Consider the following scenario:
- In Microsoft Internet Security and Acceleration (ISA) Server 2006, you create a Web farm that contains multiple Web servers.
- You create multiple Web publishing rules to publish multiple public names that use the same Web farm.
- In the Web publishing rules, the load balance mechanism is set to Cookie based.
In this scenario, ISA Server may forward requests to an incorrect Web server. When a client computer accesses Web sites that have different public names in the same session, ISA Server does not forward the request to the same Web server.
For example, this problem occurs when the client accesses the following Web sites in the same session:
- http://Name1.domain.com/Site1
- http://Name2.domain.com/Site1
This problem occurs when the Web browser does not send a Web Publishing Load Balancing (WPLB) cookie to ISA Server.
By default, a Web browser does not use a cookie from one site in a request that it sends to another site. Before the current fix is enabled, ISA Server will send to the client a Set-Cookie HTTP header that contains the first public name that is specified in the publishing rule. Therefore, the request that is sent to ISA Server for a public name other than the first public name does not contain the WPLB cookie. In this scenario, ISA Server may select a different server from the Web farm to handle the request.
To resolve this problem, follow these steps:
- Apply the hotfix package that is described in the following Microsoft Knowledge Base article:
945225
(http://support.microsoft.com/kb/945225/
)
Description of the ISA Server 2006 hotfix package: November 18, 2007
- Start Notepad.
- Copy and then paste the following text into Notepad.
Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
' This code is Copyright (c) 2007 Microsoft Corporation.
'
' All rights reserved.
'
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
' IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE
' LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
' OF THIS CODE OR INFORMATION.
'
' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "CreateDomainCookie"
Const SE_VPS_VALUE = true
'Define the constants needed
const Error_FileNotFound = &H80070002
Const fpcPolicyWebPublishing = 2
Main(WScript.Arguments)
Sub Main(args)
If(args.Count = 1) Then
SetWPLBhttpOnly args(0)
Else
Usage()
End If
End Sub
Sub SetWPLBhttpOnly(ruleName)
' Create the root object.
Dim root ' The FPCLib.FPC root object
Set root = CreateObject("FPC.Root")
' Declare the other objects needed.
Dim isaArray ' An FPCArray object
Dim rule ' An FPCPolicyRule object
' Obtain a reference to the array object.
Set isaArray = root.GetContainingArray()
' Obtain a reference to the policy rule specified.
On Error Resume Next
Set rule = isaArray.ArrayPolicy.PolicyRules.Item(ruleName)
If Err.Number = Error_FileNotFound Then
WScript.Echo "The policy rule specified could not be found."
Else
Err.Clear
On Error GoTo 0
If rule.Type = fpcPolicyWebPublishing Then
Dim VendorSets ' An FPCVendorParametersSets collection
Dim VendorSet ' An FPCVendorParametersSet object
Set VendorSets = rule.VendorParametersSets
On Error Resume Next
Set VendorSet = VendorSets.Item( SE_VPS_GUID )
If Err.Number <> 0 Then
Err.Clear
' Add the item
Set VendorSet = VendorSets.Add( SE_VPS_GUID )
CheckError
WScript.Echo "New VendorSet added... " & VendorSet.Name
Else
WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME)
End If
if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
Err.Clear
VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
If Err.Number <> 0 Then
CheckError
End If
End If
rule.Save
WScript.Echo "Done!"
Else
WScript.Echo "The policy rule specified is not a Web publishing rule."
End If
End If
End Sub
Sub Usage()
WScript.Echo "Usage:" & VbCrLf _
& " " & WScript.ScriptName & " RuleName" & VbCrLf _
& "" & VbCrLf _
& " RuleName - Name of the Web publishing rule"
WScript.Quit
End Sub
Sub CheckError()
If Err.Number <> 0 Then
WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
Err.Clear
End If
End Sub
- Save the file as a .vbs file. For example, use the following name to save the file:
CreateDomainCookie.vbs
- Open a command prompt, move to the location in which you saved the CreateDomainCookie.vbs file, and then type the following command:
cscript CreateDomainCookie.vbs Rulename
Note Replace the Rulename placeholder with the name of the publishing rule.
After you follow these steps, ISA Server checks the top-level domain from the host header in the request. Then, ISA Server uses this domain as a WPLB cookie domain. For example, if the requested host header is test.xxx.domain.com, the cookie will be "cookie domain: .domain.com."
Note When ISA Server obtains the top-level domain, ISA Server merely extracts the rightmost two names. For example, if the site name is
a.
b.
c.
d.com, ISA Server uses .
d.com as the top-level domain in the WPLB cookie. Therefore, this fix does not help you if your top-level domain resembles "
domain.co.uk" or if you want to use
c.
d.com as the top-level domain. In this case, you can use another fix to specify a single top-level domain that can be used in all WPLB cookies.
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
940242
(http://support.microsoft.com/kb/940242/
)
ISA Server 2006 forwards requests to an incorrect Web server when a client computer accesses Web sites that have different host names in the same session
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684
(http://support.microsoft.com/kb/824684/
)
Description of the standard terminology that is used to describe Microsoft software updates
Back to the top
