DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 967094 - Last Review: February 10, 2009 - Revision: 1.2

On This Page

SYMPTOMS

In a Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006 environment, you try to install one of the security updates for Microsoft SQL Server 2000 and SQL Server 2000 Desktop Engine (MSDE 2000) that are described in the following Microsoft Knowledge Base articles:
960082  (http://support.microsoft.com/kb/960082/ ) MS09-004: Description of the security update for SQL Server 2000 GDR and MSDE 2000: February 10, 2009
960083  (http://support.microsoft.com/kb/960083/ ) MS09-004: Description of the security update for SQL Server 2000 QFE and MSDE 2000: February 10, 2009
By default, this update is recommended. However, ISA Server 2004 and ISA Server 2006 could be affected by this update in the following ways.

Issue 1

The MSSQL$MSFW service is stopped, and then restarted when the associated database instances are updated. This action occurs if SQL Server 2000 or MSDE 2000 is installed on the computer that is running ISA Server. This action also stops the Microsoft Firewall service. Therefore, the SQL Server installer tries to return the Microsoft Firewall service to the same state that it was in before the update was started. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the Microsoft Firewall service and the dependent services if ISA Server is configured for remote SQL Server logging.

Important The SQL Server 2000 SP4 installer also stops, and then tries to restart the Microsoft Firewall service. However, the service may not correctly restart after you install the security update. In this case, you may have to restart the service manually.

Issue 2

ISA Server 2006 installs MSDE 2000 together with SQL Server 2000 SP4.

CAUSE

Issue 1

This issue occurs because ISA Server disables remote network connectivity for the ISA Server MSDE instance (MSSQL$MSFW) to prevent vulnerability to network-based SQL attacks. Additionally, the ISA Server 2004 Setup program installs a pre-SQL Server 2000 Service Pack 4 (SP4) version of MSDE.

Issue 2

This issue occurs because ISA Server 2000 is not affected by the SQL Server security update. ISA Server 2000 may be configured to use a remote instance of SQL Server for logging. If that instance of SQL Server is updated, ISA Server 2000 may be affected in the same manner as ISA Server 2004 and ISA Server 2006. Because the update installer cannot control services on a remote server, you must monitor and possibly restart the ISA Server services.

RESOLUTION

To resolve Issue 1, follow these steps:
  1. Download and install SQL Server 2000 SP4. To obtain and install SQL Server 2000 SP4, visit the following Microsoft Web site:
    http://www.microsoft.com/downloads/details.aspx?FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5 (http://www.microsoft.com/downloads/details.aspx?FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5)
  2. Enter the following at a command prompt to upgrade the instance of the ISA Server 2004 version of MSDE 2000 to the version of MSDE that is included with SQL Server 2000 SP4:
    setup /upgradesp sqlrun instancename=MSFW /l*v c:\msde2Ksp4.log

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

APPLIES TO
  • Microsoft SQL Server 2000 Service Pack 4
  • Microsoft Windows Server 2003 Service Pack 2, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003 Service Pack 1, when used with:
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows 2000 Service Pack 4, when used with:
    • Microsoft Windows 2000 Advanced Server
    • Microsoft Windows 2000 Datacenter Server
    • Microsoft Windows 2000 Professional Edition
    • Microsoft Windows 2000 Server
Keywords: 
kbtshoot kbexpertiseinter kbsurveynew kbprb KB967094
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support