Release Notes

Microsoft Internet Security and Acceleration Server 2000
Service Pack 1

1.0 Introduction	7.0 Using Command-Line Switches
2.0 About Service Pack 1	8.0 Updating Firewall Clients for Service Pack 1
3.0 System Requirements	9.0 ISA Server Bug Fixes
4.0 Installing Service Pack 1 on the ISA Server	10.0 Hot Fixes Included in ISA Server SP1
5.0 Uninstalling Service Pack 1	11.0 Running ISA Server on Windows .NET Standard Server or Enterprise Server (Beta 3)
6.0 Uninstalling Hot Fixes	12.0 Documentation Issues

1.0 Introduction

Internet Security and Acceleration (ISA) Server Service Pack 1 (SP1) provides the latest updates to ISA Server. ISA Server SP1 is a very important milestone. It includes fixes to provide an even higher level of reliability and stability to customers. Microsoft strongly encourages customers to install ISA Server SP1 on all ISA Server computers.

Before installing ISA Server SP1, see the ISA Server Support Web site for the latest information about ISA Server.

Notes:

ISA Server SP1 is required for anyone who would like to run ISA Server on Windows® .NET Standard Server and Windows .NET Enterprise Server (Beta 3 or higher).
ISA Server SP1 will not install with the ISA Server 120-Day Evaluation version.

Back to Contents

2.0 About Service Pack 1

ISA Server SP1 is the same for both Standard Edition and Enterprise Edition, and includes:

All hot fixes issued since RTM.
Fixes for common issues reported by customers through Microsoft Product Support Services (PSS).
Stability fixes for ISA Server services and administration tool in a number of scenarios.
Fixes that enable ISA Server operation on Windows .NET Standard Server or Windows .NET Enterprise Server.

Back to Contents

3.0 System Requirements

ISA Server SP1 may be installed only on a computer running a licensed version of ISA Server 2000. In addition, Windows 2000 Service Pack 2 must be installed on the server before installing ISA Server SP1. This service pack may be downloaded from the Windows 2000 Support Web site.

Notes:

If you already have ISA Server SP1 Beta version installed on your computer, upgrading to the ISA Server SP1 release version is supported. Use the installation instructions provided below.
ISA Server SP1 requires 36 MB of disk space for installation. When installation is complete and the computer is reset, SP1 requires 12 MB of disk space.

Back to Contents

4.0 Installing Service Pack 1 on the ISA Server

ISA Server SP1 is downloaded from the Web using a self-extracting file (ISASP1.exe).
For SP1 installation to complete successfully, the computer will be restarted at the end of the installation process.

To install ISA Server SP1:

Download ISA Server SP1 to your local computer.
Review the ISA Server SP1 Release Notes
Run the ISA Server SP1 executable file to begin the installation.
In the ISA Server SP1 End-User License Agreement, click I Agree to accept the licensing terms and execute the installation.

When the installation finishes, the ISA Server computer will reboot. After rebooting, ISA Server SP1 installation is complete.

Notes:

During installation, the program updates the relevant binaries and saves the original files to a directory called $UNINSTALL_ISA_SP$ located in the ISA Server directory.
The ISA Server SP1 installer only replaces those binaries that are actually installed. You will need to reapply ISA Server SP1 if you do any of the following: add new setup components, remove setup components, or reinstall the server.
When you install ISA Server SP1, all hot fixes released prior to SP1 are also installed as part of the service pack.
When SP1 restarts the machine, and when the machine is shutdown there may be event logs from ISS filter and H.323 GK with irrelevant messages. These messages may be ignored and will not occur again after the computer is restarted.

Back to Contents

5.0 Uninstalling Service Pack 1

During installation, the program adds a new entry to the Add/Remove programs applet, enabling you to uninstall ISA Server SP1 and restore the system to its pre SP1 state.

To uninstall ISA Server SP1:

In the Control Panel, double-click Add/Remove Programs.
Select Microsoft ISA Server 2000 Service Pack 1 and Hot Fixes and click Remove.
Click OK to confirm the uninstall action.
When you restart the computer, the Service Pack 1 entry will no longer appear in the Add/Remove menu.

Notes:

Uninstalling ISA Server SP1 restores the binary files that were saved in the $UNINSTALL_ISA_SP$ directory during SP1 installation.
ISA Server SP1 is not removable if a later service pack or hot fix has been installed. If the later service pack or hot fix is uninstalled, the SP1 is again removable.

Back to Contents

6.0 Uninstalling Hot Fixes

SP1 provides the capability to individually uninstall hot fixes that are released and installed after the SP1 release.

To uninstall a hot fix:

In the Control Panel, double-click Add/Remove Programs.
Select Microsoft ISA Server 2000 Service Pack 1 and Hot Fixes and click Change.
From the list of ISA Server hot fixes, select the hot fix and click Remove.
Follow the instructions on the screen to confirm.
When you restart the computer, the system reverts back to the highest version binaries prior to the hot fix, and the hot fix no longer appears in the list of ISA Server hot fixes.

Notes:

The Remove button is only available when the selected hot fix is the latest hot fix installed (i.e., no later hot fix replaced the same binary).
Hot fixes that were released before ISA Server SP1 and were installed as hot fixes prior to SP1 installation, cannot be individually uninstalled. However, they are included in ISA Server SP1 and can be uninstalled as part of the SP1 uninstall.
ISA Server SP1 must be installed prior to installing/uninstalling any later released hot fixes.

Back to Contents

7.0 Using Command-Line Switches

After you have saved Service Pack 1 files to your hard drive, you can run any of the SP1 command line switches from a command prompt. Command-line switches are provided to allow scripting ability.

Command Switch	Description
-q	Installs the service pack in quiet mode, without any user interface.
-USP	Uninstalls the latest service pack
-UHFX	Uninstalls hot fix number X (where X is the number of the hot fix)

Notes:

At the end of a successful operation, the computer performs an unconditional computer restart. The flag /noboot, can be used to avoid an unconditional computer restart. However, ISA Server SP1 installation is incomplete until the computer is restarted (i.e., the relevant binaries are replaced only when the computer restart occurs).
When installing SP1 in quiet mode, any errors that occur during installation can be found in the error log %windir%\temp\isa_error.log. This file will only appear if an error occurred in quiet mode. A file named isa_report.log is created in the temp directory containing both the error message and details.
The –USP and –UHFX modes are available for uninstalling SP1 and hot fixes in unattended mode.

Back to Contents

8.0 Updating Firewall Clients for Service Pack 1

ISA Server SP1 enhances the stability of the Firewall Client. Therefore, it is recommended that ISA Server client computers be updated with the ISA Server SP1 client fixes.

The client setup must be run directly from the mspclnt share. Running the client reinstall by using the client Add/Remove programs CPL applet or running the client setup from any location other than the mspclnt share will not update the client with the SP1 fixes.

To upgrade the client to ISA Server SP1:

Install ISA Server SP1 on the ISA Server computer.
On the client machine, run setup.exe from the client share directory <\\[host]\mspclnt\setup.exe> choose Repair.

ISA Server SP1 Firewall Client bug fixes are described in the Knowledge Base (KB) articles. For details about the Firewall Client bug fixes, refer to KB article Q313249 which provides a complete listing of all the articles describing ISA Server SP1 bug fixes (KB numbers and titles).

Back to Contents

9.0 ISA Server SP1 Bug Fixes

ISA Server SP1 includes all ISA Server bug fixes released prior to SP1, as well as bug fixes released concurrently with SP1. These fixes are described in the Knowledge Base (KB) articles. KB article Q313249 provides a complete listing of the articles describing ISA Server SP1 bug fixes (KB numbers and titles).

Back to Contents

10.0 Hot Fixes Included in ISA Server SP1

Hot fixes released before ISA Server SP1 are included in ISA Server SP1. These hot fixes are described in the Knowledge Base (KB) articles.

KB Article	Title
Q283213	Blocking and Logging Traffic on ISA Server Internal Interfaces
Q292010	High Memory Consumption by SMTP Message Screener Under Stress
Q292013	Unregistered Fltrsnk1.dll Starts with Inetinfo.exe
Q285812	Cannot Configure or Use the SMTP Filter if the Decimal Symbol is not a Period
Q285807	Rule Fields in Firewall Log are Sometimes Not Logged Properly
Q288247	Access Violation in Mspadmin.exe with ISA Server with Multiple IP Addresses on an External Interface
Q292014	Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule
Q291427	Only the First Web Site is Returned Using Web Publishing for Multiple Sites
Q292017	Content-Type Value Should be Stripped from Parameters Before Check
Q292018	Slow Response from Downstream ISA Server Using Web Proxy Chaining
Q292545	Autodetection Does Not Work for Chinese and Korean Versions of Browsers
Q290731	Firewall Service (Wspsrv.exe) Problems with High S-NAT Client Load
Q291000	External MAPI Clients Cannot Connect with RPC
Q292546	Firewall Service (Wspsrv.exe) Hangs When Handling RTSP Streams
Q293161	"STOP 0x000000D1" When Passing Fragmented Packets Without NAT
Q293863	Multiple Overdue Tasks Are Run and Alerts Are Issued for a Short Period
Q295279	Web Proxy Service Crashes If URL Requests a Specifically Malformed Argument
Q295090	Access Violation in W3proxy.exe Because of HTTP VARY Header Processing
Q297080	Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy
Q301425	ISA Server Does Not Cache Responses that Contain the Location Header
Q297324	Multiple Authentication Dialog Boxes Are Displayed When You Use Access Control
Q300707	Invalid Content-Length Header May Cause Requests to Fail Through ISA Server
Q295386	PDF Files Are Not Returned from the ISA Server Cache
Q294722	Proxy Error 502 Is Returned by ISA Server Under Heavy Stress
Q301380	Some Server Variables are not Fully Implemented in ISA Server
Q303379	Firewall Client Conflict with Third-Party Layered Service Providers Causes Connectivity Problems
Q295389	Scripts Can Be Run in the Error Page that is Returned by ISA Server
Q289503	Memory Leak in ISA Server H.323 Gatekeeper Service and Winsock Proxy Service When Decoding Malformed Packets
Q304340	The ISA Server Response to Client Options Requests is Limited to a Predefined Set
Q305204	Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication
Q295388	Access Violation Occurs in Firewall Client under High Load
Q307784	Server Publishing Rules Intermittently Fail

Back to Contents

11.0 Running ISA Server on Windows .NET Standard Server or Enterprise Server (Beta 3)

The following are known issues when running ISA Server on Windows .NET Standard Server or Enterprise Server Beta 3 (build 3590) or higher:

ISA Server can be installed on computers running Windows .NET Standard Server or Enterprise Server. However, the packet filter extension driver in the release version of ISA Server (mspfltex.sys) is incompatible with computers running a Windows .NET server operating system and is blocked from loading during installation. Because ISA Server SP1 includes a compatibility fix for the driver, all error messages related to this issue displayed during installation can be safely ignored. After ISA Server installation, some services will not start. Installing ISA Server SP1 implements the driver fix. Following SP1 installation, ISA Server will function correctly.
Before installing ISA Server on a computer running Windows .NET Standard Server or Enterprise Server, make sure the computer is disconnected from the Internet. The computer should remain disconnected from the Internet until ISA Server SP1 installation is completed successfully. After ISA Server SP1 is successfully installed, the computer can be safely connected to the Internet.
ISA Server SP1 must be installed prior to upgrading an ISA Server computer running Windows 2000 Server or Advanced Server to Windows .NET Standard Server or Enterprise Server.
ISA Server 120-Day Evaluation is only supported on Windows 2000 Server or Advanced Server at this time. ISA Server 120-Day Evaluation must be uninstalled from any Windows 2000 Server or Advanced Server prior to upgrading to Windows .NET Standard Server or Enterprise Server.
The firewall service does not start with the dialup Internet connection firewall (ICF) enabled. When this occurs, an event log from the firewall service indicates that ICF being enabled is a possible reason for the firewall service's failure to start. Follow the instructions in the event log to run the firewall service. If you plan to run ISA Server on computers running a Windows .NET server operating system, first ensure that ICF is disabled for all dialup connections.
After running the system hardening (dedicated level), the domain administrators group is removed from the Administrators group of the computer.
Performance alerts in the ISA Server Performance Monitor snap-in must run in an account which belongs to the Administrators group. By default, Windows .NET Standard Server or Enterprise Server performance alerts are configured to run under the Network Service account, which lacks adequate permissions. This can be resolved as follows:

Run the ISA Server Performance Monitor.
Expand Performance Logs and Alerts, and then click Alerts.
In the right pane, right-click on an alert, and then click Properties.
In the Properties dialog box, click the General tab.
In the Run As text box, enter the user name of an account which belongs to the Administrators group of the computer, then click the Set Password button.
In the Set Password dialog box, enter the password and then click OK.
In the Properties dialog box, click OK.

Notes:

For more information about running ISA Server on Windows .NET Standard Server or Enterprise Server, see the Using ISA Server on Windows .NET Server or Windows .NET Enterprise Server.

Back to Contents

12.0 Documentation Issues

Please note the following with regard to ISA Server online documentation:

Topic	Current text...	Should read...
ISA Server control service	"Net stop mspadmin"	"Net stop isactrl"
Service Permissions	HKLM\CurrentControlSet\Services\ W3Proxy\Parameters	HKLM\SYSTEM\CurrentControlSet\Services\W3Proxy\Parameters
Configuring outgoing Web request properties	"By default, ISA Server listens on port 8080 for all HTTP requests and, if selected, on port 443 for all SSL requests."	"By default, ISA Server listens on port 8080 for all HTTP requests and, if selected, on port 8443 for all SSL requests."
Bandwidth rules	"Bandwidth rules are available in all installation modes."	"Bandwidth rules are available in firewall and integrated modes. Bandwidth rules are not available in cache only mode.
Site and Content Rules	ISA Server may ignore any path specified in the destination set, for particular clients or protocols used.	ISA Server may ignore the site rule if the destination set contains a path, when using certain clients and protocol combinations.
How to... Run unattended client installation	Path\Setup /v " /qn	Path\Setup /v"/qn
Configuring Destination Sets	You can also indicate specific paths on a computer that can or cannot be accessed by clients. The path can also include an asterisk as a wildcard.	Note: When creating a destination set for external SSL sites, a path of /* results in inability to access the site.
How to... Start a service	"To start all services, in the console tree, right-click Services and then click Start all services."	This note is no longer valid
How to... Back up a configuration	The backup file can be saved to any drive on the local computer. It cannot be saved to another computer.	This note is no longer valid
How to... Configure redirect SSL requests	"If you select HTTP requests, then ISA Server terminates the secure control channel."	This note is no longer valid

Back to Contents

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people, and events depicted herein are fictitious and no association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.

Back to Contents

Release Notes

Microsoft Internet Security and Acceleration Server 2000 Service Pack 1

1.0 Introduction

2.0 About Service Pack 1

3.0 System Requirements

4.0 Installing Service Pack 1 on the ISA Server

5.0 Uninstalling Service Pack 1

6.0 Uninstalling Hot Fixes

7.0 Using Command-Line Switches

8.0 Updating Firewall Clients for Service Pack 1

9.0 ISA Server SP1 Bug Fixes

10.0 Hot Fixes Included in ISA Server SP1

11.0 Running ISA Server on Windows .NET Standard Server or Enterprise Server (Beta 3)

12.0 Documentation Issues

Microsoft Internet Security and Acceleration Server 2000
Service Pack 1