A Web client may receive incorrect responses from a Web site that is published in ISA Server 2006 when multiple Web clients access the published Web site

Article translations Article translations
Article ID: 937451 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006, you publish a Web site that is secured by the Secure Socket Layer (SSL) protocol.
  • Neither the Web publishing rule nor the Web listener requires authentication.
  • Multiple Web clients access the published Web site. Each client access the Web site in a separate TCP session or in a separate SSL session.
In this scenario, the Web clients may receive incorrect responses from the Web site.

CAUSE

ISA Server 2006 performs connection pooling for the published Web site if ISA Server 2006 does not require authentication. This behavior may cause issues if the Web server assumes that requests originate from the same Web client. The Web server may assume that this is the case when requests are sent on the same TCP connection or on the same SSL connection.

RESOLUTION

To resolve this problem, follow these steps:
  1. Apply hotfix package 938517. For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
    938517 Description of the Internet Security and Acceleration Server 2006 hotfix package that is dated June 5, 2007
  2. Copy the following script into a Notepad file.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME = "EnableHotfix937451"
    Const SE_VPS_VALUE = true
    
    Sub SetValue()
    
        ' Create the root obect.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
    
        ' Get references to the array object
        ' and the network rules collection.
        Set array = root.GetContainingArray
        Set VendorSets = array.VendorParametersSets
    
        On Error Resume Next
        Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    
        If Err.Number <> 0 Then
            Err.Clear
    
            ' Add the item
            Set VendorSet = VendorSets.Add( SE_VPS_GUID )
            CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
    
        Else
            WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
        End If
    
        if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
    
            Err.Clear
            VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
    
            If Err.Number <> 0 Then
                CheckError
            Else
                VendorSets.Save false, true
                CheckError
    
                If Err.Number = 0 Then
                    WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
                End If
            End If
        Else
            WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
        End If
    
    End Sub
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
    SetValue
    
    
  3. Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, save the file by using the following name:
    EnableKB937451.vbs
  4. Start a command prompt, move to the location where you saved the EnableKB937451.vbs file, and then run the following command:
    cscript EnableKB937451.vbs
Note After you run this script, ISA Server 2006 uses a separate connection for each external client. ISA Server 2006 uses a separate connection only for clients that use the HTTPS protocol. This hotfix does not apply to HTTP connections

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

WORKAROUND

To work around this problem, follow these steps:
  1. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the console tree, expand Microsoft Internet Security and Acceleration Server 2006.
  3. If you are running ISA Server 2006 Enterprise Edition, expand Arrays, and then expand the node that corresponds to the array. If you are running ISA Server 2006 Standard Edition, expand the node that corresponds to the server.
  4. Click Firewall Policy.
  5. In the details pane, right-click the Web publishing rule, and then click Properties.
  6. On the To tab, click Requests appear to come from the original client, and then click OK.
  7. Click Apply.

Properties

Article ID: 937451 - Last Review: August 23, 2007 - Revision: 2.0
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
Keywords: 
kbtshoot kbexpertiseinter kbprb KB937451

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com