I've been saying for the last eight years that the ISA Firewall must not be installed on a domain controller. No matter how often I told people that installing the ISA Firewall on a DC is not supported, they continued to do it because there was no official statement from Microsoft regarding this issue.
Well, last Friday was a glorious day and the good guys won!
Check out the new addition to the unsupported scenarios:
ISA Server 2004 and ISA Server 2006 Should Not be Installed on a Domain Controller
Problem: Installation of ISA Server 2004 on a domain controller is not supported unless the installation is performed as part of the Small Business Server 2003 Premium Edition Service Pack 1 installation, or the management wizards. Installing Isa Server 2006 on a domain controller or Small Business Server is not supported.
Cause: Not supported.
Solution: No workaround.
Because of this, we will call the first Friday in September of each year ISA Firewall Freedom Day to commemorate this great victory! If you run ISA Firewalls in your company, make sure to inform your boss that you should get this day off next year, as it's an international holiday 🙂