A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections.

Details
Product: Internet Security and Acceleration Server
Event ID: 14007
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: A shortage of available memory caused the Firewall service to fail. The Event Viewer Data window displays the number of active connections.
   
Explanation
The ISA Server computer cannot support additional connections for the server.
   
User Action
To address this problem, try the following:
Check the number of current connections and reduce that number to an acceptable level.To address a low physical memory condition, do one of the following: Close or stop one or more applications, services, or processes. For more information about managing memory resources, see Windows Help. Add physical memory to the computerMove applications to one or more additional serversIf the system has been adequately provisioned with physical memory and application load but it continually exceeds the available physical memory threshold over time, it is possible that an application is leaking memory. To identify an application that is leaking memory, open System Monitor and monitor the following system wide performance counters over time:Paging File\% UsagePaging File\% Usage PeakMemory\Pool Nonpaged BytesMemory\Pool Paged Bytes
If any one of these counters continually increase over time, it is possible that an application may be leaking memory. If the system appears to be leaking memory, the specific application can be identified by monitoring the following counters for each running process:
Process\Page File BytesProcess\Pool Nonpaged BytesProcess\Pool Paged BytesProcess\Private BytesProcess\Thread Count
If you observe a consistent and significant increase in any of these counters, it may be necessary to contact the application vendor for support.

Related:

The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer.

Details
Product: Internet Security and Acceleration Server
Event ID: 15112
Source: ISA Server LDAP Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The client %1 exceeded its connection limit. The new connection was rejected. For more information about this event, see the Windows event viewer.
   
Explanation
The event occurs when ISA Server rejects a connection from a client because its connection limit was exceeded. The event could indicate a flood attack.
   
User Action
Use the log filter to determine if the source of the connection is legitimate or the result of a flood attack. To do this, in the console tree of ISA Server Management, on the node for the server, click Monitoring. In the Logging tab edit the log filter properties to view the source of the connection.If the connection should be allowed, increase the connection limit threshold. To do this, in the console tree of ISA Server Management click Configuration, then click General. In the details pane, select Define Connection Limits, and then use the options in the Connection Limits properites page to increase the number of concurrent connections allowed.

Related:

The Firewall service failed to apply the Network Load Balancing configuration on the local computer.

Details
Product: Internet Security and Acceleration Server
Event ID: 21107
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: The Firewall service failed to apply the Network Load Balancing configuration on the local computer.
   
Explanation
Changes made to the Network Load Balancing configuration could not be saved. This event may be caused by any of the following:
Low memory resources.An internal error occured during Windows NLB configuration.The Properties page for a network adapter (connection) is open on any array member.NLB was previously configured for the operating system.
   
User Action
Close any memory-intensive applications to free memory. You may need to add additional memory to the computer.Check the System event log for Windows NLB events. This may help to identify Windows NLB problems.If the properties page for a network adapter (connection) is open on any array member, close it and restart the NLB service.If NLB was previously configured for the operating system, completely remove the NLB configuration and restart the NLB service.
For more information about NLB see Network Load Balancing topic in ISA Server Help.
For more information about Microsoft implementation of load balancing protocol, see the Network Load Balancing (NLB) topic in http://msdn.microsoft.com.

Related:

ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048.

Details
Product: Internet Security and Acceleration Server
Event ID: 15104
Source: ISA Server NNTP Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: ISA Server detected a port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 1-2048.
   
Explanation
A possible well-known port scan attack was attempted against a computer protected by ISA Server. This event occurs when an attempt is made to scan ports on this computer in order to detect the services running on these ports.
   
User Action
If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in the log viewer. You can use this log to monitor any further intruder activity. To do this, in the console tree of ISA Server Management, click Monitoring. In the Logging tab, edit the log filter to view the relevant details. Take additional steps against intruder activity. For example, you may want to add access rules denying traffic from the source of the intrusion. To do this, in the console tree of ISA Server Management, click Firewall Policy. On the Tasks tab, click Create Access Rule.

Related:

%1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0

Details
Product: Internet Security and Acceleration Server
Event ID: 11001
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: %1 encountered a failure. The failure occurred during %5 because the configuration property %4 of the key %3 could not be accessed. Use the source location %6 to report the failure. %2%0
   
Explanation
This error occurs when the service fails to start because the data in the storage is corrupt. This may be due to incorrect configuration of either the registry or Active Directory.
   
User Action
Review other events to determine the cause of the problem.If a backup exists, use the ISA Server Restore option to restore the backed-up configuration. For details about restoring an ISA Server configuration, see ISA Server Help.If you are unable to restore the configuration, or doing so does not solve the problem, then uninstall and subsequently reinstall ISA Server. When you uninstall, all the configuration information is discarded. Do not reinstall ISA Server without first uninstalling.

Related:

Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software.

Details
Product: Internet Security and Acceleration Server
Event ID: 14012
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Firewall client from %1 attempted to access ISA Server using control protocol version %2. The server supports version %3. The version of the Firewall client software is incompatible with the server version. If the Firewall client software is older than the server software, upgrade the Firewall client software. If the server software is older, either upgrade the server or direct the client to a different server that uses the newer software.
   
Explanation
Firewall Client for ISA Server 2004 uses a protocol that encrypts the channel between the Firewall client and ISA Server. Firewall clients running earlier versions of the Firewall Client software are supported only if the option allowing them to connect is enabled. Encryption will not be used for these connections.
   
User Action
If the Firewall client software is older than the ISA Server software, upgrade the Firewall client software.Alternatley, you can enable Firewall clients running older versions of the Firewall Client software to connect to ISA Server 2004. To do this, in the ISA Server Management console, click Configuration, and then click General. In the General details pane, click Define Firewall Client Settings, click the Application Settings tab, and then select Allow non-encrypted Firewall Client connections.

Related:

Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls.

Details
Product: Internet Security and Acceleration Server
Event ID: 20066
Source: ISA Server H.323 Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Registration with the H.323 Gatekeeper at address %1 failed. This will prevent inbound calls.
   
Explanation
Communication with the Gatekeeper could not be established.
   
User Action
Check that the Gatekeeper details are configured correctly and that there is network connectivity. For details about configuring Gatekeeper details, see topic “To configure H.323 filter” in ISA Server Help.

Related:

Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1).

Details
Product: Internet Security and Acceleration Server
Event ID: 21147
Source: FTP Access Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: Microsoft ISA Server SMTP Message Screener failed to start. Reason: The SMTP Message Screener could not read the registry configuration (error code %1).
   
Explanation
The ISA Server SMTP Message Screener could not read the registry configuration.
   
User Action
Verify that the Message Screener filter has access to the registry by looking at the security event log and verify that the registry is configured correctly.

Related:

ISA Server cannot connect to %1 proxy server, because the server requires authentication, either when chaining or for intra-array communication. However authentication failed because the specified credentials were incorrect. Check authentication credentials and try again.

Details
Product: Internet Security and Acceleration Server
Event ID: 14000
Source: ISA Server RPC Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: ISA Server cannot connect to %1 proxy server, because the server requires authentication, either when chaining or for intra-array communication. However authentication failed because the specified credentials were incorrect. Check authentication credentials and try again.
   
Explanation
Authentication failed because the specified credentials were incorrect.
   
User Action
Verify that the specified credentials are the credentials required for authentication, and then try again.

Related:

The %1 was unable to load Odbc32.dll for SQL logging due to the following error: %2. The data is the error code.

Details
Product: Internet Security and Acceleration Server
Event ID: 1
Source: DNS Intrusion Detection Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The %1 was unable to load Odbc32.dll for SQL logging due to the following error: %2. The data is the error code.
   
Explanation
This event occurs when Odbc32.dll cannot be located. Open Database Connectivity (ODBC) allows applications to access data in a DBMS (database management system). Odbc32.dll (dynamic-link library file) is required for this process, and it could not be located in the current system path.
   
User Action
Verify the existence of Odbc32.dll in the Windows system directory. The system directory is typically %systemroot%\system32. If the file does not exist, then reinstall ODBC.

Related: