| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 11009 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | %1 failed to start. The storage of the current array %2 (or server %3) could not be accessed during %5. The error code in the event viewer indicates the source of the failure. Use the source location %6 to report the failure. If your server is a stand-alone ISA Server, try to restore the ISA Server configuration, otherwise, check the connectivity to domain controller (DC), and the DNS configuration.%4%0 |
| Explanation | |
| The service failed to start because the data in the storage is corrupt. If you are running ISA Server 2004 Standard Edition, this error indicates a corrupted registry key. Otherwise, the error may result from a bad connection to the domain controller or from DNS errors. | |
| User Action | |
| Verify connectivity with the domain controller and check the DNS configuration.If you are running Standard Edition and a backup exists, try to restore the configuration. For details about restoring an ISA Server configuration, see ISA Server Help. | |
Category: Internet Security and Acceleration Server
Some errors were encountered when ISA Server restored specific data cache files. ISA Server will now attempt to recover these files. These errors may have occurred because there was not enough time to complete all necessary shutdown operations, when ISA Server was previously shut down. To avoid this in future, you can increase the value of the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\WaitToKillServiceTimeout registry key.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14168 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | Some errors were encountered when ISA Server restored specific data cache files. ISA Server will now attempt to recover these files. These errors may have occurred because there was not enough time to complete all necessary shutdown operations, when ISA Server was previously shut down. To avoid this in future, you can increase the value of the HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\WaitToKillServiceTimeout registry key. |
| Explanation | |
| Restoration of cache data file failed, therfore, only partial cache data may be available. If the error code indicates that data is corrupt, then consider deleting the cache file. If the error code does not indicate file corruption, stop and then restart the Web Proxy filter to retry restoration of the cache file. | |
| User Action | |
| Identify warning events regarding data inconsistencies. To avoid inconsistent data retrieval, consider deleting the cache files that were recently added to the configuration. To apply changes, restart the Web Proxy filter. | |
Related:
ISA Server failed to write content to the cache file.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14197 |
| Source: | ISA Server LDAP Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | ISA Server failed to write content to the cache file. |
| Explanation | |
| This event is usually caused by a disk I/O failure, insufficient memory, or an internal error. | |
| User Action | |
| Identify the reason for cache failure by examining previous recorded events, and by looking at the error code. Check that the disk is connected and that it is not corrupt. | |
Related:
H.323 filter: invalid port (%1) configured for listening. Future H.323 incoming calls will be refused.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 20005 |
| Source: | ISA Server H.323 Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | H.323 filter: invalid port (%1) configured for listening. Future H.323 incoming calls will be refused. |
| Explanation | |
| The port configured for the H.323 filter is either invalid or cannot be used. | |
| User Action | |
| Check that the port is in the valid port range and that it is not in use by any other application. For details about configuring the H.323 filter, see topic “To configure H.232 filter” in ISA Server help. | |
Related:
ISA Server detected a spoof attack from Internet Protocol (IP) address %1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 15108 |
| Source: | Microsoft Firewall |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | ISA Server detected a spoof attack from Internet Protocol (IP) address %1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log. |
| Explanation | |
| A possible spoof attack was attempted against a computer protected by ISA Server. This event occurs when a Internet Protocol (IP) packet is received from a Internet Protocol (IP) address that is not reachable via the network adapter on which the packet was received. | |
| User Action | |
| If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in the log viewer. You can use this log to monitor any further intruder activity. To do this, in the console tree of ISA Server Management, click Monitoring. In the Logging tab, edit the log filter to view the relevant details. Take additional steps against intruder activity. For example, you may want to add access rules denying traffic from the source of the intrusion. To do this, in the console tree of ISA Server Management, click Firewall Policy. On the Tasks tab, click Create Access Rule. | |
Related:
The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3.
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 21137 |
| Source: | Microsoft Firewall |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3. |
| Explanation | |
| This event occurs when the connection between the ISA Server computer and the specified destination server cannot be established using the requested verification method. A connectivity verifier may fail to connect to a destination for one of the following reasons: The server you are trying to verify connectivity with may not be responding. The server or service running on the machine may be malfunctioning or over flooded.If all connectivity verifiers are failing, the ISA Server computer may not be connected properly to the network or there may be a networking-related configuration problem (e.g. wrong routing configuration).The DNS server is unreachable. Therefore, ISA Server can not resolve the DNS name and cannot know which IP address to connect.The name of the specified destination can not be resolved, ISA Server cannot know which IP address to connect. |
|
| User Action | |
| Verify that the ISA Server computer is connected to the network.To find out if this is a DNS problem, try running: ???ping ???a ???. If ping can???t resolve the IP address of the given destination, then this is a DNS problem. Running ping to the destination server also validates network connectivity. If the server responds to ping sent from the ISA Server computer, then this is not a network connectivity problem. Note that if the destination computer does not respond to ping, there may still be a network connectivity issue. A firewall, for example, running on the destination computer may block ping requests. Check that the destination computer is functional. You can try to connect to it from a different server.Use ISA Server logging feature to determine if the connection request was denied by a policy rule. | |
Related:
The Web Proxy filter could not initialize (error code %1).
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 14127 |
| Source: | SOCKS Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The Web Proxy filter could not initialize (error code %1). |
| Explanation | |
| The event may be caused by a shortage of memory, an internal error, or corruption in the registry. If the problem is in the registry, it may be the result of changes made to the registry with a tool, such as regedit.exe. | |
| User Action | |
| Report the error location to Microsoft.Stop and then restart the Firewall service.If the problem persists, restart the ISA Server computer. If this does not resolve the problem, you may need to uninstall and then reinstall ISA Server. | |
Related:
The %1 failed to log information to MSDE Database %2 in path %3. The MSDE Error description is: %4. The problem may be resolved by restarting the MSSQL$MSFW service. For more information about this event, see ISA Server Help.%0
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 8 |
| Source: | Microsoft Firewall |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The %1 failed to log information to MSDE Database %2 in path %3. The MSDE Error description is: %4. The problem may be resolved by restarting the MSSQL$MSFW service. For more information about this event, see ISA Server Help.%0 |
| Explanation | |
| A log record cannot be added to the MSDE database for one of the following reasons: The service does not have the appropriate permission.Low resources on the computer.MSDE service is not started.There is no available space on the disk drive. |
|
| User Action | |
| Check the log properties in the corresponding logging service to verify that specified log folder is correct. To do this, in the ISA Server console tree, select the server or array name, select Monitoring, and then click Logging. Check the property sheet where logging is enabled for this service. Verify that you have assigned appropriate permissions for ISA Server servicesStart the MSDE service. In ISA Server Management, click Monitoring. On the Services tab, right-click the MSDE service and then click StartClose other programs that are running. Use the Tasks Manager to chekc programs and processes using large amounts of system resources.Delete unnecessary files from the logging disk drive to free up disk space. | |
Related:
The %1 failed to log information. The log object was never created possibly due to an incorrect configuration. For more information about this event, see ISA Server Help.%0
| Details | |
| Product: | Internet Security and Acceleration Server |
| Event ID: | 4 |
| Source: | POP Intrusion Detection Filter |
| Version: | 4.0.3443.594 |
| Component: | ISA Server Services |
| Message: | The %1 failed to log information. The log object was never created possibly due to an incorrect configuration. For more information about this event, see ISA Server Help.%0 |
| Explanation | |
| The server failed to find correct logging information. This information may be missing or incorrect. The log object may not be created for one of the following reasons: The information may be missing (for example, the logging directory cannot be accessed).Low resources on the computer. There is not enough space on the disk drive. |
|
| User Action | |
| Check the log properties to verify that the ODBC Data Source, Table name, User Name, and Password are correct in the corresponding logging service. To do this, in the console tree of ISA Server Management, click the server or array name, and then click Monitoring. In the details pane, click the Logging tab, and then use the options in the task pane to view the properties where logging is enabled for this service. Close other programs that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources. Delete unnecessary files from the logging disk drive.Check configuration validity. | |