We have ISA 2004 Std Edition with SP3 and post SP3 fixes on our network. We deploy the FW client to all desktop and laptop PC (although not installed on the servers for obvious reason).
Latetly we have noticed that when we send out the ms hotfixes i.e. security fixes they fail to install on the stations for some reason. Looking at the hotfix log that gets created on the stations in C:\windows folder it complains about not having permission to update windows i.e. se_back_priviliage is required.
If we take the ISA FW client off the station and repeat the ms hotfixes installation it succeeds. I have worked on this problem for long and have singled out that is def. the firewall client that is the problem. Have you guys come across this issues?
OS: Windows XP with SP2 ISA FW Client version: v4.0 (build 4.0.3442.654)
I know that i will get some comment about blaming isa when its not an isa problem but this looks like the it is the FW client. I'm not sure what it modifies on the station when it is installed but it def. causes issues installing the hotfixes. The issue is observed when installing either MS hotfix or service pack. I have gone through all the articles about se_backup_priviliage and all settings in AD are correct and so are the GPO setting etc.
The strange thing is that is happens on some stations and not others even when they are the same spec model, same HW, same connection to switch, server etc.
Completely stumped on this. Any assistance or support would be greatly recieved and appreciated.
Is the Internal Network; Domain and Web Browser properties properly configuured? On the Domains tab; make sure that all Internal Domains are listed. On the Web Browsers tab; make sure that you have defined and listed all servers and domains that need to be directly accessed.
David Melvin Ohio MCSE: Security 2003, MCSA:Security 2003
The internal domains, networks and web browsers servers have have defined correctly. The strange thing is if the firewall client is not installed then the hotfixes would install fine but as soon as the firewall client is installed the fixes don't go on and we the error message in the appropriate KB.xxxxxx.log file
I'm not sure what the firewall client does when its installed but for some reason its having some kind of impact on the perrmissions to install hotfixes etc.
The isa logs is not stating anything as there is no traffic that is being passed during the installation of hotfixes. But the strange thing is that as soon as FW client is installed it fails, in order to install the fixes the station does not need any internet access, just access to the servers from where its pulling the hotfix files. It happens on some stations and not on others.
I have a call open with our support providers and i'm havign to rebuild the stations many times to eliminate different things.
Sory to drag up an old thread but i'm still looking at this issue of the hotfix problem. What i have found out is that if the isa firewall client service is stopped, it does allow the hotfixes to go on correctly.
I have tried all version of the isa firewall client including the latest Forefront TMG client but it hasen't made any difference.
The hotfixes are just normal microsoft fixes for the operating system. I have tried adding update (update.exe) on the firewall client settings but this has not made any difference.
Looks like a permission on either the registry or file system but i can't figure out which keys the firewall client holds on to.
Yes the workstations are all running XP SP3, it was happening when we were on XP SP2 as well and i was really looking forward to getting XP SP3 to see if it solved the problem but it didn't unfortunatelty.
I have out support provider looking at this at the moment and will suggest to them about calling MS PSS and see if they can suss out what is causing the problem.
Will keep you guys updated on what is happening and hopefully a solution if we find one.