[isalist] Re: my experience with surf control 5.5
- From: "Ball, Dan" <DBall@xxxxxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Fri, 12 Jan 2007 08:47:24 -0500
You did mention it, but the only time I remember that is when I do an install
and get the error message! *grin*
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Roy Tsao
Sent: Thursday, January 11, 2007 11:34 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: my experience with surf control 5.5
The key for this issue is ISA firewall service must be stopped before install
or uninstall SC,
I think I said this point about one year ago. Such point is not indicated in SC
installation guide.
----- Original Message -----
From: Ara Avvali <mailto:Ara.Avvali@xxxxxxxxxxxxx>
To: isalist@xxxxxxxxxxxxx
Sent: Friday, January 12, 2007 12:26 PM
Subject: [isalist] Re: my experience with surf control 5.5
Second post, No idea why characters are messed up but I thought it is
worth the share. Sorry for duplicate
I said let’s reboot the server one more time and see what happens.
Web filter didn’t start automatically again and I got this error on email
notifications: The connection between the SurfControl Web Filter and the ISA
server has been lost.
Oops that's not good and I didn't want to end up with a crashed server
as you said. So I took your advice to go the way of reinstalling everything.
Downloaded the new version of SQL express posted on their site. Then I
uninstalled SC and remove the msde too. Rebooted and went to the program files
folder and deleted SC and any sql server folder except the one for ISA (msfw).
Rebooted again and ISA came up fine with no error also the SC filter was
unregistered from add-in section. So this time I stopped ISA server control
service which stops the firewall, routing and remote access and job scheduler
service. Did the SQL installation (2005) and no problem. Installed SC and no
error as mentioned in previous emails when installation fails to stop the
firewall service. Then I stated services in opposite direction (server control
service, firewall, routing and remote access and job scheduler). Then I
rebooted the server and this time web filter stated automatically as it should.
Recreating rules for me was easy because I only have 2 rules. Denied
categories first and then allowed. No exception for any individual.
Thanks for giving me the warning otherwise I may have been down the
same road.
________________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan
Sent: Thursday, January 11, 2007 12:18 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: my experience with surf control 5.5
This was pretty much my experience, except that I also upgraded ISA at
the same time…
I backed up all configurations, then ran did the upgrade to ISA2006. I
then upgraded the SurfControl program to version 5.5, and ran into the same
scenario that you showed below. The install gave me an error message (same one
below), but kept running after I clicked OK. Realizing that it wanted the
Firewall Service stopped (and probably hadn’t installed the ISA plug-in
correctly), I stopped the Firewall Service and did a repair install of
SurfControl. I rebooted the server, and found that the SurfControl service was
set to manual. I started the service manually, and it seemed to start up fine,
appearing to work they way it should. I didn’t pay too much attention as to
why it was set to start manually…
I found out a couple of weeks later that the rules database was
corrupt. When I made a change to the rules database, it knocked the whole
server down in a matter of seconds. That was an extremely painful experience,
took me awhile to figure out what was wrong. What made it exceedingly
difficult was that the entire server was rendered useless, I couldn’t even
log in via the local console.
My suggestion: Re-install SurfControl as soon as you can, there is
probably a lingering issue there that you don’t want to find out about the
hard way. Backup all your configurations for SurfControl, uninstall it
completely (delete anything left over), then re-install and restore your
configuration. Apparently files are stored in a different location in version
5.5, which “might” be part of the problem. Once you get it back up and
running, go through your rules (in every possible area) and look for any
entries that say ERROR in the title. If you have any of those, delete all
rules that are referencing those entries, delete the offending customization,
and re-create it.
________________________________________
From: isalist-bounce@xxxxxxxxxxxxx
[mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ara Avvali
Sent: Thursday, January 11, 2007 2:10 PM
To: undisclosed-recipients
Subject: [isalist] my experience with surf control 5.5
Ok
So I just want to share the story. I did re-image the server on another
machine and logged in to it. Then I did an in-place upgrade from 5.1 to 5.5. It
went smoothly telling me that it is going to upgrade rules and settings.
Rebooted the server and registered filter for ISA was upgraded to 5.5. So I let
it run for couple hours and checked on event logs and service status and
everything was cool.
Then I went ahead and did it on live server. This time damn thing gave
me the error which is attached during installation. Then it was installed and
rebooted. Upon reboot web filter service did not start automatically and I had
to it manually but everything seems to be working fine and no nasty event so
far. If I remember it correctly this error is related to the fact that SF can
not stop the firewall service on its own so you should stop it manually before
attempting the upgrade. I will post again for those who are interested. Just
have to figure it out why the web filter service does not start automatically
☹
Other related posts:
