In a Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006 environment, you try to install one of the security updates for Microsoft SQL Server 2000 and SQL Server 2000 Desktop Engine (MSDE 2000) that are described in the following Microsoft Knowledge Base articles:
MS09-004: Description of the security update for SQL Server 2000 GDR and MSDE 2000: February 10, 2009
MS09-004: Description of the security update for SQL Server 2000 QFE and MSDE 2000: February 10, 2009
By default, this update is recommended. However, ISA Server 2004 and ISA Server 2006 could be affected by this update in the following ways.
The MSSQL$MSFW service is stopped, and then restarted when the associated database instances are updated. This action occurs if SQL Server 2000 or MSDE 2000 is installed on the computer that is running ISA Server. This action also stops the Microsoft Firewall service. Therefore, the SQL Server installer tries to return the Microsoft Firewall service to the same state that it was in before the update was started. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the Microsoft Firewall service and the dependent services if ISA Server is configured for remote SQL Server logging. Important
The SQL Server 2000 SP4 installer also stops, and then tries to restart the Microsoft Firewall service. However, the service may not correctly restart after you install the security update. In this case, you may have to restart the service manually.
ISA Server 2006 installs MSDE 2000 together with SQL Server 2000 SP4.
This issue occurs because ISA Server disables remote network connectivity for the ISA Server MSDE instance (MSSQL$MSFW) to prevent vulnerability to network-based SQL attacks. Additionally, the ISA Server 2004 Setup program installs a pre-SQL Server 2000 Service Pack 4 (SP4) version of MSDE.
This issue occurs because ISA Server 2000 is not affected by the SQL Server security update. ISA Server 2000 may be configured to use a remote instance of SQL Server for logging. If that instance of SQL Server is updated, ISA Server 2000 may be affected in the same manner as ISA Server 2004 and ISA Server 2006. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the ISA Server services.
To resolve Issue 1, follow these steps:
- Download and install SQL Server 2000 SP4. To obtain and install SQL Server 2000 SP4, visit the following Microsoft Web site:
- Enter the following at a command prompt to upgrade the instance of the ISA Server 2004 version of MSDE 2000 to the version of MSDE that is included with SQL Server 2000 SP4:
setup /upgradesp sqlrun instancename=MSFW /l*v c:\msde2Ksp4.log
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.