Help and Support
 

powered byLive Search

The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation

View products that this article applies to.
Article ID:950139
Last Review:March 15, 2008
Revision:1.3

SYMPTOMS

Consider the following scenario:
You publish a Web server in Microsoft Internet Security and Acceleration (ISA) Server 2006.
You configure NTLM authentication delegation in the Web-publishing rule.
In this scenario, the Microsoft Firewall service stops responding to client requests.

Additionally, the following event is logged in the System log:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s).

And the following events are logged in the Application log:

Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14057
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\w3filter.dll generated an exception code C0000005 in address 6473AC0B when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.

Event Type: Error
Event Source: Microsoft ISA Server 2006
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
Faulting application wspsrv.exe, 5.0.5720.100, 44a3a98a, w3filter.dll, 5.0.5720.100, 44a3a962, 0, 0004ac0b.

Back to the top

CAUSE

This issue occurs because the Microsoft Firewall service incorrectly handles incomplete NTLM authentication responses that are received from the published Web server. This behavior is especially likely to occur when the published Web server tries to break the connection to ISA Server.

Back to the top

RESOLUTION

To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
950140 (http://support.microsoft.com/kb/950140/) Description of the ISA Server 2006 hotfix package: March 9, 2008

Back to the top

WORKAROUND

To work around this problem, change the authentication delegation type in the Web-publishing rule. For example, you can use Basic authentication or Kerberos authentication.

Note You must change the authentication type on the published Web server according to the authentication delegation type.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 (http://support.microsoft.com/kb/824684/LN/) Description of the standard terminology that is used to describe Microsoft software updates

Back to the top

APPLIES TO
Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
Microsoft Internet Security and Acceleration Server 2006 Standard Edition

Back to the top

Keywords: 
kbqfe kbexpertiseinter KB950139

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.