ISA Server Tools

by [Published on 25 March 2008 / Last Updated on 20 May 2013]

An overview of the different tools available for ISA Server 2004 and ISA Server 2006.

There are a lot of tools on different websites for ISA Server 2004 and ISA Server 2006. Many of these tools are directly from Microsoft and some other utilities are from trusted sources like ISA and other sites. In this article I will cover some of the most popular and important tools for ISA Server 2006. The end of the article contains links to websites with additional tools and information.

Get your copy of the German language "Microsoft ISA Server 2006 - Das Handbuch"


The CacheDir tool is one of the most used utilities to display ISA Server cached content. With the help of this tool it is also possible to delete specific cached entries. After downloading the file from the Microsoft website and after extracting the files, copy Cachedir.exe to Program files\Microsoft ISA Server. The CacheDir tool will display the ISA Servers Cache entries in realtime, so it could take some time after first starting the CacheDir tool because the content must be displayed in the CacheDir utility.

Figure 1:


ISAInfo is a great tool the collects information about the ISA Server installation and the underlying Operating System. ISAInfo collects information about ISA server Firewall rules, installed Hot fixes and service packs and nearly everything about your ISA Server configuration. Using ISAInfo is a two step process. First, you must execute ISAInfo.js. ISAInfo.js collects all information about ISA Server and Windows Server 2003 and put all these information into an XML file.

Figure 2:

The created XML file from ISAInfo.js can be viewed by the ISAInfo viewer which is the ISA Info .hta application. The created XML file is located on the Desktop of the user who executes ISAInfo.js. Simply load the created .XML file into the ISAInfo viewer.

Figure 3:
ISAinfo viewer


Have you ever wondered why ISA Server provides different information when you try to resolve DNS names and regardless of what you do ISA Server or clients always resolve the wrong name? ISA Server has its own DNS cache and with the help of the DNSCache tool, you can view the ISA cache and you can clear the cache content.

After extracting the files, copy DNSTools.exe to Program files\Microsoft ISA Server. Now you can use the tool from the command line with different parameters. To clear the DNS Cache content, execute the following command:


Figure 4:
DNSTools.EXE syntax

Firewall Engine Monitor

The Firewall Engine Monitor (FWENGMON) is a great tool to analyze and troubleshoot firewall connectivity issues by monitoring the ISA Server kernel-mode driver. The kernel mode driver is implemented into the file FWENG.SYS. FWENGMON is a command line tool and the different command line options provide a way of looking at FWENG.SYS low level driver activity. FWENG.SYS provides a way to open and close firewall access for a specified IP address range, and to export the Firewall engine output to an XML file.

After downloading and installing the tool, simply execute FWENGMON from the command line and see what happens.

Figure 5:

FWENGMON has several other command line parameters. Enter FWENGMON /? to see all options.

ISA Server 2006 SDK

The ISA Server 2006 SDK (Software Development Kit) contains a lot of information for Developers who want to extend ISA Server functionality and want to create additional applications for ISA Server 2006. The SDK contains very helpful documentation about ISA Server architecture and enhanced functionality.

Figure 6:
ISA Server 2006 SDK

The ISA Server 2006 SDK also contains a lot of sample script files for ISA Server management.

ISA Tunnel Range Editor

You can use the ISA Tunnel Port Range Editor to extend the default SSL port 443 to another port. There are some special applications on the market that need another port for SSL traffic. There are two versions of the Tunnel Range Editor. A command line option that I will explain in this article and a GUI extension.

Figure 7:
ISA Tunnel Range Editor

To extend the SSL tunnel port range to a custom port 4711, use the following command line parameters with ISATPR:

CSCRIPT ISA_TPR.JS /ADD port4711 4711


The ISA Server Best Practices Analyzer is a diagnostic tool like the well known EXBPA (Exchange Best Practice Analyzer Tool) and other BPA (SBS, Group Policies and more) that automatically performs specific tests on configuration data collected on the local ISA Server 2006 computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings. You can use ISABPA for both ISA Server 2006 Standard and ISA Server 2006 Enterprise. If you want to read more about the ISABPA, read my article. The article is based on ISA Server 2004, but you can always use it for ISA Server 2006.

Other tools / websites

There are a lot of more tools and utilities for ISA Server 2006. On the following websites you will find dozens of additional tools, scripts and utilities which makes the work as an ISA Server Administrator a bit easier.

Coding Corner

After ISA Server 2004 was published, Microsoft created the Coding corner website at Microsoft ISA Server 2004 Development. The website provides a lot of tools that modify different ISA Server behaviour which cannot be configured through the GUI.

This is the website of Jason Fossen, a Microsoft ISA Server (Forefront) MVP. Jason placed a lot of scripts on his website

This is the website of Jim Harrison, a Microsoft ISA Server SE. Jim offers a lot of tools and scripts on his website and this website is a must have for every ISA Server administrator.


In this article I tried to give you an overview about common ISA Server 2004/2006 tools. Most of the tools work on ISA Server 2004 and ISA Server 2006 because there is not so much of a difference between these two versions.

Related links

The Author — Marc Grote

Marc Grote avatar

Marc Grote is an MCSA/MCSE Messaging & Security, MCSE Private Cloud and Server Virtualization, an MCTS/MCITP and a Microsoft Certified Trainer and MCLC. He is a freelance Consultant and IT Trainer in the north of Germany near Hanover. He specializes in System Center, TMG/UAG Server, Exchange, Security for Windows Server 2012 R2 and Windows Server 2012 R2 designs, migrations and implementations. His efforts have earned him recognition as a Microsoft MVP for ISA Server since 2004 until 2014. Starting in 2014 he has been awarded as an MVP for Hyper-V.

Latest Contributions

Featured Links