Re: Firewall session disconnects after 2 minutes of inactivity
- From: "Pedro Lima" <PedroLima@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Aug 2005 17:42:48 -0700
Ok...
Let's answer your questions:
Yes, I have ISA Server 2000 completely patched. I always check the download
section on ISA server to be assured that I am up-to-date.
> On the other hand, can you provide more information about that application?
It's IBM HOD (Host-on-Demand) terminal emulator, that works via web. It uses
a java applet to load the terminal.
> once it loads, does it do everything through HTTP or there are other
> ports/protocols you had to configure in the ISA for the app to work?
Is goes by HTTPS to load the page and then it uses port 23000 when the
terminal is opened. Of course all these ports and packets filters are
correctly set, or they would never have worked before. Notice that the system
even connects fine now. The real problem is that idle sessions just remains
open for two minutes. The guys who uses this app is not happy with it. It
takes time for this applet to load, and he works with this all day long.
Before SP1, he said he could pass at least 10 minutes without the session
being killed.
>how are your clients configured? What kind of browser do
> they use?
They use mostly Windows 2000 Professional, internet explorer 6 SP1 with all
the patches applied. The problem could lie in the last applied patches on the
client - that we all had to rush to install, because of zotob virus -, but
unfortunately it's not the case, since I have one Win98 client without a
recent patch that now faces the same problem (and didn't before). Again, the
problem has 99% of chance of being on the server side.
They also have microsoft Firewall client installed, and the browser
configured to use a proxy server on port 8080. I have noticed that when the
page first loads with HTTPS protocol, ISA Server uses a "Web Session" to it
(Web Proxy Service). When the Java client is lauched, right before the
emulator page come up, it uses the "Firewall Session" (Microsoft Firewall
Service) to load the emulator. Right in this moment, the green arrow in the
firewall client is activated. So... they can connect, use the system, etc.
But, if they stop to do actions to look a report, or talk on the phone, or
even print a report, bye - the session is gone and they have to reconnect -
which takes time and pisses off the user.
The HOD have a way to configure session settings, but this particular app
disables everything (every setting is dimmed), which made it difficult to
solve the problem. My hope is to find something that governs firewall session
times, use of HTTP 1.1 keep-alive, etc, but I just couldn't find anything
about it in technet and other available resources. After Win2K3 SP1 (Windows
Server 2003 SP1) this app behavior changed. I had even problems with VPN
clients (they cound't access anything in the network - even a ping), that was
just fixed thanks to a hotfix from MS - KB897651. Also, my gatekeeper is
gone. Even logged on as an administrator, it says that I don't have
permissions to administer it. But I don't use the gatekeeper service that
much, so it is not important now. What is really important now is this 2
minute session kill...
Well, if you have something to help, I would really appreciate that.
God Bless you,
.
- Follow-Ups:
- References:
- Prev by Date: Re: Firewall session disconnects after 2 minutes of inactivity
- Next by Date: Re: Firewall session disconnects after 2 minutes of inactivity
- Previous by thread: Re: Firewall session disconnects after 2 minutes of inactivity
- Next by thread: Re: Firewall session disconnects after 2 minutes of inactivity
- Index(es):
Relevant Pages
|
Loading
