|
Problem: If you make a change
within ISA Server that requires ISA to restart the Firewall service, such as
enabling the cache or an application filter, then ISA will restart the Microsoft
Firewall service and the Routing and Remote access service leaving the Remote
Access Quarantine Agent service stopped.
While the Remote Access Quarantine Agent service is not running, VPN client PC's
will not be removed from Quarantine. In addition, no quarantine log entries are
created in the in the Windows event log to indicate why the connections are not
being removed from quarantine.
Cause: When ISA Server stops
the Firewall service it also stops all dependent services (including the Remote
Access Quarantine Agent service) without keeping track of the dependencies.
Thus, when ISA restarts the Microsoft Firewall service it will also start the
Routing and Remote Access service as its integrated into ISA Server, but it will
not start the Remote Access Quarantine Agent service.
Resolution:
Manually start the Remote Access Quarantine Agent service after ISA restarts the
Firewall service.
More information:
The Remote Access Quarantine Agent service is automatically configured by
Windows to be dependant on the Routing and Remote Access service, which in turn
is dependent on the Microsoft Firewall service. If you stop either of the
dependent services then the Remote Access Quarantine Agent service will also be
stopped.
If you use the Windows services
snap-in to restart either of the dependent services then Windows will
automatically start the Remote Access Quarantine Agent service as it keeps track
of all dependent services that were stopped during the restart.
The Remote Access Quarantine Agent
service is responsible for communication between the VPN client and the ISA
Server services. The service is also responsible for logging connection
attempts.
|