Action | |
| To address this problem, try the following: Check the number of current connections and reduce that number to an acceptable level.To address a low physical memory condition, do one of the following: Close or stop one or more applications, services, or processes. For more information about managing memory resources, see Windows Help. Add physical memory to the computerMove applications to one or more additional serversIf the system has been adequately provisioned with physical memory and application load but it continually exceeds the available physical memory threshold over time, it is possible that an application is leaking memory. To identify an application that is leaking memory, open System Monitor and monitor the following system wide performance counters over time:Paging File\% UsagePaging File\% Usage PeakMemory\Pool Nonpaged BytesMemory\Pool Paged Bytes If any one of these counters continually increase over time, it is possible that an application may be leaking memory. If the system appears to be leaking memory, the specific application can be identified by monitoring the following counters for each running process: Process\Page File BytesProcess\Pool Nonpaged BytesProcess\Pool Paged BytesProcess\Private BytesProcess\Thread Count If you observe a consistent and significant increase in any of these counters, it may be necessary to contact the application vendor for support. |
|
Related:
%1 failed to start. The failure occurred during %4 because the system call %3 failed. Use the source location %5 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: %2.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 11004 |
| Source: | Microsoft Firewall RPC Filter |
| Version: | 3.0 |
| Message: |
%1 failed to start. The failure occurred during %4 because the system call %3 failed. Use the source location %5 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: %2. |
| Explanation | |
|
The failure is due to a shortage of resources, probably memory. |
|
| User Action | |
|
Close other applications that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources. Make sure that Active Directory is working. For more information about managing memory resources, see Windows 2000 Help. |
|
Related:
The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 15112 |
| Source: | ISA Server LDAP Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer. |
| Explanation | |
| The event occurs when ISA Server rejects a connection from a client because its connection limit was exceeded. The event could indicate a flood attack. | |
| User Action | |
| Use the log filter to determine if the source of the connection is legitimate or the result of a flood attack. To do this, in the console tree of ISA Server Management, on the node for the server, click Monitoring. In the Logging tab edit the log filter properties to view the source of the connection.If the connection should be allowed, increase the connection limit threshold. To do this, in the console tree of ISA Server Management click Configuration, then click General. In the details pane, select Define Connection Limits, and then use the options in the Connection Limits properites page to increase the number of concurrent connections allowed. | |
Related:
The Firewall service failed to apply the Network Load Balancing configuration on the local computer.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 21107 |
| Source: | Microsoft Firewall |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The Firewall service failed to apply the Network Load Balancing configuration on the local computer. |
| Explanation | |
| Changes made to the Network Load Balancing configuration could not be saved. This event may be caused by any of the following: Low memory resources.An internal error occured during Windows NLB configuration.The Properties page for a network adapter (connection) is open on any array member.NLB was previously configured for the operating system. |
|
| User Action | |
| Close any memory-intensive applications to free memory. You may need to add additional memory to the computer.Check the System event log for Windows NLB events. This may help to identify Windows NLB problems.If the properties page for a network adapter (connection) is open on any array member, close it and restart the NLB service.If NLB was previously configured for the operating system, completely remove the NLB configuration and restart the NLB service. For more information about NLB see Network Load Balancing topic in ISA Server Help. For more information about Microsoft implementation of load balancing protocol, see the Network Load Balancing (NLB) topic in http://msdn.microsoft.com. |
|
Related:
ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 15104 |
| Source: | ISA Server NNTP Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048. |
| Explanation | |
| A possible well-known port scan attack was attempted against a computer protected by ISA Server. This event occurs when an attempt is made to scan ports on this computer in order to detect the services running on these ports. | |
| User Action | |
| If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in the log viewer. You can use this log to monitor any further intruder activity. To do this, in the console tree of ISA Server Management, click Monitoring. In the Logging tab, edit the log filter to view the relevant details. Take additional steps against intruder activity. For example, you may want to add access rules denying traffic from the source of the intrusion. To do this, in the console tree of ISA Server Management, click Firewall Policy. On the Tasks tab, click Create Access Rule. | |
Related:
%1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 11001 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | %1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0 |
| Explanation | |
| This error occurs when the service fails to start because the data in the storage is corrupt. This may be due to incorrect configuration of either the registry or Active Directory. | |
| User Action | |
| Review other events to determine the cause of the problem.If a backup exists, use the ISA Server Restore option to restore the backed-up configuration. For details about restoring an ISA Server configuration, see ISA Server Help.If you are unable to restore the configuration, or doing so does not solve the problem, then uninstall and subsequently reinstall ISA Server. When you uninstall, all the configuration information is discarded. Do not reinstall ISA Server without first uninstalling. | |
Related:
Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14012 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software. |
| Explanation | |
| Firewall Client for ISA Server 2004 uses a protocol that encrypts the channel between the Firewall client and ISA Server. Firewall clients running earlier versions of the Firewall Client software are supported only if the option allowing them to connect is enabled. Encryption will not be used for these connections. | |
| User Action | |
| If the Firewall client software is older than the ISA Server software, upgrade the Firewall client software.Alternatley, you can enable Firewall clients running older versions of the Firewall Client software to connect to ISA Server 2004. To do this, in the ISA Server Management console, click Configuration, and then click General. In the General details pane, click Define Firewall Client Settings, click the Application Settings tab, and then select Allow non-encrypted Firewall Client connections. | |
Related:
Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 20066 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls. |
| Explanation | |
| Communication with the Gatekeeper could not be established. | |
| User Action | |
| Check that the Gatekeeper details are configured correctly and that there is network connectivity. For details about configuring Gatekeeper details, see topic “To configure H.323 filter” in ISA Server Help. | |
Related:
Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1).
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 21147 |
| Source: | FTP Access Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1). |
| Explanation | |
| The ISA Server SMTP Message Screener could not read the registry configuration. | |
| User Action | |
| Verify that the Message Screener filter has access to the registry by looking at the security event log and verify that the registry is configured correctly. | |