In the real-world scenario, I will be setting up ISA Server using Remote Desktop onto a remote server. Wanting to simulate this scenario to see possible issues, I went ahead and did a Remote Desktop session into my server. I mounted the ISA Server 2006 .iso and began the installation. Everything here went smoothly. I then decided to install ISA Server 2006 SP1, and this is where I ran into issues.
After downloading and installing ISA Server 2006 SP1, I rebooted the computer (Do keep in mind that I am doing all this through a Remote Desktop session.). Then, when it came back up, I configured my server. Finally, I ran Windows Update and rebooted again. This time, however, I could not reconnect to my server via Remote Desktop. Further inspection into the Event Viewer revealed the the ISA Server firewall service had crashed!
Further research indicated that there was indeed an issue with ISA Server 2006 SP1. For more information, see the Microsoft Knowledge Base articles 956269 and 970443. This was a serious issue, because any crashes would permanently lock me out of the real machine I would be using (Which is a rented server that is being housed in a data-center far far away!). So, I uninstalled ISA Server from the VMWare console and decided to try again. This time I was successful. I came up with the following installation steps:
1. When installing ISA Server 2006 with Remote Desktop, you must be using Remote Desktop from a computer that has a static IP address. By default, ISA Server locks down everything. The exception is that, if it detects a Remote Desktop session, it will add the client computer's IP address to the 'Remote Management Computers' group. This will allow you to continue to be able to access the server remotely in spite of the firewall locking down everything.
2. After installing the software, reboot the computer once.
3. Immediately after reboot, install ISA Server 2006 SP1, but DO NOT REBOOT!
4. Immediately after installing SP1, install the two hotfixes mentioned previously. Do NOT REBOOT until the second hotfix is installed. Once you have installed BOTH hotfixes, then it is safe to reboot. Your computer should safely come back online, allowing you to further configure the box.
5. At this point, you may want to allow remote access to the server from other computers. You can do this by:
- Right-click the 'Firewall' option in the ISA Server Management Console
- Select 'Edit System Policy'
- Under 'Terminal Server,' choose the 'From' tab
- Edit the 'Remote Management Computers' group
- Add a new subnet: 0.0.0.0/0 and call it 'All Computers'