RE: ISA 2004 REPORT FAILURE

Unfortunately the problem still remains
the ISA Reports still fail because
the permissions on the working folders
are changed after a period of time.

I can change the permissions manually
on the ISALogs and ISASummaries folders
to include the NETWORK SERVICES account
when I do this the reports run fine

The permissions remain intact even after
a server reboot.

What happens is that after a period of time
mostly overnight, when I return the next
morning the NETWORK SERVICES permissions
are missing from the two folders and
the ISA reports fail

I suspect that the SceCli program is the cause
but dont know why or how to fix it.

What are your thoughts on this ? or do you know
of any other reason why the system would be
removing the permissions from those directories

Thanks again for your patience.

Chris

""Crina Li"" wrote:

Hi Chris,

Thanks for your update.

If the issue has disappeared, you may not do that.

Thanks for your time.

Best regards,

Crina Li (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: ISA 2004 REPORT FAILURE
| thread-index: AcbX5K7y0vj61H/WTvyzV/+QhR+Bmw==
| X-WBNR-Posting-Host: 58.169.129.168
| From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
<ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
<07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
<RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
<6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
<E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
<8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
<8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
<152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
<qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
<E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
<dDwPA$91GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| Subject: RE: ISA 2004 REPORT FAILURE
| Date: Thu, 14 Sep 2006 03:01:01 -0700
| Lines: 319
| Message-ID: <898E5028-B1E3-42D0-B31F-E103668C0B04@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297490
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Sorry for being unclear,
| The permissions remained intact after the reboot
| that is I set NETWORK SERVICES on the program files
| directory (and all sub folders) and it remained there
| after the reboot.
|
|
| I have a very strong suspission that SceCli is resetting the
| permissions when it runs.
|
| Is it still worth while looking into the auditing ?
|
| Thanks for the response, I do appreciate the info greatly
|
| Chris.
|
|
| ""Crina Li"" wrote:
|
| > Hi Chris,
| >
| > Thanks for your update.
| >
| > Do you mean the NETWORK SERVICES permissions are still missing from the
ISA
| > folders after a clean boot? If so, I suggest we restart the computer in
| > Safe Mode with Network to see if the problem also occurs in this mode.
Safe
| > Mode loads a minimally protected-mode configuration, disabling Windows
| > device drivers and using the standard VGA display adapter.
| >
| > 1. Restart the computer.
| > 2. Keep pressing F8 key until the Windows Startup menu appears.
| > 3. Choose the Safe Mode with Network, and press Enter.
| >
| > Note: Some third party applications and hardware devices cannot be used
| > during Safe Mode.
| >
| > Also you can enable Audit log in Event log to do so. I provide the
detailed
| > steps on SBS for your reference:
| >
| > 1. Click Start, click Run, type "gpmc.msc" and click OK.
| > 2. Expand Domains -> your domain -> Domain Controllers.
| > 3. Right-click Small Business Server Auditing Policy and click Edit.
| > 4. Expand Computer Configuration -> Windows Settings -> Security
Settings
| > -> Local Policies -> Audit Policy.
| > 5. In the right pane, double-click "Audit object access".
| > 6. To audit successful access of specified files, folders, select the
| > Success check box.
| > 7. To audit unsuccessful access to these objects, select the Failure
check
| > box.
| > 8. To enable auditing of both, select both check boxes.
| > 9. Click OK.
| > 10. Run "gpupdate /force" or restart the computer so that the policy
takes
| > effect on SBS.
| >
| > After you enable auditing, you need to specify the files, folders that
you
| > want audited. To do so:
| >
| > 1. In Windows Explorer, locate the file or folder you want to audit.
| > 2. Right-click the file, folder that you want to audit, and then click
| > Properties.
| > 3. Click the Security tab, and then click Advanced.
| > 4. Click the Auditing tab, and then click Add.
| > 5. In the "Enter the object name to select" box, type the name of the
user
| > or group whose access you want to audit. You can browse the computer
for
| > names by clicking Advanced, and then clicking Find Now in the "Select
User
| > or Group" dialog box.
| > 6. Click OK.
| > 7. Select the Successful or Failed check boxes for the actions you want
to
| > audit, and then click OK.
| > 8. Click OK, and then click OK.
| >
| > After that, you may check the Security event log to find who change the
| > permission.
| >
| > Please Note: Frankly, checking the security event log to track which
user
| > update certain public folder is not an easy way since there are bunch
of
| > logs there.
| >
| > More information:
| >
| > 174073 Auditing User Authentication
| > http://support.microsoft.com/?id=174073
| >
| > Using Audit Policies to Secure Your Windows 2000 Network
| >
http://whidbey.msdn.microsoft.com/library/default.asp?url=/library/en-us/dne
| > xnt00/html/ewn0054.asp
| >
| > Securing Your Windows Small Business Server 2003 Network
| >
http://www.microsoft.com/downloads/details.aspx?familyid=f62b2722-267c-4642-
| > b287-c31115ef10a4&displaylang=en
| >
| > Thanks for your time and I look forward to your reply.
| >
| > Best regards,
| >
| > Crina Li (MSFT)
| >
| > Microsoft CSS Online Newsgroup Support
| >
| > Get Secure! - www.microsoft.com/security
| >
| > =====================================================
| > This newsgroup only focuses on SBS technical issues. If you have issues
| > regarding other Microsoft products, you'd better post in the
corresponding
| > newsgroups so that they can be resolved in an efficient and timely
manner.
| > You can locate the newsgroup here:
| > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| >
| > When opening a new thread via the web interface, we recommend you check
the
| > "Notify me of replies" box to receive e-mail notifications when there
are
| > any updates in your thread. When responding to posts via your
newsreader,
| > please "Reply to Group" so that others may learn and benefit from your
| > issue.
| >
| > Microsoft engineers can only focus on one issue per thread. Although we
| > provide other information for your reference, we recommend you post
| > different incidents in different threads to keep the thread clean. In
doing
| > so, it will ensure your issues are resolved in a timely manner.
| >
| > For urgent issues, you may want to contact Microsoft CSS directly.
Please
| > check http://support.microsoft.com for regional support phone numbers.
| >
| > Any input or comments in this thread are highly appreciated.
| >
| > =====================================================
| >
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > --------------------
| > | Thread-Topic: ISA 2004 REPORT FAILURE
| > | thread-index: AcbXmIzTpClj8CgDQkKg+6UsGjRT+g==
| > | X-WBNR-Posting-Host: 165.228.6.71
| > | From: =?Utf-8?B?Q2hyaXM=?= <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx>
| > | References: <FF4294D7-2EF1-40CA-81FA-E9CB39034A78@xxxxxxxxxxxxx>
| > <ILUZLSj0GHA.4548@xxxxxxxxxxxxxxxxxxxxx>
| > <07BEA69F-B40E-48D3-AE5B-0ED4C159E081@xxxxxxxxxxxxx>
| > <RNDvMux0GHA.4220@xxxxxxxxxxxxxxxxxxxxx>
| > <6A9614B3-A043-4BAB-910A-841342CBDAD6@xxxxxxxxxxxxx>
| > <E656A05E-0C97-41F8-9AA8-DDFD556C1D43@xxxxxxxxxxxxx>
| > <8gyZBeV1GHA.4280@xxxxxxxxxxxxxxxxxxxxx>
| > <8E1EAD7C-1659-4705-A8F4-04082878759E@xxxxxxxxxxxxx>
| > <152F6CA4-140E-409E-AD45-D2133110A214@xxxxxxxxxxxxx>
| > <qhczxTx1GHA.2156@xxxxxxxxxxxxxxxxxxxxx>
| > | Subject: RE: ISA 2004 REPORT FAILURE
| > | Date: Wed, 13 Sep 2006 17:56:02 -0700
| > | Lines: 348
| > | Message-ID: <E6DC629E-C6F4-4568-92A9-79DCA771D0D0@xxxxxxxxxxxxx>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| > | Newsgroups: microsoft.public.windows.server.sbs
| > | Path: TK2MSFTNGXA01.phx.gbl
| > | Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:297418
| > | NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| > | X-Tomcat-NG: microsoft.public.windows.server.sbs
| > |
| > | Registry key is as you have noted, so did not change
| > | and still receive the event.
| > |
| > | Update on Restart procedure.
| > | performed steps 1 to 6
| > | machine restarted ok
| > | NETOWRK SERVICES Permissions remained
| > | Received a service failed to load message
| > | on inspecting services list the microsoft firewall service failed to
load
| > |
| > | Events in the application log was as follows
| > |
| > | Event id 14127
| > | The web proxy filter could not initialise
| > | Error code 505.112.4.0.2165.594
| > |
| > | Event id 14060
| > | Cannot load an application filter Web Proxy Filter
| > | 4CB7513E-220E-4C20-815A-1367BAA295FF4
| > | FilterInit fail with error code 0x80070005
| > |
| > | Evenit id 14001
| > | Firewall service failed to initilize
| > |
| > | only way to start firewall was to reapply ISA 2004 SP2
| > | this stopped ISA server related services
| > | copied new files
| > | registered modules
| > | started services
| > | started ISA server related services
| > | and finished
| > |
| > | Still had to manually start the firewall, POP3, Exchange routing
engine,
| > | SMTP and WWW publishing services, but these started with no problems
| > |
| > | Machine is now back to state before restart with
.

Relevant Pages

  • RE: ISA 2004 REPORT FAILURE
    ... Do you mean the NETWORK SERVICES permissions are still missing from the ISA ... To audit successful access of specified files, folders, select the ... Microsoft CSS Online Newsgroup Support ... different incidents in different threads to keep the thread clean. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 REPORT FAILURE
    ... Did as you suggested and turned auditing on for the system and folders ... that is setting the wrong permissions of the folders ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 REPORT FAILURE
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | Did as you suggested and turned auditing on for the system and folders ... | that is setting the wrong permissions of the folders ...
    (microsoft.public.windows.server.sbs)
  • RE: ISA 2004 REPORT FAILURE
    ... Audit on the 2 folders to see who change the permission. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... | the permissions on the working folders ...
    (microsoft.public.windows.server.sbs)
  • RE: NT to 2003 server
    ... I'd like to suggest you use File Server Migration Tool. ... Microsoft Online Partner Support ... >>migrate all the files and folders with the permissions. ...
    (microsoft.public.windows.server.migration)