Release Notes

1. Installing and Uninstalling

Be sure to read the Microsoft Internet Security and Acceleration (ISA) Server 2006 Getting Started Guide (Isastart.chm). This guide provides installation instructions and setup prerequisites, describes new ISA Server 2006 features, and details walk-throughs highlighting these features. This document is available from the ISA Server 2006 Autorun page, and is located in the root folder on the ISA Server 2006 CD. In addition, for deployment instructions and information about common scenarios, refer to the solution documents, available at the ISA Server Guidance Web site.

We recommend that you install ISA Server 2006 Beta in a non-production environment. If you have questions about the Beta version of ISA Server 2006, post them to the Microsoft ISA Server newsgroups.

Back to Contents

1. Installing and Uninstalling

For best security practice, always install the latest updates for your operating system. For information about recent updates that you may need to install, see Microsoft Update.
When you uninstall the Beta release of ISA Server 2006, the installation directory will not be removed, and the file ISA_Installation_Directory\CookieAuthTemplates\ISA\nls\zh-hk\strings.txt will remain on the computer. You can manually delete the directory and file.

Back to Contents

2. Administering

We recommend that you use BITS caching only with Microsoft Update or Software Update Services servers.
Diffserv support is provided only for Web Proxy clients. Diffserv packets are applied to traffic from transparent clients, but should not be used for packet prioritization for those clients.
When you enable Diffserv on a specific network, and then disable Diffserv on the General tab of the HTTP Diffserv properties, it takes several minutes after you click Apply for the change to take effect. During this time, the Diffserv bits will continue to be added to the packets. To disable Diffserv immediately for all networks, disable it on the General tab and then restart the Microsoft Firewall service. To disable it immediately for just the specific network, clear the selection of that network on the Networks tab of the HTTP Diffserv properties and then click Apply.
In a scenario where an access rule requires authentication, and Diffserv is enabled only for the network that hosts the server that is being accessed, the client receives a "Page not found" error when accessing that server. To allow access, enable Diffserv for both the network where the client is located, and the network where the server is located.
In the Branch Office VPN Connectivity Wizard and in the Appliance Configuration Wizard, on the IPsec Certificate page, you can select the option Use existing certificate. The text for that option reads Select a server certificate from the Personal certificate store. This is incorrect, because you must select a certification authority. A list of certification authorities is provided when you click Browse.
If you have not properly configured the DNS server in the branch network, the ISA Server Branch Office VPN Connectivity wizard may fail. Prior to running the wizard, ensure that the primary DNS in the branch network points to an IP address that represents a valid DNS server in the headquarters branch (the branch that hosts the primary Configuration Storage server).

Back to Contents

3. Firewall Client

This release does not support Firewall clients installed on computers running Microsoft Windows Server Code Name "Longhorn" or Windows Vista operating system.

Back to Contents

4. Publishing

In a scenario where your Web listener receives client credentials using the Basic authentication scheme, and the Web publishing rule delegates the credentials using Kerberos, the delegation may fail for credentials provided in some non-English languages.
In a scenario where your Web listener receives client credentials using the Basic authentication scheme, and the user is authenticated (because of a Web publishing rule or listener requirement), if the user name includes non-English characters, it is possible that no user sessions will be displayed in the Sessions tab of the Monitoring node. Note: Occasionally, user names provided in non-English languages may not appear correctly in the ISA Server log.
The forms-based authentication option to indicate that the client computer is a private computer is recognized only by Internet Explorer 6.0 and later versions. Clients using other browsers can select the private computer option, but will be treated as public computers, and will be subject to the public computer time-out value.
When you publish a Web server, and configure ISA Server to request compressed data from the published server, ISA Server may not request compressed data from the server.
When a user browses with Internet Explorer from a Windows Server 2003 computer and provides credentials to ISA Server using forms-based authentication, ISA Server will not provide compressed content to that user.
When you publish Exchange Web client access (such as Outlook Web Access) using the New Exchange Publishing Rule Wizard, and select ISA Server will use SSL to connect to this Exchange site, the connection will not be set to use HTTPS. To correct this, open the rule properties, and on the Bridging tab, clear Redirect requests to HTTP port, and select Redirect requests to SSL port.
When you open a site that uses the XMLDOM object, the object must be cacheable. Also, when you open a Microsoft Office document inside Internet Explorer using an Office ActiveX object, the document must be cacheable. ISA Server by default prevents caching the objects and documents. For this reason some sites will not display properly. To fix this problem, clear the Prevent caching of protected pages on clients checkbox in the Web listener properties. Note that objects will then remain cached on the client computer after the user disconnects.

Back to Contents

5. Help

To familiarize yourself with how to upgrade from ISA Server 2004 to ISA Server 2006, read the Upgrade Guide, available from the ISA Server 2006 Autorun page.
When opened from a network share, the pages of the Getting Started Guide will not display on a computer running Microsoft Windows Server 2003 with Service Pack 1. To view the Getting Started Guide, copy the file Isastart.chm to a local directory, and open it from there. For more information and other options, see the Microsoft Knowledge Base article 896054, "You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1."

Back to Contents

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people, and events depicted herein are fictitious and no association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft, Outlook, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.

Back to Contents