ISA 2006 SP2 on Win2k3 32bit. I wondered if anyone has experienced similar or got any ideas what to look at.
I've always had this problem, however in the past 4 weeks it's become much more frequent. Prior to the last four weeks, my firewall died about once every other month (on average), however now it seems to die once every other day.
The symptoms are that ISA Server just seems to stop doing it's job. All the services appear to be running. The first I know about it is people saying mobile email has stopped working, can't get on published sites, can't connect to the VPN etc. The solution has always been to either reboot the server (RDP to the desktop or remote shutdown) or stop/start the "microsoft firewall" service (which also stops and starts the remote routing service). When it "dies" it about 3 or 4 minutes to log onto the desktop either via RDP or at the physical console (normally instant when running correctly).
It's also hard to tie down when exactly it dies, because it seems to service existing connections for quite some time (i run a ping monitor, which never alerts me but if i try start a new ping from another machine then it won't respond). This is making it hard to look at firewall log files - I have 100's of 1000's of lines of logs from the last four occasions it's died of a period of about an hour before when I first become aware there's an issue and am currently trying to find some correlation in the data with excel.
There doesn't appear to be any obvious alerts in the ISA console.
I actually have two ISA 2006 servers (not running as a farm, just independent of each other). This is to service RSA SecureID published websites on port 80 on one, and non-RSA SecureID published websites on the other (you can't have two port 80/443 ports listening one with RSA and one without). So in an attempt to diagnose the problem I have moved the client VPN stuff (this is PPTP RSA SecurID OTP EAP protected, although probably has no baring) to the second server - which instantly moved the problem to the second server and resolved the problem on the first server. Therefore I can deduce that it is all down to the VPN.
Currently I am trying to work out who's been logged on at every time there's been a crash, but at the moment this is quite a few people and names I would always expect to be on due to the nature of their work.
Of course the other problem is that when it dies, I don't really have much time to do any work on the server to try get more information as the phone is ringing like mad with people saying "i can't do xyz any more, are there any problems?" :(
heh, in all my years as a loan system administrator for this company (about 15 now) i've never called MS support and not about to start now :) you'd be surprised how effective peer to peer support is and has always got me by. anyway, not even sure MS still support this product, let alone in combination with RSA.
anyway, i never solved it as such, but it appears putting a batch file in to stop and start the MS firewall at 5am every morning "appears" to have stopped the problem from happening. although, as it has always been an intermittent problem i can't know for sure but i'm not about to restart the server or remove the batch file to find out.