RE: ISA 2004 REPORT FAILURE
- From: v-crinal@xxxxxxxxxxxxxxxxxxxx ("Crina Li")
- Date: Fri, 15 Sep 2006 03:57:46 GMT
Hi Chris,
Thanks for your update.
If the issue has disappeared, you may not do that.
Thanks for your time.
Best regards,
Crina Li (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA 2004 REPORT FAILURE
| thread-index: AcbX5K7y0vj61H/WTvyzV/+QhR+Bmw==
| X-WBNR-Posting-Host: 58.169.129.168
| From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
<ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
<07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
<RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
<6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
<E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
<8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
<8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
<152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
<qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
<E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
<dDwPA$91GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: ISA 2004 REPORT FAILURE
| Date: Thu, 14 Sep 2006 03:01:01 -0700
| Lines: 319
| Message-ID: <898E5028-B1E3-42D0-B31F-E103668C0B04@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297490
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Sorry for being unclear,
| The permissions remained intact after the reboot
| that is I set NETWORK SERVICES on the program files
| directory (and all sub folders) and it remained there
| after the reboot.
|
|
| I have a very strong suspission that SceCli is resetting the
| permissions when it runs.
|
| Is it still worth while looking into the auditing ?
|
| Thanks for the response, I do appreciate the info greatly
|
| Chris.
|
|
| ""Crina Li"" wrote:
|
| > Hi Chris,
| >
| > Thanks for your update.
| >
| > Do you mean the NETWORK SERVICES permissions are still missing from the
ISA
| > folders after a clean boot? If so, I suggest we restart the computer in
| > Safe Mode with Network to see if the problem also occurs in this mode.
Safe
| > Mode loads a minimally protected-mode configuration, disabling Windows
| > device drivers and using the standard VGA display adapter.
| >
| > 1. Restart the computer.
| > 2. Keep pressing F8 key until the Windows Startup menu appears.
| > 3. Choose the Safe Mode with Network, and press Enter.
| >
| > Note: Some third party applications and hardware devices cannot be used
| > during Safe Mode.
| >
| > Also you can enable Audit log in Event log to do so. I provide the
detailed
| > steps on SBS for your reference:
| >
| > 1. Click Start, click Run, type "gpmc.msc" and click OK.
| > 2. Expand Domains -> your domain -> Domain Controllers.
| > 3. Right-click Small Business Server Auditing Policy and click Edit.
| > 4. Expand Computer Configuration -> Windows Settings -> Security
Settings
| > -> Local Policies -> Audit Policy.
| > 5. In the right pane, double-click "Audit object access".
| > 6. To audit successful access of specified files, folders, select the
| > Success check box.
| > 7. To audit unsuccessful access to these objects, select the Failure
check
| > box.
| > 8. To enable auditing of both, select both check boxes.
| > 9. Click OK.
| > 10. Run "gpupdate /force" or restart the computer so that the policy
takes
| > effect on SBS.
| >
| > After you enable auditing, you need to specify the files, folders that
you
| > want audited. To do so:
| >
| > 1. In Windows Explorer, locate the file or folder you want to audit.
| > 2. Right-click the file, folder that you want to audit, and then click
| > Properties.
| > 3. Click the Security tab, and then click Advanced.
| > 4. Click the Auditing tab, and then click Add.
| > 5. In the "Enter the object name to select" box, type the name of the
user
| > or group whose access you want to audit. You can browse the computer
for
| > names by clicking Advanced, and then clicking Find Now in the "Select
User
| > or Group" dialog box.
| > 6. Click OK.
| > 7. Select the Successful or Failed check boxes for the actions you want
to
| > audit, and then click OK.
| > 8. Click OK, and then click OK.
| >
| > After that, you may check the Security event log to find who change the
| > permission.
| >
| > Please Note: Frankly, checking the security event log to track which
user
| > update certain public folder is not an easy way since there are bunch
of
| > logs there.
| >
| > More information:
| >
| > 174073 Auditing User Authentication
| > http://support.microsoft.com/?id=174073
| >
| > Using Audit Policies to Secure Your Windows 2000 Network
| >
http://whidbey.msdn.microsoft.com/library/default.asp?url=/library/en-us/dne
| > xnt00/html/ewn0054.asp
| >
| > Securing Your Windows Small Business Server 2003 Network
| >
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-
| > b287-c31115ef10a4&displaylang=en
| >
| > Thanks for your time and I look forward to your reply.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: ISA 2004 REPORT FAILURE
| > | thread-index: AcbXmIzTpClj8CgDQkKg+6UsGjRT+g==
| > | X-WBNR-Posting-Host: 165.228.6.71
| > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > <07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > <RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
| > <6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
| > <E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
| > <8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| > <8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
| > <152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
| > <qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: ISA 2004 REPORT FAILURE
| > | Date: Wed, 13 Sep 2006 17:56:02 -0700
| > | Lines: 348
| > | Message-ID: <E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGXA01.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297418
| > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Registry key is as you have noted, so did not change
| > | and still receive the event.
| > |
| > | Update on Restart procedure.
| > | performed steps 1 to 6
| > | machine restarted ok
| > | NETOWRK SERVICES Permissions remained
| > | Received a service failed to load message
| > | on inspecting services list the microsoft firewall service failed to
load
| > |
| > | Events in the application log was as follows
| > |
| > | Event id 14127
| > | The web proxy filter could not initialise
| > | Error code 505.112.4.0.2165.594
| > |
| > | Event id 14060
| > | Cannot load an application filter Web Proxy Filter
| > | 4CB7513E-220E-4C20-815A-1367BAA295FF4
| > | FilterInit fail with error code 0x80070005
| > |
| > | Evenit id 14001
| > | Firewall service failed to initilize
| > |
| > | only way to start firewall was to reapply ISA 2004 SP2
| > | this stopped ISA server related services
| > | copied new files
| > | registered modules
| > | started services
| > | started ISA server related services
| > | and finished
| > |
| > | Still had to manually start the firewall, POP3, Exchange routing
engine,
| > | SMTP and WWW publishing services, but these started with no problems
| > |
| > | Machine is now back to state before restart with
| > | all services ok, all system running fine until the next
| > | morning when i expect ISA reports will fail
| > | due to NETWORK SERVICES missing on folders
| > | Have not restarted server since.
| > |
| > | Your thougts on this ?
| > |
| > | Thanks
| > | Chris
| > |
| > | ""Crina Li"" wrote:
| > |
| > | > Hi Chris,
| > | >
| > | > Thanks for your update.
| > | >
| > | > Based on my research, 1704 SceCli may occur if the registry
information
| > | > regarding Group Policy refresh has been set inappropriately.
Please
| > | > perform the following steps:
| > | >
| > | > 1. Open Registry Editor.
| > | > 2. Locate to the following key:
| > | >
| > | > HKLM\SOFTWARE\Microsoft\Windows
| > | >
| >
NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83
| > | > A}
| > | >
| > | > 3. Modify the Value MaxNoGPOListChangesInterval to 3c0
| > | >
| > | > This is the default value and it will reset "forced policy"
| > re-application
| > | > to 16 hours (960 minutes).
| > | >
| > | > For more detailed information regarding this value, please refer to
the
| > | > following KB article:
| > | >
| > | > 277543 How to delay security policies from being applied
| > | > http://support.microsoft.com/?id=277543
| > | >
| > | > Thanks for your time and I look forward to hearing from you.
| > | >
| > | > Best regards,
| > | >
| > | > Crina Li (MSFT)
| > | >
| > | > Microsoft CSS Online Newsgroup Support
| > | >
| > | > Get Secure! - www.microsoft.com/security
| > | >
| > | > =====================================================
| > | > This newsgroup only focuses on SBS technical issues. If you have
issues
| > | > regarding other Microsoft products, you'd better post in the
| > corresponding
| > | > newsgroups so that they can be resolved in an efficient and timely
| > manner.
| > | > You can locate the newsgroup here:
| > | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| > | >
| > | > When opening a new thread via the web interface, we recommend you
check
| > the
| > | > "Notify me of replies" box to receive e-mail notifications when
there
| > are
| > | > any updates in your thread. When responding to posts via your
| > newsreader,
| > | > please "Reply to Group" so that others may learn and benefit from
your
| > | > issue.
| > | >
| > | > Microsoft engineers can only focus on one issue per thread.
Although we
| > | > provide other information for your reference, we recommend you post
| > | > different incidents in different threads to keep the thread clean.
In
| > doing
| > | > so, it will ensure your issues are resolved in a timely manner.
| > | >
| > | > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please
| > | > check http://support.microsoft.com for regional support phone
numbers.
| > | >
| > | > Any input or comments in this thread are highly appreciated.
| > | >
| > | > =====================================================
| > | >
| > | > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > | > --------------------
| > | > | Thread-Topic: ISA 2004 REPORT FAILURE
| > | > | thread-index: AcbWv5kgOULIoqppRMa8KeZCf+M36A==
| > | > | X-WBNR-Posting-Host: 165.228.6.71
| > | > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | > | References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > | > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > | > <07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > | > <RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
| > | > <6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
| > | > <E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
| > | > <8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| > | > <8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
| > | > | Subject: RE: ISA 2004 REPORT FAILURE
| > | > | Date: Tue, 12 Sep 2006 16:03:02 -0700
| > | > | Lines: 332
| > | > | Message-ID: <152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
| > | > | MIME-Version: 1.0
| > | > | Content-Type: text/plain;
| > | > | charset="Utf-8"
| > | > | Content-Transfer-Encoding: 7bit
| > | > | X-Newsreader: Microsoft CDO for Windows 2000
| > | > | Content-Class: urn:content-classes:message
| > | > | Importance: normal
| > | > | Priority: normal
| > | > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | > | Newsgroups: microsoft.public.windows.server.sbs
| > | > | Path: TK2MSFTNGXA01.phx.gbl
| > | > | Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windows.server.sbs:297095
| > | > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > | > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > | > |
| > | > | Have not had a spare moment yet to cycle the server
| > | > | to test your options, but planning to do so in the next
| > | > | few days.
| > | > |
| > | > | Thought id pass on a few observations.
| > | > |
|
.
- Follow-Ups:
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- References:
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- From: "Crina Li"
- RE: ISA 2004 REPORT FAILURE
- From: Chris
- RE: ISA 2004 REPORT FAILURE
- Prev by Date: Re: Relay Question
- Next by Date: RE: Pop3 messages not delivered
- Previous by thread: RE: ISA 2004 REPORT FAILURE
- Next by thread: RE: ISA 2004 REPORT FAILURE
- Index(es):
Relevant Pages
|
