Re: 0xc0040017 FWX E TCP NOT SYN PACKET DROPPED

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: penrose.l (anonymous_at_discussions.microsoft.com)
Date: 08/30/04 

Date: Mon, 30 Aug 2004 09:49:31 -0700

Hi Jim ,

In reaction to your posting :

We are providing the ISA server and all the cisco routers
in our network. All cisco's are ( to our best knowledge )
properly configured , and the Microsoft network we have is
entirely based on the MSA infrastructure.
In short the problem can be brought down to this :

client - ISA server - Fileserver ( 2003 enterprise )

when the client copies a file to the fileserver , we get
lots and lots of SYN blocks on the ISA firewall and the
file is cancelled ( the remote network location doesn't
exist anymore or something the client gets ).
Now , we have lots of fileservers ( with different
hardware ) and lots of clients with different hardware ,
and these SYN drops are occuring on all our network
segments connected by our ISA , which lets us believe the
problem is in the ISA.
Is there a way to disable bad SYN packet dropping on the
ISA server as a means of testing ?

We have tried so far :

Disable SYNAttackprotect everywhere ( also ISA ) Disable
Offline files
Disable Caching on harddrives
Disable LargeSystemCache registry hack
Disable DisablePagingExec
We have made rules Allow All
We have upgraded all drivers
We have installed all patches

This is our ISA hardware :

Dell PowerEdge 1550 with Quad Nic Intel Pro1000 / MT

any advice ?

Lex P

Relevant Pages

  • RE: VPN, routing problem with ISA2004
    ... In the office that run SBS2000, what version of ISA is installed? ... > correlate with the network element to which this adapter belongs. ... the address range of an ISA Server network should match the address ...
    (microsoft.public.isa.vpn)
  • RE: ISA Server Error
    ... this issue occurs if the ISA Server network objects ... Under "Address ranges", click the address range that you experience ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Access to External Site
    ... made my ISA 2004 server my default gateway ... A socket operation was attempted to an unreachable network. ... internal users to connect to an external VPN server through Microsoft ... firewall client application and then sent to the ISA server. ...
    (microsoft.public.windows.server.sbs)
  • Re: 3 Leg configuration issue.
    ... Does the ISA server have a routing table entry that describes how to reach ... Did you add this address range to the ISA Internal Network address table? ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isaserver)
  • Re: No front-end in DMZ
    ... >>network in the deployment scenarios before. ... > understand the concept of an ISA and how it would interact with a DMZ. ... placed between external firewall and ISA server, so that you have a DMZ ...
    (microsoft.public.exchange.admin)