In Microsoft ISA Server 2004, alerts can be configured to shut down the Microsoft Firewall service when situations that raise specific events occur. Whenever the Firewall service shuts down, ISA Server goes into lockdown mode, in which only specific types of traffic are allowed. ISA Server can leave lockdown mode only when the Firewall service is restarted. By default, the built-in Log failure alert shuts down the Firewall service. This alert is triggered by the Log failure event, which is raised when a logging failure occurs. You can prevent logging failures from causing ISA Server to go into lockdown by disabling the action of the Log failure alert that shuts down the Firewall service.

In addition, when logging fails, ISA Server closes the applicable connection. This way, even if ISA Server does not go into lockdown mode, traffic is blocked when logging failures occur. However, if ISA Server does not go into lockdown mode, logging and the flow of most types of traffic can resume when the condition that causes the logging failures is resolved. In Microsoft ISA Server 2004 Enterprise Edition, when lockdown of the Firewall service due to logging failures is disabled, you can use the DropConnectionOnLogError property of the FPCLog object for each logging component to configure ISA Server not to drop connections when logging fails and to continue functioning without logging.

For computers running ISA Server 2004 Enterprise Edition, the Microsoft Visual Basic Scripting Edition (VBScript) code in DisableLockdownOnLogFailure.vbs (listed later in this Web page) disables lockdown of the Firewall service due to logging failures and allows traffic to continue flowing when logging fails by preventing connections from being dropped in all arrays of the enterprise. For a computer running ISA Server 2004 Standard Edition, this script disables lockdown of the Firewall service due to logging failures.

The script can be run on an ISA Server computer with the Firewall service installed, a remote management computer, or a Configuration Storage server (Enterprise Edition). If the script needs to connect to an ISA Server computer with the Firewall service installed or to a Configuration Storage server, it prompts the user for the name of the applicable computer and uses the credentials of the user who is logged on to connect to it. To run this script for an ISA Server 2004 Standard Edition computer or a single array of one or more ISA Server 2004 Enterprise Edition computers, the user must be an ISA Server Administrator in the array. To run this script for multiple arrays, the user must be an ISA Server Enterprise Administrator.

We recommend that you back up your configuration before running this script.

Usage:[CScript] DisableLockdownOnLogFailure.vbs

1. Declare an FPC COM object, an FPCArrays collection, an FPCArray object, an FPCAlert object, an FPCLogs collection, and an FPCLog object.

2. Create an instance of the FPC COM object, which is known as the root object and provides access to the other ISA Server administration COM objects.

3. Try to get the number of arrays in the arrays collection by retrieving the value of the Arrays.Count property of the root object:

   • If an E_FPC_NOT_CONNECTED_TO_ENTERPRISE (0xC00403A6) error is raised, the local computer is running ISA Server 2004 Enterprise Edition and is not connected to a Configuration Storage server. In this case, prompt the user for the name of a Configuration Storage server, and call the ConnectToConfigurationStorageServer method to connect to the Configuration Storage server specified by the user.
     
   • If the number of arrays is equal to 0, the local computer may be a Standard Edition remote management computer or a Configuration Storage server that was set up in an enterprise in which no arrays are configured. In this case, call the Connect method with an empty string. If the local computer is a Configuration Storage server, an E_FPC_NOT_SUPPORTED_IN_EE_CENTRAL_MODE (0xC00403A0) error is raised, and the script should be terminated. If the local computer is a Standard Edition remote management computer, a different error is raised. Ignore this error, prompt the user for the name of an ISA Server computer with the Firewall service installed, and call the Connect method to connect to the ISA Server computer specified by the user.
     

4. Use the Arrays property of the root object to get a reference to the arrays collection.

5. In a For loop, perform the following steps for each array in the arrays collection:

   1. Call the Item method (the default method) of the FPCAlerts collection through the Alerts property of the array object to get a reference to the FPCAlert object that represents the Log failure alert.
      
   2. Call the Unset method of the FPCActions collection through the Actions property of the alert object to modify the alert so that it will not stop the Firewall service, and then call the Save method on the FPCActions collection to write the change to persistent storage.
      
   3. Use the Type method of the array object to determine whether the local computer is running ISA Server 2004 Enterprise Edition. If the local computer is running Enterprise Edition, use the Logging property of the array object to get a reference to the FPCLogs collection. Then in a For loop, ensure that the DropConnectionOnLogError property of each FPCLog object is set to False, and call the Save method on the FPCLogs collection to write the changes to persistent storage.
      

 Script Listing: DisableLockdownOnLogFailure

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' Copyright (c) Microsoft Corporation. All rights reserved.

' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE

' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE

' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS

' HEREBY PERMITTED.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

' For computers running ISA Server 2004 Enterprise Edition, this script

' disables lockdown of the Firewall service due to logging failures and allows

' traffic to continue flowing when logging fails by preventing connections from

' being dropped in all arrays of the enterprise.

' For a computer running ISA Server 2004 Standard Edition, this script disables

' lockdown of the Firewall service due to logging failures.

' The script can be run on an ISA Server computer with the Firewall service

' installed, a remote management computer, or a Configuration Storage server

' (Enterprise Edition). If the script needs to connect to an ISA Server

' computer with the Firewall service installed or to a Configuration Storage

' server, it prompts the user for the name of the applicable computer and uses

' the credentials of the user who is logged on to connect to it. To run this

' script for an ISA Server 2004 Standard Edition computer or a single array of

' one or more ISA Server 2004 Enterprise Edition computers, the user must be an

' ISA Server Administrator. To run this script for multiple arrays, the user

' must be an ISA Server Enterprise Administrator.

' We recommend that you back up your configuration before running this script.

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Option Explicit

' Define the constants needed.

Const Error_NotConnectedToCSS = &HC00403A6

Const Error_ConfigurationStorageServer = &HC00403A0

Const fpcTypeEnterpriseEdition = 1

Const fpcAlertActionStopServices = 3

Const alertName = "Log failure"

DisableLockdownOnLogFailure

Sub DisableLockdownOnLogFailure()

' Declare the objects needed.

Dim root ' The FPCLib.FPC root object

Dim isaArrays ' An FPCArrays collection

Dim isaArray ' An FPCArray object

Dim alert ' An FPCAlert object

Dim logs ' An FPCLogs collection

Dim log ' An FPCLog object

Dim serverName ' A String

Dim num ' An Integer

' Create the root object.

Set root = CreateObject("FPC.Root")

' Try to get the number of arrays.

On Error Resume Next

num = root.Arrays.Count

If Err.Number = Error_NotConnectedToCSS Then

serverName = _

InputBox("Enter the name of a Configuration Storage server.")

' Connect to the specified Configuration Storage server.

Err.Clear

root.ConnectToConfigurationStorageServer serverName

CheckError

ElseIf num = 0 Then

serverName = ""

Set isaArray = root.Arrays.Connect(serverName)

If Err.Number = Error_ConfigurationStorageServer Then

WScript.Echo "No arrays are configured in the enterprise."

WScript.Quit

End If

Err.Clear

' Get the name of an ISA Server computer with the Firewall service

' installed.

serverName _

= InputBox("Enter the name of an ISA Server computer.")

Err.Clear

Set isaArray = root.Arrays.Connect(serverName)

If Err.Number <> 0 Then

WScript.Echo "The specified computer is not available " _

& "or does not have the Firewall service installed."

WScript.Quit

End If

End If

' Get a reference to the arrays collection.

Err.Clear

Set isaArrays = root.Arrays

CheckError

For Each isaArray In isaArrays

' Get a reference to the "Log failure" alert object,

' and modify it so that it will not stop the Firewall service.

Set alert = isaArray.Alerts(alertName)

If Err.Number = 0 Then

alert.Actions.Unset fpcAlertActionStopServices

CheckError

alert.Actions.Save

CheckError

Else

WScript.Echo "The " & alertName & " alert was not found in " _

& isaArray.Name & "."

Err.Clear

End If

If isaArray.Type = fpcTypeEnterpriseEdition Then

' Get a reference to the FPCLogs collection

Set logs = isaArray.Logging

For Each log In logs

' Ensure that the DropConnectionOnLogError property

' is set to False.

log.DropConnectionOnLogError = False

Next

logs.Save

CheckError

End If

Next

WScript.Echo "Done!"

End Sub

Sub CheckError()

If Err.Number <> 0 Then

WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & vbCrLf _

& Err.Description

Err.Clear

WScript.Quit

End If

End Sub