For the Enterprise Edition of the ISA firewall, the configuration for all array members and all arrays in the ISA Server Enterprise are contained within one or more Configuration Storage Servers (CSSs). The ISA firewall array members can be configured to use a primary CSS. An alternate CSS can be configured in case the primary CSS becomes unavailable. The firewall array members of all the arrays configured in a CSS Enterprise will automatically fail over to the alternate CSS. This all happens transparently in the background and there’s nothing you need to do to make it happen. Fail back will also take place automatically.
But what do you do if both the CSSs go offline? ISA firewall array members must be able to contact a CSS in order to have changes made to firewall policy. While the ISA firewall array members will continue to provide stateful packet and application layer inspection to protect your network, you won’t be able to make any changes to firewall policy until the firewall array members can contact a CSS.
One solution is to point the firewall array members to a third CSS. However, to force this change, you’ll have to use the ChangeStorageServer.vbs script found on the ISA Server 2004 CD ROM disc. Once you find the file, run the following command to see how to use the script:
cscript ChangeStorageServer.vbs ?
For more information about troubleshooting arrays, check out http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/ts_setup.mspx
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP — ISA Firewalls