ISA Server 2006 may forward requests to an incorrect Web server when a client computer accesses Web sites that have different public names in the same session

Article translations Article translations
Article ID: 945224 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006, you create a Web farm that contains multiple Web servers.
  • You create multiple Web publishing rules to publish multiple public names that use the same Web farm.
  • In the Web publishing rules, the load balance mechanism is set to Cookie based.
In this scenario, ISA Server may forward requests to an incorrect Web server. When a client computer accesses Web sites that have different public names in the same session, ISA Server does not forward the request to the same Web server.

For example, this problem occurs when the client accesses the following Web sites in the same session:
  • http://Name1.domain.com/Site1
  • http://Name2.domain.com/Site1

CAUSE

This problem occurs when the Web browser does not send a Web Publishing Load Balancing (WPLB) cookie to ISA Server.

By default, a Web browser does not use a cookie from one site in a request that it sends to another site. Before the current fix is enabled, ISA Server will send to the client a Set-Cookie HTTP header that contains the first public name that is specified in the publishing rule. Therefore, the request that is sent to ISA Server for a public name other than the first public name does not contain the WPLB cookie. In this scenario, ISA Server may select a different server from the Web farm to handle the request.

RESOLUTION

To resolve this problem, follow these steps:
  1. Apply the hotfix package that is described in the following Microsoft Knowledge Base article:
    945225 Description of the ISA Server 2006 hotfix package: November 18, 2007
  2. Start Notepad.
  3. Copy and then paste the following text into Notepad.

    Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
    ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
    ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
    
    '    This code is Copyright (c) 2007 Microsoft Corporation.  
    '
    '    All rights reserved.
    '
    '    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
    '    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
    '    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
    '    PARTICULAR PURPOSE.
    '
    '    IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE
    '    LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
    '    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
    '    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
    '    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
    '    OF THIS CODE OR INFORMATION.
    '
    ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
    
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME = "CreateDomainCookie"
    Const SE_VPS_VALUE = true
    
    
    'Define the constants needed
    const Error_FileNotFound = &H80070002
    Const fpcPolicyWebPublishing = 2
    
    Main(WScript.Arguments)
    
    Sub Main(args)
    
        If(args.Count = 1) Then
            SetWPLBhttpOnly args(0)
        Else
            Usage()
        End If
    End Sub
    
    Sub SetWPLBhttpOnly(ruleName)
    
        ' Create the root object.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        ' Declare the other objects needed.
        Dim isaArray        ' An FPCArray object
        Dim rule            ' An FPCPolicyRule object
    
        ' Obtain a reference to the array object.
        Set isaArray = root.GetContainingArray()
    
        ' Obtain a reference to the policy rule specified.
        On Error Resume Next
        Set rule = isaArray.ArrayPolicy.PolicyRules.Item(ruleName)
        If Err.Number = Error_FileNotFound Then
            WScript.Echo "The policy rule specified could not be found."
        Else
            Err.Clear
            On Error GoTo 0
            If rule.Type = fpcPolicyWebPublishing Then
    
                Dim VendorSets  ' An FPCVendorParametersSets collection
                Dim VendorSet   ' An FPCVendorParametersSet object
    
                Set VendorSets = rule.VendorParametersSets
    
                On Error Resume Next
                Set VendorSet = VendorSets.Item( SE_VPS_GUID )
    
                If Err.Number <> 0 Then
                    Err.Clear
    
                    ' Add the item
                    Set VendorSet = VendorSets.Add( SE_VPS_GUID )
                    CheckError
                    WScript.Echo "New VendorSet added... " & VendorSet.Name
    
                Else
                    WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
                End If
    
                if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
    
                    Err.Clear
                    VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
    
                    If Err.Number <> 0 Then
                            CheckError
                    End If
                End If
    
                rule.Save
                WScript.Echo "Done!"
    
            Else
                WScript.Echo "The policy rule specified is not a Web publishing rule."
            End If
        End If
    
    End Sub
    
    Sub Usage()
        WScript.Echo "Usage:" & VbCrLf _
            & "  " & WScript.ScriptName & " RuleName" & VbCrLf _
            & "" & VbCrLf _
            & "    RuleName - Name of the Web publishing rule"
        WScript.Quit
    End Sub
    
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
  4. Save the file as a .vbs file. For example, use the following name to save the file:
    CreateDomainCookie.vbs
  5. Open a command prompt, move to the location in which you saved the CreateDomainCookie.vbs file, and then type the following command:
    cscript CreateDomainCookie.vbs Rulename
    Note Replace the Rulename placeholder with the name of the publishing rule.
After you follow these steps, ISA Server checks the top-level domain from the host header in the request. Then, ISA Server uses this domain as a WPLB cookie domain. For example, if the requested host header is test.xxx.domain.com, the cookie will be "cookie domain: .domain.com."

Note When ISA Server obtains the top-level domain, ISA Server merely extracts the rightmost two names. For example, if the site name is a.b.c.d.com, ISA Server uses .d.com as the top-level domain in the WPLB cookie. Therefore, this fix does not help you if your top-level domain resembles "domain.co.uk" or if you want to use c.d.com as the top-level domain. In this case, you can use another fix to specify a single top-level domain that can be used in all WPLB cookies. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
940242 ISA Server 2006 forwards requests to an incorrect Web server when a client computer accesses Web sites that have different host names in the same session

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 945224 - Last Review: January 2, 2008 - Revision: 1.1
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Keywords: 
kbexpertiseinter kbbug kbfix kbqfe KB945224

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com