ISA Server detected a spoof attack from Internet Protocol (IP) address %1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.

Details
Product: Internet Security and Acceleration Server
Event ID: 15108
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: ISA Server detected a spoof attack from Internet Protocol (IP) address %1. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.
   
Explanation
A possible spoof attack was attempted against a computer protected by ISA Server. This event occurs when a Internet Protocol (IP) packet is received from a Internet Protocol (IP) address that is not reachable via the network adapter on which the packet was received.
   
User Action
If logging for dropped packets is enabled, you can view details of this attack in the Firewall log in the log viewer. You can use this log to monitor any further intruder activity. To do this, in the console tree of ISA Server Management, click Monitoring. In the Logging tab, edit the log filter to view the relevant details. Take additional steps against intruder activity. For example, you may want to add access rules denying traffic from the source of the intrusion. To do this, in the console tree of ISA Server Management, click Firewall Policy. On the Tasks tab, click Create Access Rule.

Related:

The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3.

Details
Product: Internet Security and Acceleration Server
Event ID: 21137
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3.
   
Explanation
This event occurs when the connection between the ISA Server computer and the specified destination server cannot be established using the requested verification method. A connectivity verifier may fail to connect to a destination for one of the following reasons:
The server you are trying to verify connectivity with may not be responding. The server or service running on the machine may be malfunctioning or over flooded.If all connectivity verifiers are failing, the ISA Server computer may not be connected properly to the network or there may be a networking-related configuration problem (e.g. wrong routing configuration).The DNS server is unreachable. Therefore, ISA Server can not resolve the DNS name and cannot know which IP address to connect.The name of the specified destination can not be resolved, ISA Server cannot know which IP address to connect.
   
User Action
Verify that the ISA Server computer is connected to the network.To find out if this is a DNS problem, try running: ???ping ???a ???. If ping can???t resolve the IP address of the given destination, then this is a DNS problem. Running ping to the destination server also validates network connectivity. If the server responds to ping sent from the ISA Server computer, then this is not a network connectivity problem. Note that if the destination computer does not respond to ping, there may still be a network connectivity issue. A firewall, for example, running on the destination computer may block ping requests. Check that the destination computer is functional. You can try to connect to it from a different server.Use ISA Server logging feature to determine if the connection request was denied by a policy rule.

Related:

The Web Proxy filter could not initialize (error code %1).

Details
Product: Internet Security and Acceleration Server
Event ID: 14127
Source: SOCKS Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The Web Proxy filter could not initialize (error code %1).
   
Explanation
The event may be caused by a shortage of memory, an internal error, or corruption in the registry. If the problem is in the registry, it may be the result of changes made to the registry with a tool, such as regedit.exe.
   
User Action
Report the error location to Microsoft.Stop and then restart the Firewall service.If the problem persists, restart the ISA Server computer. If this does not resolve the problem, you may need to uninstall and then reinstall ISA Server.

Related:

The %1 failed to log information to MSDE Database %2 in path %3. The MSDE Error description is: %4. The problem may be resolved by restarting the MSSQL$MSFW service. For more information about this event, see ISA Server Help.%0

Details
Product: Internet Security and Acceleration Server
Event ID: 8
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: The %1 failed to log information to MSDE Database %2 in path %3. The MSDE Error description is: %4. The problem may be resolved by restarting the MSSQL$MSFW service. For more information about this event, see ISA Server Help.%0
   
Explanation
A log record cannot be added to the MSDE database for one of the following reasons:
The service does not have the appropriate permission.Low resources on the computer.MSDE service is not started.There is no available space on the disk drive.
   
User Action
Check the log properties in the corresponding logging service to verify that specified log folder is correct. To do this, in the ISA Server console tree, select the server or array name, select Monitoring, and then click Logging. Check the property sheet where logging is enabled for this service. Verify that you have assigned appropriate permissions for ISA Server servicesStart the MSDE service. In ISA Server Management, click Monitoring. On the Services tab, right-click the MSDE service and then click StartClose other programs that are running. Use the Tasks Manager to chekc programs and processes using large amounts of system resources.Delete unnecessary files from the logging disk drive to free up disk space.

Related:

The %1 failed to log information. The log object was never created possibly due to an incorrect configuration. For more information about this event, see ISA Server Help.%0

Details
Product: Internet Security and Acceleration Server
Event ID: 4
Source: POP Intrusion Detection Filter
Version: 4.0.3443.594
Component: ISA Server Services
Message: The %1 failed to log information. The log object was never created possibly due to an incorrect configuration. For more information about this event, see ISA Server Help.%0
   
Explanation
The server failed to find correct logging information. This information may be missing or incorrect. The log object may not be created for one of the following reasons:
The information may be missing (for example, the logging directory cannot be accessed).Low resources on the computer. There is not enough space on the disk drive.
   
User Action
Check the log properties to verify that the ODBC Data Source, Table name, User Name, and Password are correct in the corresponding logging service. To do this, in the console tree of ISA Server Management, click the server or array name, and then click Monitoring. In the details pane, click the Logging tab, and then use the options in the task pane to view the properties where logging is enabled for this service. Close other programs that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources. Delete unnecessary files from the logging disk drive.Check configuration validity.

Related: