Article ID: 940343 - View products that this article applies to.
In Microsoft Internet Security and Acceleration (ISA) Server 2006, you enable network traffic prioritization that is based on differentiated services (DiffServ). Then, an HTTP client establishes a TCP connection for HTTP communication that is not secured by the Secure Socket Layer (SSL) protocol. However, when the client reuses the TCP connection to try to establish an SSL tunnel, ISA Server 2006 drops the HTTP CONNECT request.
This problem occurs because the DiffServ filter cannot parse the URL when the HTTP client sends an HTTP CONNECT request on a TCP connection that has already been used for non-SSL communication. In this situation, the DiffServ filter stops trying to establish the SSL tunnel. The filter then sends a TCP FIN packet to the HTTP client.
To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
(http://support.microsoft.com/kb/940250/ )Description of the ISA Server 2006 hotfix package: date
To work around this problem, disable the DiffServ filter. To do this, follow these steps:
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
To enable the network traffic prioritization as the "Symptoms" section describes, perform the following actions:
Article ID: 940343 - Last Review: August 14, 2007 - Revision: 1.1