I learned something new today about ISA 2004 in SBS support podcast #2. I wasn't expecting to. If you haven't checked out the podcasts yet, do. They're great.
Here's what I learned. The alerts don't update continuously. Just because you don't see a new alert doesn't mean that an alert condition didn't occur. You may not see a new alert, if an existing alert of the same type is already there. So if you applied a fix that is supposed to keep your ISA2004 server happy and not throwing alerts you might falsely think that your solution worked because a new alert didn't appear right away.
The solution given by the guys was to acknowledge all of your alerts before running your test to see if the fix you applied has worked.
This will work but it left me wondering why the alerts weren't showing up. So I dug...
Open up ISA 2004 Management, go to Monitoring, select the alerts tab. There are several things here that will effect how often new alerts are triggered. In the tasks pane notice that there's a box where you can choose how often this page is refreshed. You choices are None, Low, Medium or High. Medium is the default setting. This will effect how quickly you'll get to see new alerts messages. If you want to be alerted sooner bump it up to high. Now click on the Configure Alert Definitions link. This will open up the Alerts Properties box. Continuing with the podcast theme, select the Connection Limits alert definition and press the Edit button. The Connection Limit Exceeded alert definition properties box will open. Move to the Events tab. On this tab you get to set how often this alert will be triggered. The default is "only if the alert was manually reset". This explains why if you're having trouble with an SSL website because your connections limits are too low you won't see a new alert about it until you acknowledge the old alert.
If I were PSS and troubleshooting this type of problem I'd bump up the alert frequency to Immediately. Kind of like when you are troubleshooting an Exchange issue, first thing you do is bump up the monitoring so you can see more of what's going on. Bonus, you don't have to keep acknowledging alerts during the troubleshooting process. Just let them flow.
I feel better knowing why.
If you haven't listened to the podcasts I highly recommend them.