Article ID: 937434 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
When clients connect to a Web site that you published by using Microsoft Internet Security and Acceleration (ISA) Server 2006, the Microsoft Firewall service (fwsrv) may use 100 percent of the CPU resources.
You may experience this problem if the following conditions are both true:
This problem occurs if ISA Server 2006 cannot renegotiate the encryption keys with the client.
On the Authentication Preferences tab of the Advanced Authentication Options dialog box for the Web listener, you can use the SSL client certificate timeout (seconds) check box together with a value to configure when the client certificate times out. By default, this value is set to 300 seconds. When the client certificate times out, ISA Server 2006 tries to renegotiate encryption keys with the client.
A hotfix is available for computers that are running ISA Server 2006. To resolve this problem, install the hotfix that is described in the following Microsoft Knowledge Base article:
(https://support.microsoft.com/kb/937186/ )Description of the ISA Server 2006 hotfix package that is dated May 14, 2007
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
How to determine whether the Web listener requires client SSL certificates
Article ID: 937434 - Last Review: January 16, 2015 - Revision: 2.0