Tech News and Opinions (by Paul Spain)

ISA Server 2006 Service Pack 1 (updated)

, posted: 4-Jul-2008 10:10

Yesterday Microsoft finished off ISA Server 2006 SP 1 and made it available for download.

This download is another example of Microsoft adding significant features to a product via a service pack (as with Exchange Server 2007 SP1). I think it would have been fair to have called this ISA Server 2006 R2 rather than just SP1 due to the improvements and new features. Those items include:

• Support for use of server certificates containing multiple Subject Alternative Name (SAN) entries. Previously, ISA Server was able to use either only either the subject name (common name) of a server certificate, or the first entry in the SAN list.
• Configuration Change Tracking—Registers all configuration changes applied to ISA Server to help you assess issues that may occur as a result of these changes.
• Test Button—Tests the consistency of a Web publishing rule between the published server and ISA Server.
• Traffic Simulator—Simulates network traffic in accordance with specified request parameters, such as an internal user and the Web server, providing information about firewall policy rules evaluated for the request.
• Diagnostic Logging Viewer—Now integrated as a tab into the ISA Server Management console, this feature displays detailed events on packet progress and provides information about handling and rule matching.
Improvements for existing features, including:
• Support for integrated NLB mode in all three modes, including unicast, multicast, and multicast with Internet Group Management Protocol (IGMP). Previously, ISA Server integrated NLB-supported unicast mode only.
• Support for Kerberos Constrained Delegation (KCD) cross-domain authentication. Credentials from users located in a different domain than the ISA Server, but in the same forest, can now be delegated to an internal published Web site by using KCD .
• Support for client certificate authentication in a workgroup deployment. This removes the requirement to map each client certificate to an Active Directory® directory user account when forms-based authentication is used as the primary authentication method and client certificates are used as the secondary method.

The download is here:

So far I've installed this update on two boxes and am happy with the outcome so far. I recommend turning on the Configuration Change Tracking functionality after installation so you can take advantage of it immediately. Naturally you should not install this update from a remote location that requires ISA Server to be online as ISA services must be stopped as part of the install process.

Other related posts:
Live Event–Tue 10 March: NZ Tech Podcast with Dai Henwood, Michelle Dickinson (Nanogirl), Paul Spain
Sneak Peek: HP Envy X2
Want to start a career in IT Support?