ISAServer2006无法同步与常见排错

合集下载

动易2005、2006版常见错误号的原因分析及解决方法

动易2005、2006版常见错误号的原因分析及解决方法================================================================错误号：432错误描述：File name or class name not found during Automation operation错误来源：PE_Common6原因分析：服务器没有升级脚本引擎。

解决方法：升级服务器的IE到6.0以上版本，如果还不行，单独安装脚本解释引擎。

正在生成网站首页（/Index.htm）……错误号：-2147319779错误描述：Automation error Library not registered.错误来源：PE_Common原因分析：服务器的IE版本过低。

解决方法：升级服务器的IE到6.0以上版本，如果还不行，单独安装脚本解释引擎。

错误号：-2147319779错误描述：Automation error Library not registered.错误来源：PE_CMS6原因分析：错误定义的应用程序或对象错误，可能是服务器的脚本解释引擎版本过低引起。

解决方法：安装脚本解释引擎。

下载地址：/software/catalog55/903.html。

数据采集错误错误号：7错误描述：Out of memory错误来源：PE_Common原因分析：PE_Common，Out of memory，内存溢出，这十分不好说，范围很广。

有可能：1、采集的文章有日文片假名。

2、内存不足。

也有可能一点，你的采集历史记录非常非常的庞大，因为采集是第一次全部读入内存减小对数据库频繁的检索量，历史记录和采集项目的资料太多了，内存不足解决方法：这和个人计算机有关，如果条件允许换个服务器看看，故障发生在内存。

最近发表或者管理文章出现这个提示，不知道代表是什么？错误号：-2147467259错误描述：007~ASP 0104~不允许操作~错误来源：Request 对象原因分析：这个提示是因为没有打开WIN2003的200K数据提交限制引起的。

WAS节点不同步解决办法

WAS节点不同步解决办法WAS 节点不同步解决办法一错误现象：1、启动应用的时候特别慢，报“可能已经启动成功，但没有在预定的时间启动完成，详情请参考日志xxx”。

2、“企业级应用程序”下应用的状态好像不对，在WebSphere企业应用程序中启动起来的应用在这里仍然是“红X”状态。

3、系统管理下的节点状态不对，同步节点后仍然显示未同步。

4、部署新应用后启动时，会报[12-4-11 20:08:07:127 CST] 0000002b DefaultT okenP I HMGR0149E: 尝试打开到核心组 DefaultCoreGroup 的连接被拒绝。

发送进程的名称为 fqztestapCell01\fqztestapCellManager01\dmgr 且 IP 地址为 /172.18.251.23。

本地进程中的全局安全性为 Disabled。

发送进程中的全局安全性为Enabled。

接收到的标记以 ?0G+?Qe?? 开头。

异常为。

[12-4-11 20:20:40:736 CST] 00000017 AdminHelper A ADMN1009I: 尝试启动 rews_message_parse 应用程序。

Was控制台节点显示同步状态不正常，无法完成同步，问题解决如下：一、切换到bin目录下，执行相应命令，依次停止server 、node 、dmgr（严格按照此顺序）/opt/IBM/WebSphere/AppServer/profiles/AppSrv02/bin/stopServer.sh server1 --servername/opt/IBM/WebSphere/AppServer/profiles/AppSrv02/bin/sto pNode.sh/opt/IBM/WebSphere/AppServer/bin/stopManager.sh二、删除 wstemp, temp 和 config/temp 文件夹下面的临时文件/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/temp、wstemp、tranlog目录下内容删除/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/config/t emp目录下内容删除。

IIS6.0调试中出现的问题

IIS6.0调试中出现的问题问题一：启动IIS6.0时出现503错误当启动IIS6.0时，如果遇到503错误，表示应用程序池无法启动。

这个错误通常有以下几种可能的原因：1.应用程序池错误：检查应用程序池的身份验证设置、进程模型、.NET CLR 版本以及其他相关设置。

确保应用程序池的相关设置与你的应用程序和服务器环境相匹配。

2.配置错误：检查 IIS 配置文件，特别是应用程序的Web.config 文件。

确保所有配置项的语法正确，并且没有错误的设置。

3.依赖项错误：如果你的应用程序依赖于其他组件或服务，确保这些依赖项已正确安装和配置，并且可以正常使用。

解决此问题的方法包括：检查应用程序池设置、修复配置错误、安装缺失的依赖项等。

你可以参考以下步骤来逐步解决问题：1.检查应用程序池设置：–打开 IIS 管理器，找到应用程序池。

–右键单击应用程序池，选择“高级设置”。

–检查身份验证设置、进程模型、.NET CLR 版本等是否正确配置。

2.修复配置错误：–打开应用程序所在的文件夹，找到Web.config 文件。

–检查文件的语法和配置项，确保没有错误的设置。

–如果发现错误，进行修复并保存文件。

3.检查依赖项：–确保应用程序所依赖的组件或服务已正确安装并配置。

–检查组件或服务是否运行正常，并且没有出现任何错误。

如果以上方法都无法解决问题，你可以查阅相关的文档、社区或寻求专家的帮助来进一步解决503错误。

问题二：IIS6.0无法识别页面当你在 IIS6.0 上部署网站时，可能会遇到无法识别页面的问题。

这个问题通常是由以下几个原因引起的：未安装或未注册：确保已正确安装并注册在 IIS 中。

2.IIS 配置错误：检查 IIS 的设置，确保它已正确配置以处理页面。

3.MIME 类型错误：如果服务器无法识别页面的MIME 类型，这可能会导致无法正常浏览页面。

解决此问题的方法包括：验证安装、检查 IIS 配置、添加MIME 类型等。

主备视频服务器画面不同步的解决方法

主备视频服务器画面不同步的解决方法主备视频服务器画面不同步是指在主备视频服务器系统中，主机和备机的显示画面出现了不同步的现象。

这种问题的出现往往会影响用户的观看体验，并且可能会导致信息传输的误差。

因此，及时发现并解决主备服务器画面不同步问题是非常重要的。

解决主备视频服务器画面不同步问题需要综合考虑硬件和软件两方面的因素。

下面将详细介绍几种可能的解决方法。

1.调整硬件设置主备服务器的硬件设置可能会对画面同步性产生影响。

首先，我们需要检查网络接口卡（NIC）的设置。

确保主备服务器的网络接口卡设置一致，并按照厂家建议的设置参数进行配置。

同时，确认主备服务器的电源供应和电源线连接都正常，以保证服务器的稳定运行。

2.优化网络环境网络环境对视频画面同步性有很大影响。

可以尝试以下几种方式来优化网络环境：-检查网络设备，如交换机和路由器，确保其能正常传输和处理大量视频数据。

如果发现网络设备过载或运行不正常，可以升级设备或采取安全措施，如增加缓冲区大小。

- 检查网络连接质量，如延迟和丢包率。

可以使用网络性能测试工具，如ping和tracert来检查网络连通性和延迟，并及时做出调整。

-减少网络拥塞。

使用流量控制、数据压缩和流量分流等方法，可以有效降低网络拥塞，提高视频传输效率。

3.更新软件版本主备服务器的软件版本也会影响画面同步性。

因此，我们需要确保主备服务器上安装的软件版本一致，并及时更新至最新版本。

此外，还应仔细阅读更新日志，了解新版本是否修复了与画面同步有关的问题。

4.优化视频编解码算法不同的视频编解码算法可能会导致画面同步不一致。

可以尝试使用其他的编解码器来进行视频传输，并对比不同编解码算法的同步效果。

同时，也可以调整编解码参数，如码率和帧率等，以获得更好的画面同步性。

5.增加缓冲区大小在主备服务器中增加缓冲区大小，可以提高画面同步性。

较大的缓冲区可以存储更多的视频数据，以应对不同服务器之间的传输延迟。

但是，缓冲区过大可能会增加视频播放的延迟。

Windows与Internet时间同步错误故障的解决方案

1.同步时出现提示“RPC错误”。

有些电脑在进行时间同步的时候提示RPC错误，在管理工具——服务中查看Remote Procedure Call (RPC)服务，将其设为自动启动。

2.如果同步时出现的是时间“同步错误”，原因有三种情况：
①微软提供的时间同步服务器故障或忙，直接输入另一快速服务器：210.72.145.44 。

②如果这样还不行，打开系统服务Windows time ,将其设为自动启动。

③还不行的话就是防火墙阻止了系统服务链接时间服务器，且没有任何提示，只要将防火墙关闭再更新就可以成功更新时间了。

另外系统默认的时间同步间隔只是7天，我们无法自由选择，使得这个功能在灵活性方面大打折扣。

其实，我们也可以通过修改注册表来手动修改它的自动同步间隔。

开始——运行，输入“Regedit”进入注册表编辑器，展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProvider s\NtpClient ] ，双击SpecialPollInterval 键值，将对话框中的“基数栏”选择“十进制”。

现在看到话框中显示的数字正是自动对时的间隔(以秒为单位)，比如默认的604800就是由7(天)×24(时)×60(分)×60(秒)计算来的，看明白了吧，如果您想让XP以多长时间自动对时，只要按这个公式算出具体的秒数，再填进去就好了。

比如我填了3天，就是259200。

ISA中文站-关于ISA2006短暂阻止TCPIP保护网络问题（多天仍未解决）

ISA中文站-关于ISA2006短暂阻止TCPIP保护网络问题（多天仍未解决）我也遇到这样的问题，正好是在打完一次window2003的一个补丁之后出现的，问题持续了将近一个月的时间，后重启服务器后问题没有再重现。

如下是微软技术支持所提供的答案，大家可以参考一下：步骤一：更新系统的SPN补丁在TCP/IP Offload-启用网络适配器的计算机上安装Windows Server 2003 Service Pack 2 (SP 2) 之后，您可能会遇到许多与网络相关的问题。

可能会出现下列问题：l 您遇到间歇性 RPC 通信失败。

l 在服务器停止响应。

详见如下文档：/kb/948496/zh-cn因此根据该情况，我们建议您根据您系统的语言，下载如下的32位系统补丁：/downloads/details...6F-1BF708F6B567参考资料：/?kbid=950224步骤二：调整默认MTU设置麻烦您通过以下注册表键值确认一下您EnablePMTUDiscovery 的值是否为1,如果值不是为1麻烦您修改EnablePMTUDiscovery的值为1HKLM\SYSTEM\CurrentControlSet\Services\T cpip\Paramete rs说明：Value Meaning0 TCP uses an MTU of 576 bytes for all connections to computers outside the local subnet.1 TCP attempts to discover the MTU of the path to a remote host.。

主从同步不同步表结构

主从同步不同步表结构
主从同步是数据库架构中的一种设计模式，其中一个数据库（主库）负责处理事务并记录更改，而其他数据库（从库）则复制主库的更改并应用于自身。

这使得数据在多个数据库之间保持一致。

如果表结构在主从同步的数据库中不同步，这可能会导致数据不一致、错误或意外的行为。

具体来说，这可能导致以下几个问题：
1.数据类型不匹配：如果在主库中更改了表结构（例如，改变了某个列的数据类型），而这个更改没有同步到从库，那么在主库和从库之间，相同的数据可能具有不同的值或表示方式，导致数据不一致。

2.索引问题：如果表结构更改涉及索引的添加、删除或修改，而没有同步到从库，那么查询性能可能会受到影响，因为主库和从库的查询优化方式可能不同。

3.触发器或存储过程问题：如果表结构更改涉及触发器或存储过程的修改，而这些更改没有同步到从库，那么主库和从库之间的数据操作行为可能不同，导致数据不一致。

4.数据完整性问题：如果表结构更改导致主库中的数据完整性受到破坏（例如，由于外键约束的更改），而这个更改没有同步到从库，那么从库中的数据可能不再与主库保持一致。

为了确保数据的一致性和完整性，通常需要在主从同步的数据库架构中保持表结构的同步。

这可以通过自动化工具、数据库复制过程或手动同步来实现。

在某些情况下，可能需要重新设计数据库架构以确保表结构的同步。

电脑时间同步出错

电脑时间同步出错近年来，随着计算机技术的迅速发展，电脑已经成为人们生活中不可或缺的一部分。

无论是工作还是娱乐，我们都离不开电脑的使用。

然而，在日常使用中，我们可能会遇到一些问题，比如电脑时间同步出错。

本文将详细介绍电脑时间同步出错的原因和解决方案。

首先，让我们来了解一下为什么电脑时间同步会出错。

电脑的时间同步是指将电脑的系统时间与其他时间源进行同步，以确保电脑时间的准确性。

电脑时间同步通常依赖于网络时间协议（NTP）服务器或操作系统的内部时钟。

然而，由于各种原因，电脑时间同步可能会出现错误。

一种常见的原因是网络连接问题。

当电脑无法连接到NTP服务器或无法与其他时间源进行通信时，电脑时间同步就会出错。

这可能是因为网络连接速度缓慢、网络故障或防火墙设置等原因导致的。

另外，操作系统的内部时钟也可能导致电脑时间同步出错。

当操作系统的内部时钟出现偏差时，电脑的系统时间就会不准确，进而导致时间同步出错。

内部时钟偏差可能是由于硬件故障、操作系统错误或不正确的时间设置引起的。

那么，当我们遇到电脑时间同步出错时，应该如何解决呢？下面是一些常见的解决方案。

首先，我们可以尝试重启电脑。

有时候，电脑时间同步出错只是暂时性的问题，通过重新启动电脑，可能能够解决该问题。

在重启过程中，电脑会重新初始化系统时间并与网络时间源进行同步。

如果重启电脑无效，我们可以尝试手动设置时间。

在Windows操作系统中，我们可以找到时间和日期设置，并手动调整系统时间。

然后可以再次尝试与NTP服务器进行同步，通常可以解决时间同步出错的问题。

此外，我们还可以检查网络连接和防火墙设置。

确保电脑能够正常连接到互联网，并且没有防火墙阻止与NTP服务器进行通信。

如果发现问题，可以尝试重新连接互联网或调整防火墙设置以解决电脑时间同步出错的问题。

另一个解决方案是更新操作系统和驱动程序。

时钟同步问题有时可能是由于操作系统或驱动程序的错误导致的。

通过更新操作系统和驱动程序，可以修复可能存在的错误，并提高时间同步的准确性。

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

Microsoft Internet Security and Acceleration Server 2004Troubleshooting Configuration Storage Servers in ISA Server 2004 Enterprise EditionThis document provides general guidelines and recommendations for troubleshooting issues encountered during the installation, replication, and administration of the Configuration Storage server component of Microsoft Internet Security and Acceleration (ISA) Server 2004 and ISA Server 2006 Enterprise Edition. This document is organized as follows:∙Introduction to the Configuration Storage server concept.∙Troubleshooting connectivity issues. Many problems encountered are due to connectivity issues with the Configuration Storage server. This section of the document provides troubleshooting steps for you tofollow.∙Specific issues. Troubleshooting other common issues encountered when you install, replicate or managea Configuration Storage server.∙An appendix with information about useful tools and scripts.TroubleshootingTroubleshooting Steps for Connectivity IssuesAppendixChangeStorageServer.exeAdditional ResourcesThe Configuration Storage server component of ISA Server 2004 and ISA Server 2006 Enterprise Edition is the repository of the enterprise layout and the configuration for each server in the enterprise. This repository is an instance of Active Directory Application Mode (ADAM). When you install the Configuration Storage server component during ISA Server Setup, you also install ADAM on the designated Configuration Storage server computer. You do not need to administer ADAM directly. All management of the Configuration Storage server is done using the ISA Server Management console.Multiple Configuration Storage servers can be deployed in the enterprise. Each ISA Server array member points to a specific Configuration Storage server, from which it receives updated configuration settings. This configuration occurs at array level, so you cannot configure two different Configuration Storage servers for two members of the same array. However, you can specify an alternate Configuration Storage server that an array member should use in case the first Configuration Storage server fails. A situation can arise in which one array member is using the primary Configuration Storage server, while another member of the same array is using the alternate Configuration Storage server. Such a situation is usually a temporary issue with the primary server, and eventually all array members will switch to using it.Each ISA Server has a local copy of its configuration settings stored in ADAM. This information includes relevant portions of the enterprise configuration, array configuration information, and server-specific information. If a Configuration Storage server fails, ISA Server Management console will not provide access to any server functionality because it requires a connection to a working Configuration Storage server. At the same time, the ISA Server computer will continue to provide firewall, VPN, and proxy services based on the last known configuration it received from the Configuration Storage server. However, you will not be able to monitor or change the ISA Server configuration until the Configuration Storage server is restored, or until you connect to a different Configuration Storage server in the enterprise. When the Configuration Storage server is back online, array members connect and synchronize automatically.A single Configuration Storage server can store firewall policy for multiple ISA Server arrays in a number of different configuration scenarios, as follows:∙The Configuration Storage server and ISA Server are installed on the same computer, which is configured in workgroup mode or as a domain member.∙The Configuration Storage server and ISA Server array members are installed on different computers, with any of the following configurations:∙Both the Configuration Storage server and ISA Server array members belong to the same domain or to trusted domains.∙The Configuration Storage server and ISA Server array members are members of different domains, with no trust between them.∙Both the Configuration Storage server and ISA Server array members are installed in workgroup mode.∙The Configuration Storage server is installed in workgroup mode, and ISA Server array members belong to a domain.∙The Configuration Storage server is a domain member, and ISA Server array members are installed in workgroup mode.In a workgroup scenario, server certificates are used for authentication between ISA Server array members and the Configuration Storage server. If you are using certificates in a workgroup scenario, and then move to a domain configuration, you can continue to use certificate authentication. Moving to Windows authentication (Kerberos) in such a scenario is not supported.For more information on deploying Configuration Storage server, see the following resources:∙For deployment recommendations, see Deployment Guidelines for ISA Server 2004 Enterprise Edition.∙For information on workgroup scenarios, download ISA Server 2004 Enterprise Edition in a Workgroup.∙For a procedural walkthrough to configure ISA Server array members in a domain and the Configuration Storage server in workgroup mode, see the ISA Server 2004 Enterprise Edition Configuration Guide.The information in these documents also applies to ISA Server 2006 Enterprise Edition.During normal ISA Server operations, ADAM does not require direct administration. If you do need to troubleshoot ADAM issues, see the following resources:∙For information on understanding, administering, and configuring ADAM, see Active Directory Application Mode (ADAM).∙For troubleshooting specific ADAM issues, see ADAM troubleshooting and frequently asked questions.TroubleshootingMost issues with Configuration Storage server result in connectivity problems, with their source in one of the following areas:∙Physical connectivity∙Name resolution∙Flawed credentialsThis section provides the following troubleshooting information:∙General troubleshooting steps to follow for all connectivity issues.∙Troubleshooting tips and hints for other common issues.Troubleshooting Steps for Connectivity IssuesConnectivity issues with the Configuration Storage server may occur during Setup and uninstall, or when managing and configuring ISA Server. Connectivity issues can be related to physical network problems, failed name resolution, or service availability. Losing connectivity with the Configuration Storage server is not fatal for the operation of ISA Server services, which continue using the local copy of the configuration settings. However, connectivity to the Configuration Storage server is required to keep the local copy of the configuration up to date, which may be crucial for correct operations and protection of the organization’s network resources.Connectivity issues may manifest themselves with a number of different errors and events. The most common types of errors include the following:∙Errors indicating that configuration changes cannot be saved or loaded∙Error messages specifying that array members cannot connect to a specified Configuration Storage server∙Name resolution errors∙Errors with the ISASTGCTRL service of Configuration Storage server∙Authentication issues that arise when ISA Server array members cannot authenticate with the Configuration Storage server. In workgroup scenarios, or across untrusted domains, issues might berelated to incorrect certificate configuration.The following troubleshooting steps can be used whenever there is a problem with connection to the Configuration Storage server. Perform each troubleshooting step in order. If a problem is diagnosed, fix appropriately, and then re-check connectivity. If the problem persists, continue on to the next step.Step 1: Verify Configuration Storage Server Name SettingsTo verify that the Configuration Storage server name is specified correctlyVerify that the Configuration Storage server name specified in ISA Server Management console is correct. By default the ISA Server Management console uses the credentials of the logged on user and the Configuration Storage server name that is specified for the array members. To access a different Configuration Storage server, you may need to provide the name of the server and credentials. Alternatively, run the ISA Server Management console on the Configuration Storage server. Verify the Configuration Storage server name as follows:∙In the console tree of ISA Server Management, click Microsoft Internet Security and Acceleration Server 2004 or Microsoft Internet Security and Acceleration Server 2006, click Arrays, right-click the specific array, and then click Properties.∙On the Configuration Storage tab, in Configuration Storage server, verify that the fully qualified domain name (FQDN) is correctly specified.Step 2: Verify Name Resolution SettingsTo verify that the forward name lookup is properly configured on the computer running ISA Server servicesAt the command prompt, type:ping name(where name is the name of the Configuration Storage server).Note that when the ISA Server computer is installed in workgroup mode, ISA Server may not be able to resolve the name of the Configuration Storage server with a DNS query (DnsQuery_W), even though ping is successful. In this case, events 21257 and 21271 may be logged in the Application log of the Windows Event Viewer.To resolve any name resolution issues, ensure that the DNS server used by ISA Server has an entry to resolve the name of the Configuration Storage server.Step 3: Check Service AvailabilityTo check that the ISASTGCTRL service of Configuration Storage server is available∙In the console tree of ISA Server Management, click Microsoft Internet Security and Acceleration Server 2004 or Microsoft Internet Security and Acceleration Server 2006, click Arrays, right-click the specific array, and then click Properties. On the Configuration Storage tab, in ConfigurationStorage server, note the name of the server.∙Verify that the Configuration Storage server computer that you noted is available, and has the ISASTGCTRL service for Configuration Storage server running.∙If you cannot connect to the Configuration Storage server with the ISA Server Management console, check that the Configuration Storage server service is available. Open the ISA Server Management consolelocally on the Configuration Storage server computer. If the local ISA Server Management console cannot connect to the local Configuration Storage server, verify that the ISASTGCTRL service of ConfigurationStorage server is running. To do this, type: net start ISASTGCTRL at the command line.Step 4: Check Firewall Policy RulesTo check the firewall log and verify that firewall policy rules are not blocking access to the Configuration Storage serverPerform the following steps if the log indicates that access is blocked.1.Verify that the system policy rule Allow remote access to Configuration Storage servers is enabledon the array member, and that the destination domain name set (specified in the To tab) includes thename of the required Configuration Storage server.Note:2.After creating the rule, the Configuration Agent cannot propagate the new configuration settings becauseaccess to the Configuration Storage server is blocked.To propagate new configuration settings by stopping and starting the firewall1.In the console tree of ISA Server Management, click Microsoft Internet Security and AccelerationServer 2004 or Microsoft Internet Security and Acceleration Server 2006, click Arrays, and then click Monitoring. On the Services tab, right-click Microsoft Firewall, and then click Stop.2.Verify that the configuration was updated for the array. In the console tree of ISA Server Management,click Microsoft Internet Security and Acceleration Server 2004, click Arrays, and then clickMonitoring. On the Configuration tab, verify that the Status column indicates Synced.3.Start the Microsoft Firewall service. In the console tree of ISA Server Management, click MicrosoftInternet Security and Acceleration Server 2004, click Arrays, and then click Monitoring. On theServices tab, right-click Microsoft Firewall, and then click Start.Note:The LDP tool is used for general administration of an LDAP directory service such as ADAM. It is located inthe %windir%\ADAM folder on the Configuration Storage server. Copy it to ISA Server array member computers for troubleshooting purposes. Check that you can connect and bind to ADAM using LDP.exe tool, and that the Local System account can authenticate. To do this, use the at command to run an instance of LDP.exe running in the Local System context.To verify that Local System Account on array member can authenticate with ADAM1.Click Start, point to All Programs, point to ADAM, click ADAM Tools Command Prompt, and thentype the following at the command line:at time /interactive ldp.exe (where time is the current timeplus 1 minute)2.An LDP window running as the LocalSystem account will appear within 1 minute.3.On the Connection menu, click Connect.4.In Server, type the fully qualified domain name (FQDN) of the Configuration Storage server.5.In Port, type the following:∙For Windows authentication, type 2171∙For authentication over an SSL connection, type 2172, and then select SSL.6.On the Connection menu, click Bind. Do one of the following:∙If you are using Windows authentication, verify that User, Password, and Domain are all empty, and then click OK.∙If you are authenticating over an SSL connection (LDAPS), specify the credentials of an ISA Server Administrator account (either array administrator or enterprise administrator), and thenclick OK.If you have connected and authenticated successfully, you will be able to browse the ADAM directory with the same permissions as the Local System account.If you cannot connect or bind, this indicates a permissions issue. Check the following:∙Verify that time on the computer running ISA Server services is the same as on the domain controller.∙Verify that required Service Principle Names (SPNs) are properly registered. SPNs get created when ADAM service starts, and are created as an attribute on the User account running the ADAMservice. For instructions see Administering ADAM service principal names topic in ADAM.chm helpfile located in %windir%\help folder on the Configuration Storage server computer.If you cannot connect over SSL, check the following:∙Verify that a valid server certificate with the exact name as specified in the Array Properties page is installed on the Configuration Storage server computer. If a certificate is not installed or isinvalid, then install a new certificate. To do this, either run Setup in Repair mode, or use theISACertTool. For more information, see ISACertTool for ISA Server 2004 Enterprise Edition.∙Verify that a valid root certificate of the certificate authority is installed on ISA Server array members running ISA Server services. If such a certificate is not installed or is invalid, theninstall a root certificate.∙Verify that you have installed the update described in Knowledge Base article 894609: An update is available to prevent Configuration Storage server account settings from expiring when you usecertificate authentication in ISA Server 2004 Enterprise Edition. This update addresses an issuecaused by expiration of ADAM account settings. If this problem occurs, Event ID 21238: ISAServer cannot connect to the Configuration Storage server ConfigurationStorageServer_Name,may be issued.∙If you manually installed a server certificate and did not use ISA Server Setup or ISACertTool.exe, the keyset file does not have read permissions for the ISASTGCTRL service account. If this is theissue, try uninstalling and then reinstalling the server certificate by running ISA Server Setup inRepair mode, or by using ISACertTool.exe.Troubleshooting Specific IssuesMost issues that occur with the Configuration Storage server are the result of connectivity problems. To troubleshoot, refer to Troubleshooting Steps for Connectivity Issues in this document. You may also encounter issues when installing, uninstalling, replicating, or managing Configuration Storage servers. A description of common problems, along with the underlying issue and the solution, are presented in this section to help you troubleshoot and resolve these issues.Installation and Replication IssuesThe following information will assist you when installing, uninstalling, and replicating Configuration Storage server: ∙When Configuration Storage server is installed in workgroup mode, replication is not supported.∙When installing a replicate Configuration Storage server, ensure the following:∙The computer on which you are installing the replica should be a member of the same domain as the original Configuration Storage server, or there must be a trust relationship between the domains.∙The replicate Configuration Storage server must belong to the enterprise-level Replicate Configuration Storage servers computer set. Otherwise, the system policy rules that, by default, allow accessbetween the local and the replicate Configuration Storage servers will not apply to the newConfiguration Storage server.∙If you receive a message indicating that an object already exists in ADAM during replication, uninstall the ISA Server instance of ADAM from the Control Panel using Add/Remove Programs, and then run Setupagain to install the replica.∙During uninstall, you may receive a message that Configuration Storage server objects cannot be deleted when there is no connection to the Configuration Storage server. Because objects cannot be deleted from ADAM, the computer will still retain read permissions for ISA Server objects in ADAM at the end ofuninstall. You can manually remove the server node using the ISA Server Management console (or COM objects) on one of the other array members, or on the Configuration Storage server computer.∙ A useful practice when encountering issues during installation is to check events in the Event Viewer, or use the ISA Server Setup logs to troubleshoot installation issues. For more information on ISA ServerSetup log, see Knowledge Base article 837347: ISA Server Setup log files.Configuration Storage Servers are Not Accessible.Problem: Neither primary nor secondary Configuration Storage servers are accessible. You want to specify an alternative Configuration Storage server.Cause: The Configuration Agent can switch to another Configuration Storage server only by reading a configuration change from the currently configured Configuration Storage server, which is not available. Solution: You can specify an alternate Configuration Storage server by using the ChangeStorageServer.vbs script, available in the FPC\Program Files\Microsoft ISA Server folder on the ISA Server CD. For script usage instructions, run:cscript ChangeStorageServer.vbs ?For more information, see Appendix A: Useful Tools in this document.Users Who Do Not Have Permissions Can Create an ISA Server ObjectProblem: Users who have been removed from ISA Server Array Administrators group can still manipulate ISA Server rules and rule elements that they created.Cause: Users who create objects in ISA Server are owners of those objects, and can grant themselves permissions on those objects.Solution: When you revoke permissions for an ISA Server array administrator, ensure that you do the following: ∙On the ISA Server computer, delete the user account.∙On the Configuration Storage server, review the ADAM objects created by the users. Modify ownership of objects that belong to the revoked accounts.Error in Creating ADAM SCP Object When Configuration Storage Server is Installed on Domain Controller (Alias)Problem: When running the Configuration Storage server on a domain controller, Event 2537 periodically appears in the Event Viewer:\ The directory server has failed to create the ADAM serviceConnectionPointobject in the Active Directory. This operation will be retried.Cause: In an Active Directory environment, services can publish information about their existence using serviceConnectionPoint (SCP) objects. When an ADAM instance runs in such an environment, it makes a best effort attempt to publish updated information about itself in Active Directory using SCP. When the Configuration Storage server is installed on a domain controller, the ISASTGCTRL service runs as a domain account that does not have write access to the required location in Active Directory and the attempt to register an SCP fails. This does not prevent ADAM from running as required or accepting client connections. ISA Server does not use SCP information. Solution: Although this issue does not interfere with ISA Server operations, it introduces a lot of noise in the Event Viewer because registration is attempted every hour. You can disable the SCP registration by adding the Distinguished Name (DN) of the [NTDS Settings] object of the instance to the msDS-DisableForInstances attribute on the SCP publication configuration object.Synched Status is Not Indicated in the Configuration Status Page for Long Periods of TimeProblem: Why does it take so long for Configuration Status to show the status as Synched for synchronization between an array member and the Configuration Storage server?Cause: Updating the configuration from the Configuration Storage server is handled by the Configuration Agent component running separately on each array member as part of ISACTRL service. The update process includes:∙Copying the changes from the Configuration Storage server to the local registry-based cache.∙Preparing a new copy of the effective configuration (a mix of enterprise and array configuration settings).∙Uploading the new configuration to array members.The status only shows as Synced after all these steps are completed.Solution: In the Configuration Storage tab of the array properties, you can set when the Configuration Storage server checks for updates. Reducing this value will make the process start earlier, but all three phases of the update process still must be performed. The amount of time this takes depends on the size of the configuration changes.Improving Replication Synchronization Times Between Configuration Storage ServersProblem: Synchronization between replicate Configuration Storage servers is slow.Cause: By default, intrasite replication takes place once every hour. This time interval can be customized in ADAM. Solution: To configure replication frequency within a single ADAM site, use the AdamSites.exe tool. For more information, see ADAMSites Tool for ISA Server 2004 Enterprise Edition.Appendix A: Useful ToolsChangeStorageServer.vbsChangeStorageServer.vbs allows you to specify an alternative Configuration Storage server if the primary and alternate servers are not available. A situation can occur in which the primary Configuration Storage server is not available (for example, because of an unrecoverable hardware failure), and the alternate Configuration Storage server is also unavailable (or not configured). It is difficult to fix this issue because the only way that the Configuration Agent running on ISA Server array members can switch to an alternate Configuration Storage server is by reading a change from the current Configuration Storage server.You can address this issue by running the ChangeStorageServer.vbs script, which is located in the FPC\Program Files\Microsoft ISA Server folder on the ISA Server CD. Run the script on all array members. For more information, see “To specify a Configuration Storage server for this array” in the ISA Server online Help.Fwengmon.exeThe FWEngMon.exe tool allows you to analyze and troubleshoot firewall connectivity issues by monitoring the ISA Server kernel mode driver (fweng.sys). A set of command-line options provide a way of looking at the state of the ISA Server firewall engine at a specific point in time. You can open and close firewall access for a specified IP address range to unconditionally allow traffic to and from addresses in the range, and then cancel unconditional traffic when troubleshooting is complete. For more information on this tool, see Firewall Kernel Mode Tool for ISA Server 2004.ISACertTool.exeISACertTool.exe allows you to change settings for Configuration Storage server authentication after installation. Use the tool to perform the following tasks:∙Install a server certificate on the Configuration Storage server.Install a root certificate on each array member to indicate that it trusts the Certification Authority that issued the server certificate.For more information, see ISACertTool for ISA Server 2004 Enterprise Edition(/fwlink/?LinkId=82083) or ISACertTool for ISA Server 2006 Enterprise Edition(/fwlink/?LinkId=82084).Additional ResourcesFor more information on ADAM, see Active Directory Application Mode (ADAM). Note that this link provides information on Windows Server 2003 R2 in Beta, and some procedures may vary from those described in this document.For more information, see the ISA Server 2006 TechCenter (/fwlink/?LinkId=82085) and the ISA Server 2004 TechCenter (/fwlink/?LinkId=82086).。