When your Windows Server 2003 that is running ISA (Internet Security and Acceleration) Server 2004 is configured as a RRAS (Routing and Remote Access Server) server with Windows Authentication as the authentication provider for remote access clients and Windows Accounting as the accounting provider and RRAS logging is configured to log accounting requests to a local file, changing the ISA server firewall policy causes the accounting provider to be set to none and RRAS to not log accounting information or even make the accounting option available.

This behavior occurs because ISA Server 2004 Services overwrites changes to the RRAS service.

I have scripted LogOpt.bat to set the configuration as you intended.

The syntax for running LogOpt.bat is:

LogOpt

LogOpt.bat contains:

@echo off
setlocal
set vbs="%TEMP%\LogOpt_%RANDOM%.VBS"
@echo set fpc = CreateObject("FPC.Root")>%vbs%
@echo set arr = fpc.GetContainingArray>>%vbs%
@echo set vpn = arr.NetworkConfiguration.VpnConfiguration>>%vbs%
@echo vpn.EnableRADIUSAccounting = false>>%vbs%
@echo vpn.EnableWindowsAccounting = true>>%vbs%
@echo vpn.Save>>%vbs%
cscript //nologo %vbs%
set key="HKLM\Software\Microsoft\Fpc\Storage\Array-Root\Arrays\GUID\NetConfig\VpnConfig"
call :quiet>NUL 2>&1
endlocal
goto :EOF
:quiet
reg add %key% /V msFPCVpnEnableWindowsAccounting /T REG_DWORD /F /D 1
reg add %key% /V msFPCVpnEnableRADIUSAuthentication /T REG_DWORD /F /D 0
reg add %key% /V msFPCVpnEnableRADIUSAccounting /T REG_DWORD /F /D 0