[EE] SP2 on Array Members in a Workgroup (CSS Authentication)
- From: Spider777 <dummyREMOVETHISSpider22@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 4 Feb 2006 10:17:18 -0800
Hello!
Today I tried installing the new SP2 for Microsoft ISA Server 2004
Enterprise Edition.
I've setup a back-to-back configuration. My Configuration Storage Server is
located in the domain, and so is the second ISA Server. Both systems were
succesfully updated to SP2.
The first ISA Server is located in a workgroup environment and has a root
certificate installed. I created a mirrored account on this machine and
afterwards added this acount as a mirrored account to the array the first ISA
Server resides. When I open up the ISA Server Management I specify a domain
account for the Configuration Storage Server and the mirrored account for
array level administration. This all works fine.
Now, when I try to install SP2 on the first firewall it pops up an error
telling me the following:
----
Setup failed while registering new events and alerts. Refer to the KB
article of this update for support.
----
The setup logfile contains:
----
MSI (s) (20:F8) [17:39:38:112]: Executing op:
ActionStart(Name=RegisterAlertsAndEvents,,)
Action 17:39:38: RegisterAlertsAndEvents.
MSI (s) (20:F8) [17:39:38:122]: Executing op:
CustomActionSchedule(Action=RegisterAlertsAndEvents,ActionType=25601,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (20:F8) [17:39:38:172]: Creating MSIHANDLE (3117) of type 790536 for
thread 3320
MSI (s) (20:F4) [17:39:38:172]: Invoking remote custom action. DLL:
C:\WINDOWS\Installer\MSI122.tmp, Entrypoint: RegisterAlertsAndEvents
MSI (s) (20!EC) [17:39:38:422]: Creating MSIHANDLE (3118) of type 790531 for
thread 3820
17:39:38 ISA setup CA INFO : ENTRY: RegisterAlertsAndEvents, Current user
is BMW\Administrator
MSI (s) (20!EC) [17:39:38:422]: Closing MSIHANDLE (3118) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:39:444]: Creating MSIHANDLE (3119) of type 790531 for
thread 3820
17:39:39 ISA setup CA ERROR : CRegisterEvents::GetEventDefinitions:
GetContainingArray failed, hr=0xc00403a6
MSI (s) (20!EC) [17:39:39:444]: Closing MSIHANDLE (3119) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:39:474]: Creating MSIHANDLE (3120) of type 790531 for
thread 3820
17:39:39 ISA setup CA ERROR : CRegisterEvents::RegisterEvents:
GetEventDefinitions failed, hr=0xc00403a6
MSI (s) (20!EC) [17:39:39:484]: Closing MSIHANDLE (3120) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:39:484]: Creating MSIHANDLE (3121) of type 790531 for
thread 3820
17:39:39 ISA setup CA ERROR : RegisterAlertsAndEvents: RegisterEvents()
failed, hr=0xc00403a6
MSI (s) (20!EC) [17:39:39:504]: Closing MSIHANDLE (3121) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:40:155]: Creating MSIHANDLE (3122) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:40:165]: Closing MSIHANDLE (3122) of type 790531 for
thread 3820
MSI (s) (20!EC) [17:39:40:165]: Creating MSIHANDLE (3123) of type 790531 for
thread 3820
MSI (c) (5C:68) [17:39:40:185]: Transforming table Binary.
MSI (c) (5C:68) [17:39:40:185]: Transforming table Binary.
MSI (c) (5C:68) [17:39:40:185]: Note: 1: 2262 2: Binary 3: -2147287038
MSI (c) (5C:68) [17:39:40:195]: Transforming table Binary.
MSI (c) (5C:68) [17:39:40:195]: Transforming table Binary.
MSI (c) (5C:68) [17:39:40:195]: Note: 1: 2262 2: Binary 3: -2147287038
----
BMW is the name of the first ISA Server. The 0xc00403a6 is documented on
MSDN (
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/isasdk/isa/administration_object_error_codes.asp ):
----
E_FPC_NOT_CONNECTED_TO_ENTERPRISE
FPC_ERR(0x3A6)
0xC00403A6
The property or method <Name> is not supported when the ISA Server computer
is not connected to a Configuration Storage server.
----
In the firewall logs I do see packets traveling from the first ISA Server to
my Configuration Storage Server. Looking at the audits on the last machine it
shows me the following:
----
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: BMW
Error Code: 0x0
----
Ai, SP2 setup uses the wrong credentials for logging on to the Configuration
Storage Server. As the setup itself doesn't give me the opportunity to
specify this credentials I read through the setup log and found the following
usefull information:
----
ISA setup CA INFO : VerifyPropertyLength: Property
STORAGESERVER_CONNECT_ACCOUNT length < 300
ISA setup CA INFO : VerifyPropertyLength: Property
STORAGESERVER_CONNECT_PWD length < 300
----
But when I use these properties with an domain user account able to connect
to the CSS in the following manner:
----
isa2004sp2.msp STORAGESERVER_CONNECT_ACCOUNT=DOMAIN\Administrator
STORAGESERVER_CONNECT_PWD=password
----
the first ISA Server still sends the credentials of the logged on user
(BMW\Administrator) who runs the SP2 installation instead of the specified
domain user DOMAIN\Administrator specified in the
STORAGESERVER_CONNECT_ACCOUNT property to the Configuration Storage Server.
I hope someone can help me out.
Thanks!
.
- Prev by Date: Re: Microsoft ISA Server 2004 Service Pack 2 is now available!
- Next by Date: Re: FWX_E_TCP_NOT_SYN_PACKET_DROPPED
- Previous by thread: Re: Microsoft ISA Server 2004 Service Pack 2 is now available!
- Next by thread: Re: FWX_E_TCP_NOT_SYN_PACKET_DROPPED
- Index(es):
Relevant Pages
|
