Description of WinSock Proxy Auto Detect Support

This article was previously published under Q260210
This article describes how WinSock Proxy Auto Detect (WSPAD) is used to detect Internet Security and Acceleration (ISA) Server computers on the network.
Microsoft Firewall Client has the capability to automatically discover an ISA Server computer or array on the network and use it to provide access to external networks for all WinSock programs that are running on that computer. To do so, ISA Server uses WinSock Proxy Auto Detect protocol (WSPAD).

If the auto discovery function fails, Firewall Client disables itself and starts to pass all WinSock calls straight through without remoting them to the ISA Server computer as it typically does. During this time, Firewall Client continues to try to detect the ISA Server computer every time a program makes a WinSock call.

For auto discovery to work, you must configure the network to support it. WSPAD uses Web Proxy Auto Detect (WPAD) to find resources. The DHCP option 252 (WPAD) is used to send WSPAD information to the client computer. This option holds a string value. The string is the URL that points to a file that contains one or more WinSock Proxy server addresses. DHCP option 252 is typically used as a registration and query point fordiscovery of printers, Web proxies (through WPAD), timeservers, and manyother network services.

The client obtains the value of this DHCP option by using the value that was sent to the DHCP client during client initialization or during a refresh operation. The client has to specifically request this option. Firewall Client that is installed on clients that allow remoting of WinSock calls adds this functionality to the client.

The various WPAD discovery methods may return a partial URL. For the client to find the client configuration file (CFILE) that is needed to determine which ISA Server computer to connect to, the following URL format is used:
The WPAD protocol may return all three parameters of the URL, but may return only a single parameter (the host address). If no value is returned for a parameter, refer to the following table to assign a value:
FieldDefault value
If the host name is not returned from the WPAD protocol, then the discoveryfails. If the WPAD negotiation returns all three values (for example, if you are using the DHCP WPAD URL option), WSPAD parses this URL to find the host, port, and relative path of the WPAD configuration file, and then retrieves the WSPAD.DAT. file name that it appends the URL to construct the final WSPAD URL.

NOTE: If both WPAD and WSPAD are used, you must place both configuration files in the same folder path.

The WSPAD CFILE informs the WinSock Proxy client of all availableWSP servers in the array, and supplies additional parameters such as a load factor and a state flag to aid the server selection.The WSPAD CFILE contains an explicit Time to Live (TTL) entry. After the TTL periodexpires, the WinSock Proxy client purges the CFILE and attempts to retrieve a new CFILE.

The format of the CFILE is the same as the Mspclnt.ini file. It includes parts of the Servers and IP Addresses section. This entire section is included in the WSPAD.DAT file. This section contains IP addresses of the servers in the array or a single DNS name. In the Common section, the following three entries are displayed:
  • Configuration Refresh Time (Hours) - Time until file refresh check
  • Port - Control port on the WSP server
  • ServerVersion - Version of the WSP server (and WSP protocol)
The following text is an example of the CFILE:
[Servers IP Addresses]

Configuration Refresh Time (Hours) = 3
Port = 1745
ServerVersion = 11

Article ID: 260210 - Last Review: 01/15/2006 20:04:50 - Revision: 1.2

Microsoft Internet Security and Acceleration Server 2000 Standard Edition, Microsoft Forefront Threat Management Gateway, Medium Business Edition

  • kbenv kbinfo kbinterop kbnetwork KB260210