Re: ISA time out, no ACK received
From: n00mis (noomis_slack(remove_this)_at_go2.pl)
Date: 03/30/04
- Next message: n00mis: "Re: ISA time out, no ACK received"
- Previous message: anonymous_at_discussions.microsoft.com: "ISA and Exchange 2000 - 1 Pubilic IP on Router"
- In reply to: Jim Harrison [MSFT]: "Re: ISA time out, no ACK received"
- Next in thread: n00mis: "Re: ISA time out, no ACK received"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 09:30:34 +0200
Hmm...
I sniffed traffic by external box and this is what I've got:
On ISA box:
telnet 80.72.33.39 80
On external box with tcpdump:
09:10:28.831360 my.isa.box.56281 > 80.72.33.39.http: S [tcp sum ok]
3765883928:3765883928(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 128,
id 42348, len 48)
09:10:31.772709 my.isa.box.56281 > 80.72.33.39.http: S [tcp sum ok]
3765883928:3765883928(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 128,
id 42427, len 48)
09:10:37.788305 my.isa.box.56281 > 80.72.33.39.http: S [tcp sum ok]
3765883928:3765883928(0) win 16384 <mss 1460,nop,nop,sackOK> (DF) (ttl 128,
id 42581, len 48)
As you can see ISA box is sending SYN packets but there is no any response
from Akamai host.
The strange thing is that other machine on the same external ip address
works good.
I have no idea what's going on here...
Is that possible that ISA's SYN pocket is corrupted?
n00mis
"Jim Harrison [MSFT]" <jmharr@online.microsoft.com> wrote in message
news:e$EUgGAFEHA.2524@TK2MSFTNGP09.phx.gbl...
> Akamai seems to be causing many problems for folks lately:
>
> nslookup download.microsoft.com
>
> Non-authoritative answer:
> Name: a767.ms.akamai.net
> Addresses: 80.67.66.63, 80.67.66.57, 80.67.66.55, 80.67.66.54
> Aliases: download.microsoft.com, dl-geodir.microsoft.akadns.net
> loadsplit-dom-dl.microsoft.akadns.net,
download.microsoft.com.d4p.net
>
> You could try restarting the web proxy service.
> If that works, you should reduce the DNS cache TTL for the web proxy
service.
> See
http://isaserver.org/tutorials/ISA_Clients__Part_1__General_ISA_Server_Configuration.html
for details.
>
> --
> Jim Harrison [ISASE]
> Read the help, books and articles!
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "n00mis" <noomis_slack(remove_this)@go2.pl> wrote in message
news:%23T%238Sg8EEHA.1456@TK2MSFTNGP09.phx.gbl...
>
> Hi!
> I have a problem with downloading anything from download.microsoft.com
> site.
>
> ISA Server reports "10060 - Connection timeout" error message.
>
> I tried to bypass ISA and it works.
>
> Next, I tried to 'telnet download.microsoft.com 80' from ISA box and
capture
> network traffic by Network Monitor. It shows that ISA sends packet with
SYN
> flag three times and gives up because no SYN-ACK response was received.
>
> Connecting to other sites works good.
> I don't have any visible rules that could this traffic. Also I don't have
> any idea how many sites is blocked in the same way (download.microsoft.com
> is
> the only one I've noticed).
>
> Can anyone help me with this problem? Thanks.
>
> n00mis
> ---------------------------------------
> Details:
> ISA Server 2000 SP1 FP1 (Version: 3.0.1200.235 SP1 FP1)
> Windows 2003 Server - as a domain member
>
> PS: Excuse me for this mess in previous post.
>
>
>
>
>
- Next message: n00mis: "Re: ISA time out, no ACK received"
- Previous message: anonymous_at_discussions.microsoft.com: "ISA and Exchange 2000 - 1 Pubilic IP on Router"
- In reply to: Jim Harrison [MSFT]: "Re: ISA time out, no ACK received"
- Next in thread: n00mis: "Re: ISA time out, no ACK received"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
