The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation

Article translations Article translations
Article ID: 950139 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • You publish a Web server in Microsoft Internet Security and Acceleration (ISA) Server 2006.
  • You configure NTLM authentication delegation in the Web-publishing rule.
In this scenario, the Microsoft Firewall service stops responding to client requests.

Additionally, the following event is logged in the System log:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s).

And the following events are logged in the Application log:

Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14057
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\w3filter.dll generated an exception code C0000005 in address 6473AC0B when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.

Event Type: Error
Event Source: Microsoft ISA Server 2006
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
Faulting application wspsrv.exe, 5.0.5720.100, 44a3a98a, w3filter.dll, 5.0.5720.100, 44a3a962, 0, 0004ac0b.

CAUSE

This issue occurs because the Microsoft Firewall service incorrectly handles incomplete NTLM authentication responses that are received from the published Web server. This behavior is especially likely to occur when the published Web server tries to break the connection to ISA Server.

RESOLUTION

To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
950140 Description of the ISA Server 2006 hotfix package: March 9, 2008

WORKAROUND

To work around this problem, change the authentication delegation type in the Web-publishing rule. For example, you can use Basic authentication or Kerberos authentication.

Note You must change the authentication type on the published Web server according to the authentication delegation type.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 950139 - Last Review: March 15, 2008 - Revision: 1.3
APPLIES TO
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Keywords: 
kbqfe kbexpertiseinter KB950139

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com