Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virtual ISA 2006 Problem

Status
Not open for further replies.
AndyDixon

AndyDixon

Technical User
Feb 14, 2006
8
GB
Hi everyone,

First some background:

We have a host server running W2k3 x64 and Virtual Server 2005. On the VS
we have four virtual W2k3 SP2 servers servicing the needs of our network. To
facilitate a disaster recovery plan, we are using a VBscript to save state
each VM, generate a VSS copy, start the VM then copy the VSS image to a SAN
device. All works well except the virtual server that is running ISA 2006.

Now the problem:

We can save state the ISA VM but when the VM is restored, the Virtual Server
administration website stops responding and we need to stop the process in
Task Manager then manually restart the service. Once the service is
restarted the ISA server can be restored from saved state. This isn't the
most bizarre problem though ...

Whenever the ISA VM is restored from save state, the VM is very unresponsive
and logs event id: 23501 "Writing to the log took approximately 41 seconds
..." and event id: 8 "MSDE timeout expired". The firewall service then is
stopped gracefully. When the firewall servie is manually restarted the
behavior repeats.

The only soultion I've found to this is to stop the ISA VM, copy the VHD and
VMC files to another physical drive and remap Virtual Server to that
location. The ISA VM will then work OK from the new location until we try
and perform another backup where the same problems will be encountered.

I am really tearing my hair out here and would appreciate some guidance from
someone with more knowledge of VS!

Many thanks,

Andy
 
Sort by date Sort by votes
I think you may find this is down to database issues and logging. Unfortunately you may need a product more aimed at the enterprise (as in a purchasable product) rather than a free one.

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Hi Simon,

Thanks for the info.

I agree that the ISA VM must be having issues with time synchronisation and logging due to the save state (I believe the VM is saved for around 30 secs?). If the VM is shut down and then a VSS copy taken, there is no problem.

We are a charity and as such cannot justify the costs involved for VM backup software. There appears to be a number of scripts available that perform VM backups.

Has anyone else tried backing up an ISA VM?

Cheers,

Andy


 
Upvote 0 Downvote
I also work for a Charity and had a look at Hyper-V instead (it's actually free if you go for the Core product), you may want to have a look at that to see if it fixes your issues.

As it happens I have an MS Security Engineer onsite atm (actually a proper MS employee) so give me 30 mins or so to find out what he has to say (he is an ISA specialist).

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Well talk about coincidence ... :)

Any words from the MS man would be greatly appreciated!

I'll have a quick dig into Hyper-V.

Cheer again Simon.

Andy

 
Upvote 0 Downvote
I had a chat with my guy and he said that he hasn't actually tried to do a save state with his vm's. What he has said however is that it could be caused by the way ISA handles the Security log, apparently there is a function (that you can turn off either via the registry or some other way that will allow you to change the behaviour) that turns off ISA if the Security Log is full or if there has been a change to the log, by taking an copy of the VM you're interrupting the logging and the ISA box things there has been an attack or something.

What's been suggested is that you have a search for the option on Technet (or google) and give that a try.

I had a brief look for "ISA 2006 Security Logging" but couldn't find too much.. but I hope you do better here than on Egghead and MS forums ;)

Simon

The real world is not about exam scores, it's about ability.

 
Upvote 0 Downvote
Hi Simon,

Thanks again for having the chat with the MS bloke!

I found some info on preventing ISA going into lockdown mode when there's logging failures here:


I'll investigate this is the following fails ...

As our ISA is entering lockdown mode as the MSDE logging screws up, I've changed it to log using flat W3C files and will attempt to backup the server this evening.

The MS forum and Eggheadcafe were rather disappointing to say the least.

I do prefer Tektips as there is a much better community spirit :)

Thanks again,

Andy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Locked
  • Question
Possibly a timing problem
Replies
3
Views
933
Rick998
Rick998
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
382
Nancycaf
Nancycaf
Professor Shadow
  • Locked
  • Question
Oracle Virtual Box
Replies
4
Views
108
spamjim
spamjim
Shengfu
  • Locked
  • Question
PROBLEM WITH FILES IN FLASHDRIVE
Replies
3
Views
181
mikrom
mikrom
Flinx
  • Locked
  • Question
Windows 10 Strange problems recently appear caused by microsoft ransomeware protection
Replies
3
Views
398
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top