There are a lot of tools on different websites for ISA Server 2004 and ISA Server 2006. Many of these tools are directly from Microsoft and some other utilities are from trusted sources like ISA Tools.org and other sites. In this article I will cover some of the most popular and important tools for ISA Server 2006. The end of the article contains links to websites with additional tools and information.
The CacheDir tool is one of the most used utilities to display ISA Server cached content. With the help of this tool it is also possible to delete specific cached entries. After downloading the file from the Microsoft website and after extracting the files, copy Cachedir.exe to Program files\Microsoft ISA Server. The CacheDir tool will display the ISA Servers Cache entries in realtime, so it could take some time after first starting the CacheDir tool because the content must be displayed in the CacheDir utility.
Figure 1: CacheDirTool
ISAInfo is a great tool the collects information about the ISA Server installation and the underlying Operating System. ISAInfo collects information about ISA server Firewall rules, installed Hot fixes and service packs and nearly everything about your ISA Server configuration. Using ISAInfo is a two step process. First, you must execute ISAInfo.js. ISAInfo.js collects all information about ISA Server and Windows Server 2003 and put all these information into an XML file.
Figure 2: ISAInfo.js
The created XML file from ISAInfo.js can be viewed by the ISAInfo viewer which is the ISA Info .hta application. The created XML file is located on the Desktop of the user who executes ISAInfo.js. Simply load the created .XML file into the ISAInfo viewer.
Figure 3: ISAinfo viewer
Have you ever wondered why ISA Server provides different information when you try to resolve DNS names and regardless of what you do ISA Server or clients always resolve the wrong name? ISA Server has its own DNS cache and with the help of the DNSCache tool, you can view the ISA cache and you can clear the cache content.
After extracting the files, copy DNSTools.exe to Program files\Microsoft ISA Server. Now you can use the tool from the command line with different parameters. To clear the DNS Cache content, execute the following command:
Figure 4: DNSTools.EXE syntax
Firewall Engine Monitor
The Firewall Engine Monitor (FWENGMON) is a great tool to analyze and troubleshoot firewall connectivity issues by monitoring the ISA Server kernel-mode driver. The kernel mode driver is implemented into the file FWENG.SYS. FWENGMON is a command line tool and the different command line options provide a way of looking at FWENG.SYS low level driver activity. FWENG.SYS provides a way to open and close firewall access for a specified IP address range, and to export the Firewall engine output to an XML file.
After downloading and installing the tool, simply execute FWENGMON from the command line and see what happens.
Figure 5: FWENGMON
FWENGMON has several other command line parameters. Enter FWENGMON /? to see all options.
ISA Server 2006 SDK
The ISA Server 2006 SDK (Software Development Kit) contains a lot of information for Developers who want to extend ISA Server functionality and want to create additional applications for ISA Server 2006. The SDK contains very helpful documentation about ISA Server architecture and enhanced functionality.
Figure 6: ISA Server 2006 SDK
The ISA Server 2006 SDK also contains a lot of sample script files for ISA Server management.
ISA Tunnel Range Editor
You can use the ISA Tunnel Port Range Editor to extend the default SSL port 443 to another port. There are some special applications on the market that need another port for SSL traffic. There are two versions of the Tunnel Range Editor. A command line option that I will explain in this article and a GUI extension.
Figure 7: ISA Tunnel Range Editor
To extend the SSL tunnel port range to a custom port 4711, use the following command line parameters with ISATPR:
CSCRIPT ISA_TPR.JS /ADD port4711 4711
The ISA Server Best Practices Analyzer is a diagnostic tool like the well known EXBPA (Exchange Best Practice Analyzer Tool) and other BPA (SBS, Group Policies and more) that automatically performs specific tests on configuration data collected on the local ISA Server 2006 computer from the ISA Server hierarchy of administration COM objects, Windows Management Instrumentation (WMI) classes, the system registry, files on disk, and the Domain Name System (DNS) settings. You can use ISABPA for both ISA Server 2006 Standard and ISA Server 2006 Enterprise. If you want to read more about the ISABPA, read my article. The article is based on ISA Server 2004, but you can always use it for ISA Server 2006.
Other tools / websites
There are a lot of more tools and utilities for ISA Server 2006. On the following websites you will find dozens of additional tools, scripts and utilities which makes the work as an ISA Server Administrator a bit easier.
After ISA Server 2004 was published, Microsoft created the Coding corner website at Microsoft ISA Server 2004 Development. The website provides a lot of tools that modify different ISA Server behaviour which cannot be configured through the GUI.
This is the website of Jason Fossen, a Microsoft ISA Server (Forefront) MVP. Jason placed a lot of scripts on his website www.isascripts.org.
This is the website of Jim Harrison, a Microsoft ISA Server SE. Jim offers a lot of tools and scripts on his website and this website is a must have for every ISA Server administrator.
In this article I tried to give you an overview about common ISA Server 2004/2006 tools. Most of the tools work on ISA Server 2004 and ISA Server 2006 because there is not so much of a difference between these two versions.
- Cache Directory Tool for Internet Security and Acceleration (ISA) Server 2006
- ISA Server 2004/2006 Tunnel Range Editor
- RemoveAllNLBSettings Tool for Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition
- Firewall Kernel Mode Tool for ISA Server 2004
- Microsoft Internet Security and Acceleration (ISA) Server 2006 Software Development Kit (SDK)
- Remote Access Quarantine Tool for Internet Security and Acceleration (ISA) Server 2004
- MSDEToText Tool for Internet Security and Acceleration (ISA) Server 2004
- ISACertTool for Internet Security and Acceleration (ISA) Server 2004 Enterprise Edition
- Microsoft ISA Server 2004 Development
- Extending the ISA Firewall’s SSL Tunnel Port Range
- ISA Server 2004 Best Practice Analyzer