If you just upgraded to SBS 2003 SP1 with ISA 2004 and you use scripts on the SBS machine to monitor and control your client machines or member servers (such as the scripts you find at Technet Script Center), your scripts might not work any longer.

 

This problem is acute when you use WMI scripts (such as those from the famous Scriptomatic tool) to run against a remote machine and get information from it.  The scripts may give no results, or fail with a 0x800706ba error.

 

Scripts that you run on a workstation against your SBS machine may fail as well.

 

After running in circles for a month, I figured it out.  I'll explain how I finally diagnosed this in my next post, but if you have this problem and just want to stop banging your head, here's how to fix it:

 

On the SBS machine, open up ISA Server Management (if you don't remember where it is, click Start/All Programs/Microsoft ISA Server/ISA Server Managment)

Find "Firewall Policy" on the left pane and right click it.  Select Edit System Policy.  The System Policy Editor should pop up.

 

Scroll down to Authentication Services and select it.  In the General tab, note the checkbox marked "Enforce strict RPC compliance".  Note the information balloon that reads:  "When 'Enforce strict RPC compliance' is not selected, additional RPC type protocols, such as DCOM, will be enabled." 

 

Bingo.

 

Uncheck "Enforce strict RPC compliance".  Click OK.  Note the bar on the top of the ISA console that prompts you to apply or discard your changes.  Click Apply.  Click OK.

 

Your WMI scripts should now work.