Three letters – ISA
You can also install ISA Server after you upgrade to Windows Server 2003. However, the packet filter extension driver in the release version of ISA Server is incompatible with Windows Server 2003, and it is blocked from loading during installation. During installation, you can safely ignore all error messages that are related to this issue because ISA Server SP1 includes a compatibility fix for the driver. After you install ISA Server, the incompatible software services do not start. You must then apply ISA Server SP1 to implement the driver fix. After you install ISA Server SP1, you must install the ISA Server 2000 Required Updates for Windows Server 2003 package.
Before you install ISA Server on a computer running Windows Server 2003, make sure that the computer is disconnected from the Internet. The computer must remain disconnected from the Internet until you successfully complete all the following steps. After that, you can safely connect the computer to the Internet.
Note Do not remove (uninstall) ISA Server before you install ISA Server SP1. If you have to remove ISA Server, you must wait until you have completed your installation of ISA Server SP1.
To install ISA Server on Windows Server 2003, follow these steps:
1. Start the ISA Server Setup process. You receive the following message:
ISA 2000 requires Service Pack 1 to function correctly on this version of Windows. During the installation, error messages and error event logs regarding compatibility might appear. These messages may be ignored during the installation. Install Service Pack 1 after this installation is complete.
For more information, contact Microsoft.
2. Click Continue. When Setup completes the installation of ISA Server, you receive the following message in the notification area:
Devices or applications disabled
‘ISA 2000′ will cause Windows to become unstable. Windows has prevented these drivers from loading. Click here for more details.
3. When Setup is complete, you receive the following message:
Setup has failed to start one or more services. Please examine the event log for more details.
4. Download and install ISA Server SP1. After you install SP1, you must restart the ISA Server computer.
5. After the computer restarts, download and install the ISA Server 2000 Required Updates for Windows Server 2003 package. To obtain this update, view the “ISA Server 2000 Required Updates for Windows Server 2003″ section of this article.
After you install the ISA Server 2000 Required Updates for Windows Server 2003 package, ISA Server functions correctly.
Back to the top
Running ISA Server 120-Day Trial Software on Windows Server 2003
The ISA Server 120-day trial program is currently only supported on Windows 2000-based servers. You must remove the ISA Server trial program from any server running Windows 2000 before you upgrade to Windows Server 2003.
Back to the top
Known Issues That Occur When Running ISA Server on Windows Server 2003
* When you run ISA Server 2000 and Microsoft Internet Information Services 6.0 (IIS) on the same computer, you may experience issues with the ISA Server Web proxy service (W3proxy). By default, IIS listens on all IP addresses. This prevents W3proxy from binding to port 80 for Web publishing. To resolve this issue, follow these steps:
1. Install the Windows Server 2003 Support Tools (included with Windows Server 2003), and then locate the Httpcfg.exe file.
2. Run the Httpcfg.exe utility to configure HTTP.sys to stop listening on all IP addresses. To do this, type httpcfg delete iplisten -i 0.0.0.0 at a command prompt.
3. Configure HTTP.sys to listen only on the specified IP address (usually the internal IP address of ISA Server) by typing httpcfg set iplisten -i ip-address at a command prompt.
4. Stop the IIS HTTP service by typing net stop http at a command prompt.
5. Stop the ISA Server Web proxy service by typing net stop w3proxy at a command prompt.
6. Restart the IIS HTTP service by typing net start http at a command prompt.
7. Restart any related IIS services. For example, type net start “World Wide Web Publishing Service”.
8. Restart the ISA Server Web proxy service by typing net start w3proxy at a command prompt.
* ISA Server digest authentication may not function when it is run with a Windows Server 2003 domain. On the Windows Server 2003 domain controller, you have to register Iissuba.dll. By default, this file is not registered on Windows Server 2003. To resolve this issue, follow these steps:
1. Start a command prompt.
2. Type Rundll32 iissuba.dll, RegisterIISSUBA on each Windows Server 2003 domain controller.
Note This command is case-sensitive.
* You cannot run the ISA Server Security Configuration Wizard in Dedicated mode unless the computer is a member of a domain.
* Remote client connections may be unsuccessful when they send requests to ISA Server computers configured as a Network Load Balancing cluster that has a virtual IP address (VIP) on the external interface. This problem occurs if there are multiple VIPs on the internal interface, and if the UseISAAddressInPublishing registry key that is described in the followng Microsoft Knowledge Base article is used:
311777 (http://support.microsoft.com/kb/311777/EN-US/ ) How to Enable Translating Client Source Address in Server Publishing
Traffic sent from the ISA Server internal interface to the published server originates from one of the internal VIPs and not an individual firewall’s device IP address. The problem occurs because reply traffic is load-balanced and may be sent to a firewall that does not have a context for the connection. This traffic is dropped and will never return to the remote client. This results in a connection failure.
* When you install ISA Server, view reports, or read the ISA Server online help, you may receive the following message:
Microsoft Internet Explorer’s Enhanced Security configuration is currently enabled on your server. This enhanced level of security reduces the risk of attack from Web-based content that is not secure, but it may also prevent Web sites from displaying correctly and restrict access to network resources.
To prevent this message from appearing, click to select the In the future, do not show this message check box, and then click OK.