Problem:

ISA Server 2006 EE on Windows 2003 R2 server stops routing traffic.

Event Log:

Event Type: Error
Event Source: ADAM [ISASTGCTRL] General
Event Category: Internal Processing
Event ID: 2537
Date:  9/22/2007
Time:  10:22:29 PM
User:  NT AUTHORITY\ANONYMOUS LOGON
Description:
The directory server has failed to create the ADAM serviceConnectionPoint object in the Active Directory. This operation will be retried.
 
Additional Data
SCP object DN:
CN={GUID removed},CN=SERVERNAME,OU=SomeOUName,DC=domain,DC=name,DC=com
Error value:
5 Access is denied.
Server error:
00000005: SecErr: DSID-03151E04, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
 
Internal ID:
3390387
ADAM service account:
NT AUTHORITY\NETWORK SERVICE
 
User Action
If ADAM is running under a local service account, it will be unable to update the data in the Active Directory. Consider changing the ADAM service account to either NetworkService or a domain account.
 
If ADAM is running under a domain user account, make sure this account has sufficient rights to create the serviceConnectionPoint object.
 
ServiceConnectionPoint object publication can be disabled for this instance by setting msDS-DisableForInstances attribute on the SCP publication configuration object.

Solution:

http://www.microsoft.com/technet/isa/2004/plan/ts_css.mspx says:
Verify that required Service Principle Names (SPNs) are properly registered. SPNs get created when ADAM service starts, and are created as an attribute on the User account running the ADAM service. For instructions see Administering ADAM service principal names topic in ADAM.chm help file located in %windir%\help folder on the Configuration Storage server computer.

In order to do this, go into %Program Files%\Microsoft ISA Server\ADAMData and look for a .bat file that is named the same as your domain.  Run it as a domain and schema/enterprise administrator.

Alternatively, fire up ISA 2006 set up (you don't have ISA running on a DC, right?) and repair the install.

Reboot the server.