Re: ISA Problem or Firewall Client issue?
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian [MSFT])
- Date: Mon, 08 May 2006 09:08:35 GMT
Hi Lesa,
Have you applied the hotfix 898060?
898060 Installing security update MS05-019 or Windows Server 2003 Service
Pack
http://support.microsoft.com/?id=898060
If memory serves me well, in some cases the timeout issue can be caused by
the IE itself. Please refer to this document and install the update:
MS05-054: Cumulative security update for Internet Explorer
http://support.microsoft.com/?id=905915
In addition, "disabling the web proxy in IE" means unchecking the setting
in IE to use a proxy server (all thre options". After you disable the web
proxy in IE on the workstation, please go to the ISA Server and then
disable the Web Proxy filter. Then test the issue to see how things are
going.
We are looking forward to your reply.
Have a nice day!
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
PLEASE NOTE the newsgroup SECURE CODE and PASSWORD will be updated at 9:00
AM PST, February 14, 2006. Please complete a re-registration process by
entering the secure code mmpng06 when prompted. Once you have entered the
secure code mmpng2006, you will be able to update your profile and access
the partner newsgroups.
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Lesa H." <itsplesa@xxxxxxxxxxxxxx>
| References: <OGgbKtWZGHA.3328@xxxxxxxxxxxxxxxxxxxx>
<OzZ8C0WZGHA.4168@xxxxxxxxxxxxxxxxxxxx>
<gp5h193ZGHA.1232@xxxxxxxxxxxxxxxxxxxxx>
<#4NUHw5ZGHA.608@xxxxxxxxxxxxxxxxxxxx>
<T9vi#1EaGHA.932@xxxxxxxxxxxxxxxxxxxxx>
<eKlj9SGaGHA.4160@xxxxxxxxxxxxxxxxxxxx>
<yavO4yPaGHA.880@xxxxxxxxxxxxxxxxxxxxx>
<uH2PXh6aGHA.3524@xxxxxxxxxxxxxxxxxxxx>
<#ew64o6aGHA.4796@xxxxxxxxxxxxxxxxxxxx>
<ZOXSO0PbGHA.2768@xxxxxxxxxxxxxxxxxxxxx>
| Subject: Re: ISA Problem or Firewall Client issue?
| Date: Sat, 6 May 2006 18:12:15 -0500
| Lines: 154
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2869
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
| X-RFC2646: Format=Flowed; Original
| Message-ID: <e8acDKWcGHA.3936@xxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: 209.50.115.250.nw.nuvox.net 209.50.115.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP05.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:266143
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Steven,
|
| Here's an update on troubleshooting to date (I tried each thing one item
at
| a time).
|
| - I did the registry edit in KB905179. It didn't help the situation.
| - I cleared the ISA cache multiple times prior to starting this round of
| fixes. It has no effect.
| - I made the change to correct a possible EDNS0 query problem. This also
had
| no effect.
| - On your last suggestion about disabling the web proxy in IE, do you
mean
| disabling the Proxy Client on the workstation or are you asking me to
| uncheck the setting in IE to use a proxy server? If you are talking about
| disabling the Proxy Client, this doesn't help. I haven't had a chance to
| check if disabling the Web Proxy Filter in ISA works yet. I'll try to get
to
| this as soon as possible.
|
| Let me know about the Firewall Client and I'll test this as well.
|
| Lesa
|
| "Steven Zhu [MSFT]" <v-stezhu@xxxxxxxxxxxxxxxxxxxx> wrote in message
| news:ZOXSO0PbGHA.2768@xxxxxxxxxxxxxxxxxxxxxxxx
| > Hi,
| >
| > Thanks for your email.
| >
| > From your ISA Log and ISA Info, this problem occurs when the ISA
| > Server-based computer sends an HTTP GET request that spans two packets
to
| > a
| > Web server that is running BEA WebLogic Server. In this situation, the
Web
| > server may respond to the HTTP GET request by sending an HTTP 302
Redirect
| > message before the Web server receives the second packet. The Web server
| > may not acknowledge the second packet for a long time. Therefore, the
| > packet eventually times out.
| >
| > Please refer to the following knowledge base article and try the
Hot-fix
| > to
| > solve this issue:
| >
| > You may experience a long delay when you try to use Internet Explorer to
| > access a redirected Web page and Internet Explorer uses ISA Server 2004
as
| > a Web proxy server
| > http://support.microsoft.com/default.aspx?scid=kb;EN-US;905179
| >
| > Installing security update MS05-019 or Windows Server 2003 Service Pack
1
| > may cause network connectivity between clients and servers to fail
| > http://support.microsoft.com/kb/898060/en-us
| >
| > Meanwhile, please try clearing the ISA cache:
| >
| > 1. On the ISA Server computer, stop the Microsoft Firewall service. To
do
| > so:
| > 1). Click Start, click Run, type services.msc in the Open box, and then
| > click OK.
| > 2). Right-click Microsoft Firewall, and then click Stop.
| >
| > 2. Start Windows Explorer.
| >
| > 3. Locate the Urlcache folder.
| >
| > 4. In the Urlcache folder, locate the file that has the .cdat file name
| > extension.
| >
| > 5. Right-click the .cdat file, and then click Delete.
| >
| > 6. When you are prompted to confirm the removal of the .cdat file, click
| > Yes.
| > If you are prompted to delete the .cdat file because it is too big for
the
| > recycle bin, click Yes.
| >
| > 7. Restart the Microsoft Firewall service.
| >
| > For more information:
| >
| > How to delete the Web cache in Internet Security and Acceleration Server
| > 2004
| > http://support.microsoft.com/default.aspx?scid=kb;en-us;838248
| >
| > In addition, this problem could also be caused by the EDNS0 query.
| > Windows Server 2003 supports Extension Mechanisms for DNS (EDNS0)
function
| > which permits the use of larger User Datagram Protocol (UDP) packet
sizes.
| > However, some firewall programs or routers may not permit UDP packets
that
| > are larger than 512 bytes. As a result, these DNS packets may be
blocked.
| >
| > I would like to suggest you try the following steps:
| >
| > 1). Insert SBS 2003 CD2, navigate to \Support\Tools\ Double-click
| > suptools.msi to install the Windows 2003 support tools.
| >
| > 2). At a command prompt, type the following command, and then press
ENTER:
| >
| > "dnscmd /config /enableednsprobes 0" (without the quotation marks)
| >
| > The following information appears:
| >
| > Registry property enableednsprobes successfully reset.
| > Command completed successfully.
| >
| > After you run this command, Windows Server 2003 DNS no longer advertises
| > its EDNS0 capabilities.
| > As a result, the Windows Server 2003 DNS server will not be sent UDP
| > packets that are larger than 512 bytes.
| >
| > For more information, please refer to this KB article:
| >
| > 828263 DNS query responses do not travel through a firewall in Windows
| > Server 2003
| > http://support.microsoft.com/?id=828263
| >
| > If this issue persists, please let me know the following result:
| >
| > 1. Please disable the web proxy in IE on one workstation, does this
issue
| > disappear?
| >
| > 2. Open the ISA management console, navigate to Firewall Policy, on the
| > right pane, click ToolBox->Protocols, locate the HTTP protocol, double
| > click it and go to the Parameters tab, under "Application Filters",
please
| > disable the Web Proxy Filter.
| >
| > 3. Go back to the workstation, does this issue disappear?
| >
| > I hope the above information helps.
| >
| > Have a good day.
| >
| > Best Regards,
| >
| > Steven Zhu
| > MCSE
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > PLEASE NOTE the newsgroup SECURE CODE and PASSWORD were
| > updated on February 14, 2006.? Please complete a re-registration process
| > by entering the secure code mmpng06 when prompted. Once you have
| > entered the secure code mmpng06, you will be able to update your profile
| > and access the partner newsgroups.
| > ======================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from this issue.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
| > rights.
| > ======================================================
| >
| >
| >
| >
| >
| >
| >
|
|
|
.
- References:
- Re: ISA Problem or Firewall Client issue?
- From: Steven Zhu [MSFT]
- Re: ISA Problem or Firewall Client issue?
- From: Lesa H.
- Re: ISA Problem or Firewall Client issue?
- Prev by Date: Re: Problems after ISA 2004 Service pack 2
- Next by Date: Forced disconnection
- Previous by thread: Re: ISA Problem or Firewall Client issue?
- Next by thread: Re: IMF not using CustomWeight file.
- Index(es):
Relevant Pages
|
