Q. You cannot use Routing and Remote Access service logging after you change the firewall policy on a Windows Server 2003 computer that is running ISA Server 2004?

When your Windows Server 2003 that is running ISA (Internet Security and Acceleration) Server 2004 is configured as a RRAS (Routing and Remote Access Server) server with Windows Authentication as the authentication provider for remote access clients and Windows Accounting as the accounting provider and RRAS logging is configured to log accounting requests to a local file, changing the ISA server firewall policy causes the accounting provider to be set to none and RRAS to not log accounting information or even make the accounting option available.

This behavior occurs because ISA Server 2004 Services overwrites changes to the RRAS service.

I have scripted LogOpt.bat to set the configuration as you intended.

The syntax for running LogOpt.bat is:


LogOpt.bat contains:

@echo off
set vbs="%TEMP%\LogOpt_%RANDOM%.VBS"
@echo set fpc = CreateObject("FPC.Root")>%vbs%
@echo set arr = fpc.GetContainingArray>>%vbs%
@echo set vpn = arr.NetworkConfiguration.VpnConfiguration>>%vbs%
@echo vpn.EnableRADIUSAccounting = false>>%vbs%
@echo vpn.EnableWindowsAccounting = true>>%vbs%
@echo vpn.Save>>%vbs%
cscript //nologo %vbs%
set key="HKLM\Software\Microsoft\Fpc\Storage\Array-Root\Arrays\GUID\NetConfig\VpnConfig"
call :quiet>NUL 2>&1
goto :EOF
reg add %key% /V msFPCVpnEnableWindowsAccounting /T REG_DWORD /F /D 1
reg add %key% /V msFPCVpnEnableRADIUSAuthentication /T REG_DWORD /F /D 0
reg add %key% /V msFPCVpnEnableRADIUSAccounting /T REG_DWORD /F /D 0

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.