Consider the following scenario:
- In Microsoft Internet Security and Acceleration (ISA) Server 2006, you publish a Web site that is secured by the Secure Socket Layer (SSL) protocol.
- Neither the Web publishing rule nor the Web listener requires authentication.
- Multiple Web clients access the published Web site. Each client access the Web site in a separate TCP session or in a separate SSL session.
In this scenario, the Web clients may receive incorrect responses from the Web site.
ISA Server 2006 performs connection pooling for the published Web site if ISA Server 2006 does not require authentication. This behavior may cause issues if the Web server assumes that requests originate from the same Web client. The Web server may assume that this is the case when requests are sent on the same TCP connection or on the same SSL connection.
To resolve this problem, follow these steps:
- Apply hotfix package 938517.
For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
938517
(http://support.microsoft.com/kb/938517/
)
Description of the Internet Security and Acceleration Server 2006 hotfix package that is dated June 5, 2007
- Copy the following script into a Notepad file.
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "EnableHotfix937451"
Const SE_VPS_VALUE = true
Sub SetValue()
' Create the root obect.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
'Declare the other objects needed.
Dim array ' An FPCArray object
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
' Get references to the array object
' and the network rules collection.
Set array = root.GetContainingArray
Set VendorSets = array.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
Else
VendorSets.Save false, true
CheckError
If Err.Number = 0 Then
WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
End If
End If
Else
WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
End If
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
SetValue
- Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, save the file by using the following name:
EnableKB937451.vbs
- Start a command prompt, move to the location where you saved the EnableKB937451.vbs file, and then run the following command:
cscript EnableKB937451.vbs
Note After you run this script, ISA Server 2006 uses a separate connection for each external client. ISA Server 2006 uses a separate connection only for clients that use the HTTPS protocol. This hotfix does not apply to HTTP connections
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
To work around this problem, follow these steps:
- Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
- In the console tree, expand Microsoft Internet Security and Acceleration Server 2006.
- If you are running ISA Server 2006 Enterprise Edition, expand Arrays, and then expand the node that corresponds to the array. If you are running ISA Server 2006 Standard Edition, expand the node that corresponds to the server.
- Click Firewall Policy.
- In the details pane, right-click the Web publishing rule, and then click Properties.
- On the To tab, click Requests appear to come from the original client, and then click OK.
- Click Apply.
Back to the top
