You add many virtual IP addresses in Microsoft Internet Security and Acceleration (ISA) Server 2006 Enterprise Edition and publish many Web sites behind ISA Server 2006. After you do this, you experience the following symptoms:
You may experience this problem when you create more than 150 virtual IP addresses together with more than 300 Web site publishing rules in ISA Server 2006.
This problem occurs because of a limitation in the number of Web site publishing rules that ISA Server 2006 supports. By default, you cannot configure more than 300 Web site publishing rules in ISA Server 2006.
This problem occurs because 15,000 sockets are available for use with Web listeners. By default, each Web listener allocates 50 sockets from this pool to accept client requests. By default, this gives you a maximum number of 300 Web listeners.
To resolve this problem, install the hotfix that is mentioned in the following Microsoft Knowledge Base article:
925289
(http://support.microsoft.com/kb/925289/
)
Description of the ISA Server 2006 hotfix package: October 02, 2006
After you install this hotfix, follow these steps to enable the functionality that this hotfix provides.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
- Install the following lowLevelSettings.vbs script. To do this, save the lowLevelSettings.vbs script to a location on the ISA Server 2006 computer, type cscript lowLevelSettings.vbs at a command prompt, and then press ENTER.
lowLevelSettings.vbs''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub ShowLowLevelSettings()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim arrayPolicy ' An FPCArrayPolicy object
Dim lowLevel ' An FPClowLevelSetting object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set arrayPolicy = array.ArrayPolicy
CheckError
Set LowLevel = ArrayPolicy.LowLevelSettings
CheckError
WScript.Echo "FwxListenerMaxPendingAccepts...- " & LowLevel.FwxListenerMaxPendingAccepts
LowLevel.FwxListenerMaxPendingAccepts = 30000
array.Save
WScript.Echo "done saving..."
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
ShowLowLevelSettings
- Install the following setWebListenerAcceptingSockets.vbs script. To do this, save the setWebListenerAcceptingSockets.vbs script to a location on the ISA Server 2006 computer, type cscript setWebListenerAcceptingSockets.vbs at a command prompt, and then press ENTER.
setWebListenerAcceptingSockets.vbs''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "NumberOfWebListenerAcceptingSockets"
Const SE_VPS_VALUE = 10
Sub SetValue()
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
End If
End If
Else
WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
SetValue
- Use the ISA Server Management Microsoft Management Console (MMC) snap-in to make sure that all the servers in the array are synchronized. Stop and then restart the Microsoft Firewall service on each array member.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
The lowLevelSettings.vbs script sets the
FwxListenerMaxPendingAccepts value to 30,000 sockets. The setWebListenerAcceptingSockets.vbs script sets a new
VendorParameterSets property. This property controls how many sockets each Web listener uses to accept connections. This value affects each IP address and port combination. By default, ISA Server allows for 50 sockets for each Web listener. The setWebListenerAcceptingSockets.vbs script sets this value to 10 sockets for each Web listener.
This new
VendorParametersSets setting lets you create many additional Web site publishing rules in ISA Server 2006 Enterprise Edition. Consider the following scenario:
- You have 600 virtual IP addresses
- Each IP address has two Web listeners, an HTTP listener and an HTTPS listener.
In this scenario, ISA Server uses the new
VendorParametersSets setting to create 12,000 sockets. This is much less than the new limit of 30,000 sockets that is set by the lowLevelSettings.vbs script.
Important In this kind of configuration, the limiting factor is the non-paged pool memory that is available. For example, the sample scenario in which you create 600 virtual IP addresses together with two listeners for each IP address uses approximately 160 megabytes (MB) of non-paged pool memory. During a period of high network activity, this use of non-paged pool memory may cause the server to stop responding. If you have added the
/3GB option to the Boot.ini file on the server, 160 MB exceeds the amount of non-paged pool memory that can be allocated. Because of this problem, we do not recommend this kind of deployment.
Back to the top
