RE: ISA 2004 REPORT FAILURE

Hi Chris,

Thanks for your update.

Based on my research, 1704 SceCli may occur if the registry information
regarding Group Policy refresh has been set inappropriately. Please
perform the following steps:

1. Open Registry Editor.
2. Locate to the following key:

HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83
A}

3. Modify the Value MaxNoGPOListChangesInterval to 3c0

This is the default value and it will reset "forced policy" re-application
to 16 hours (960 minutes).

For more detailed information regarding this value, please refer to the
following KB article:

277543 How to delay security policies from being applied
http://support.microsoft.com/?id=277543

Thanks for your time and I look forward to hearing from you.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA 2004 REPORT FAILURE
| thread-index: AcbWv5kgOULIoqppRMa8KeZCf+M36A==
| X-WBNR-Posting-Host: 165.228.6.71
| From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
<ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
<07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
<RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
<6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
<E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
<8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
<8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
| Subject: RE: ISA 2004 REPORT FAILURE
| Date: Tue, 12 Sep 2006 16:03:02 -0700
| Lines: 332
| Message-ID: <152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297095
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Have not had a spare moment yet to cycle the server
| to test your options, but planning to do so in the next
| few days.
|
| Thought id pass on a few observations.
|
| Reset the NETWORK SERVICES permissions before leaving
| work last night, check remotly on the server at about 10pm
| and they were still there. This morning permissions were
| missing again.
|
| Checked the application event log and the only log entry
| of any interest between 10pm and 8am was an event 1704 SceCli
| stating Security policy in the Group policy objects as been applied
| successfully
| all other events between 10pm and 8am were normal stuff
|
| apparently policies get updated on reboot, that is why i guess
| you want me to do a clean reboot to see if the permissions change.
|
| Again as the small business server is used constantly will try asap
| to confirm above following the steps outlided by yoursef.
|
| would be interesting to know if my above observations indicate
| something that may help resolve problem.
|
| thanks.
|
| Chris
|
| "Chris" wrote:
|
| > Thanks again for the quick reply,
| > When I add back the NETWORK SERVICES permissions
| > to the folders, they stay until the next morning, at which
| > time the ISA reports fail because the permissions have
| > been removed. The only thing running at night is
| > backup exec from a member server, backing up the
| > exchange and the whole small business server.
| >
| > I will find some down time for the server and try steps 1 - 6
| > to see if the permissions remain after the reboot and
| > advise.
| >
| > thanks for the info
| >
| > Regards
| > Chris
| >
| > ""Crina Li"" wrote:
| >
| > > Hi Chris,
| > >
| > > Thanks for your update.
| > >
| > > Do you mean Network Services will be removed for c:\Program
files\Microsoft
| > > ISA Server folder? After you adding it again, does it still disappear?
| > >
| > > As for the unknown SID S-1-5-32-547, it is the SID for "Power Users"
group.
| > > This group only exists on member servers and workstations' local SAM
| > > database. After you upgrade the computer to a domain controller, it
will
| > > show as unknown SID.
| > >
| > > As for the missing of Network Services, please try to perform a clean
boot
| > > on SBS to see how thing goes:
| > >
| > > 1. Click Start, click Run, and then in the Open box, type "MSCONFIG"
| > > (without the quotation marks). Click OK.
| > > 2. In the System Configuration Utility (MSConfig) window, click to
select
| > > the Selective Startup button.
| > > 3. Click to clear the check mark from the "Load startup items" below
| > > Selective Startup.
| > > 4. Click the Services tab, click to check the "Hide All Microsoft
Services"
| > > box, and remove all the check marks from the remained Non-Microsoft
| > > Services. Please note that the Exchange services could be marked as
| > > non-Microsoft. Please do not disable those services.
| > > 5. Click OK to close the MSConfig window. Click Yes when you are
asked to
| > > restart your computer in order to enable the changes.
| > > 6. After restarting, please check whether this issue will reoccur.
| > >
| > > Related information:
| > >
| > > 827016 Local Service and other well-known security principals do not
appear
| > > on your Windows Server 2003 domain controller
| > > http://support.microsoft.com/default.aspx?scid=kb;EN-US;827016
| > >
| > > I appreciate your time and look forward to hearing from you.
| > >
| > > Best regards,
| > >
| > > Crina Li (MSFT)
| > >
| > > Microsoft CSS Online Newsgroup Support
| > >
| > > Get Secure! - www.microsoft.com/security
| > >
| > > =====================================================
| > > This newsgroup only focuses on SBS technical issues. If you have
issues
| > > regarding other Microsoft products, you'd better post in the
corresponding
| > > newsgroups so that they can be resolved in an efficient and timely
manner.
| > > You can locate the newsgroup here:
| > > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > >
| > > When opening a new thread via the web interface, we recommend you
check the
| > > "Notify me of replies" box to receive e-mail notifications when there
are
| > > any updates in your thread. When responding to posts via your
newsreader,
| > > please "Reply to Group" so that others may learn and benefit from
your
| > > issue.
| > >
| > > Microsoft engineers can only focus on one issue per thread. Although
we
| > > provide other information for your reference, we recommend you post
| > > different incidents in different threads to keep the thread clean. In
doing
| > > so, it will ensure your issues are resolved in a timely manner.
| > >
| > > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > > check http://support.microsoft.com for regional support phone numbers.
| > >
| > > Any input or comments in this thread are highly appreciated.
| > >
| > > =====================================================
| > >
| > > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > > --------------------
| > > | Thread-Topic: ISA 2004 REPORT FAILURE
| > > | thread-index: AcbVJrMO6v8XNTBySmCE+bNfsz0HbA==
| > > | X-WBNR-Posting-Host: 165.228.6.71
| > > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > > | References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > > <07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > > <RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
| > > <6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
| > > | Subject: RE: ISA 2004 REPORT FAILURE
| > > | Date: Sun, 10 Sep 2006 15:16:01 -0700
| > > | Lines: 321
| > > | Message-ID: <E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
| > > | MIME-Version: 1.0
| > > | Content-Type: text/plain;
| > > | charset="Utf-8"
| > > | Content-Transfer-Encoding: 7bit
| > > | X-Newsreader: Microsoft CDO for Windows 2000
| > > | Content-Class: urn:content-classes:message
| > > | Importance: normal
| > > | Priority: normal
| > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > > | Newsgroups: microsoft.public.windows.server.sbs
| > > | Path: TK2MSFTNGXA01.phx.gbl
| > > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:296551
| > > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > > |
| > > | Update after week end,
| > > | think I have found the problem
| > > | The NETWORK SERVICES permissions are missing
| > > | from the ISA folders.
| > > |
| > > | this is very strange as I specifically set NETWORK SERVICES
| > > | permissions from the program files root directory
| > > | before the week end.
| > > |
| > > | When I turn up Monday they have been removed by the system !!
| > > | and I have a S-1-5-32-547 user that was not there before
| > > |
| > > | Once NETWORK SERVICES permissions are set all is well
| > > | What could possibly be removing it and where does this
| > > | S-1-5-32-547 come from, solve this and the mystery is revelaed
| > > |
| > > | thanks.
| > > | Chris
| > > |
| > > | "Chris" wrote:
| > > |
| > > | > Just as an update, I have noticed that the log directories
| > > | > receive their user information from the directories above
| > > | > I had a probem removing the unknown user from the log
| > > | > directories.
| > > | >
| > > | > I went to the program files root directory, removed the
| > > | > unknown user and added network services to this directory
| > > | > therefore putting it to all directories below
| > > | >
| > > | > and guess what report publishing started to work fine
| > > | >
| > > | > I am going to check overnight and the week end to see
| > > | > if the report publishing stays enabled and if so well thats great
| > > | >
| > > | > if not will continue with your further options
| > > | >
| > > | > thanks again for the chat, very much appreciated.
| > > | >
| > > | > I have some other questions re SBS 2003 and ISA 2004
| > > | > but will leave that to another post/time
| > > | >
| > > | > Chris
| > > | >
| > > | > ""Crina Li"" wrote:
| > > | >
| > > | > > Hi Chris,
| > > | > >
| > > | > > Thanks for your update.
| > > | > >
| > > | > > From your above description, we may not find the root cause of
the
| > > issue. I
| > > | > > will look forward to your test result of step 3 to see if it is
| > > caused by
| > > | > > the corrupted logs and summaries.
| > > | > >
| > > | > > Thanks for your time.
| > > | > >
| > > | > > Best regards,
| > > | > >
| > > | > > Crina Li (MSFT)
| > > | > >
| > > | > > Microsoft CSS Online Newsgroup Support
| > > | > >
| > > | > > Get Secure! - www.microsoft.com/security
| > > | > >
| > > | > > =====================================================
| > > | > > This newsgroup only focuses on SBS technical issues. If you
have
| > > issues
| > > | > > regarding other Microsoft products, you'd better post in the
| > > corresponding
| > > | > > newsgroups so that they can be resolved in an efficient and
timely
| > > manner.
| > > | > > You can locate the newsgroup here:
| > > | > >
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > > | > >
| > > | > > When opening a new thread via the web interface, we recommend
you
| > > check the
| > > | > > "Notify me of replies" box to receive e-mail notifications when
there
| > > are
| > > | > > any updates in your thread. When responding to posts via your
| > > newsreader,
| > > | > > please "Reply to Group" so that others may learn and benefit
from
| > > your
| > > | > > issue.
| > > | > >
| > > | > > Microsoft engineers can only focus on one issue per thread.
Although
| > > we
| > > | > > provide other information for your reference, we recommend you
post
| > > | > > different incidents in different threads to keep the thread
clean. In
| > > doing
| > > | > > so, it will ensure your issues are resolved in a timely manner.
| > > | > >
| > > | > > For urgent issues, you may want to contact Microsoft CSS
directly.
| > > Please
| > > | > > check http://support.microsoft.com for regional support phone
numbers.
| > > | > >
| > > | > > Any input or comments in this thread are highly appreciated.
| > > | > >
| > > | > > =====================================================
| > > | > >
| > > | > > This posting is provided "AS IS" with no warranties, and
confers no
| > > rights.
| > > | > > --------------------
| > > | > > | Thread-Topic: ISA 2004 REPORT FAILURE
| > > | > > | thread-index: AcbS1oTXhx9/Hnn8SuSho/sHvDpY/Q==
| > > | > > | X-WBNR-Posting-Host: 165.228.6.71
| > > | > > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > > | > > | References:
<FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > > | > > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > > | > > | Subject: RE: ISA 2004 REPORT FAILURE
| > > | > > | Date: Thu, 7 Sep 2006 16:37:02 -0700
| > > | > > | Lines: 239
| > > | > > | Message-ID:
<07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > > | > > | MIME-Version: 1.0
| > > | > > | Content-Type: text/plain;
| > > | > > | charset="Utf-8"
| > > | > > | Content-Transfer-Encoding: 7bit
| > > | > > | X-Newsreader: Microsoft CDO for Windows 2000
| > > | > > | Content-Class: urn:content-classes:message
| > > | > > | Importance: normal
| > > | > > | Priority: normal
| > > | > > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > > | > > | Newsgroups: microsoft.public.windows.server.sbs
| > > | > > | Path: TK2MSFTNGXA01.phx.gbl
| > > | > > | Xref: TK2MSFTNGXA01.phx.gbl
| > > microsoft.public.windows.server.sbs:295987
| > > | > > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > > | > > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > > | > > |
| > > | > > | Thanks for the quick response
| > > | > > | re first items 1 - 6 yes pretty much correct
| > > | > > | when I change the monitoring method
| > > | > > | text or MSDE I can generate all reports
| > > | > > | using either method, but overnight the
| > > | > > | report fails.
| > > | > > |
| > > | > > | the only thing running over night is Backup Exec
| > > | > > | which backs up from the file server where it
| > > | > > | is installed. It backs up the whole
| > > | > > | small business server and the exchange
| > > | > > | by remote agent
| > > | > > |
| > > | > > | Once the report fails to print, I have the
| > > | > > | stated problem and need to change the
| > > | > > | monitoring method to either text or MSDE to
| > > | > > | enable me to produce a report.
| > > | > > |
| > > | > > | I have check the disk space which is fine
| > > | > > | c: 25 gig 13.5 gig free
| > > | > > | d: 42 gig 29.4 gig free
| > > | > > | e: 135 gig 131 gig free
| > > | > > |
| > > | > > | Checked permissions on the ISALogs and ISASummaries
| > > | > > | both had administrator permissions (which I use to publish
report)
| > > | > > | but neither had network services it has
| > > | > > |
| > > | > > | Account Unknows (S-1-5-32-547)
| > > | > > | Administrator
| > > | > > | CREATOR OWNER
| > > | > > | SYSTEM
| > > | > > | TERMINAL SERVER USER
| > > | > > | Users
| > > | > > |
| > > | > > | I have added the NETWORK SERVICES with the correct permissions
| > > | > > | for both directories, but the reports still fail
| > > | > > |
| > > | > > | Just a quick update as I have not been able to
| > > | > > | schedule some quiet time for step 3 yet, but
| > > | > > | thougth I'd give you a quick update on progress
| > > | > > |
| > > | > > | thanks again for the info, very very much appreciated
| > > | > > |
| > > | > > | Chris
| > > | > > |
| > > | > > |
| > > | > > | ""Crina Li"" wrote:
| > > | > > |
| > > | > > | > Hi Chris,
| > > | > > | >
| > > | > > | > From your description, do you mean you are doing as
following?
|

.