A Web client may receive incorrect responses from a Web site that is published in ISA Server 2006 when multiple Web clients access the published Web site

This article has been archived. It is offered "as is" and will no longer be updated.
SYMPTOMS
Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006, you publish a Web site that is secured by the Secure Socket Layer (SSL) protocol.
  • Neither the Web publishing rule nor the Web listener requires authentication.
  • Multiple Web clients access the published Web site. Each client access the Web site in a separate TCP session or in a separate SSL session.
In this scenario, the Web clients may receive incorrect responses from the Web site.
CAUSE
ISA Server 2006 performs connection pooling for the published Web site if ISA Server 2006 does not require authentication. This behavior may cause issues if the Web server assumes that requests originate from the same Web client. The Web server may assume that this is the case when requests are sent on the same TCP connection or on the same SSL connection.
RESOLUTION
To resolve this problem, follow these steps:
  1. Apply hotfix package 938517. For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
    938517 Description of the Internet Security and Acceleration Server 2006 hotfix package that is dated June 5, 2007
  2. Copy the following script into a Notepad file.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"Const SE_VPS_NAME = "EnableHotfix937451"Const SE_VPS_VALUE = trueSub SetValue()    ' Create the root obect.    Dim root  ' The FPCLib.FPC root object    Set root = CreateObject("FPC.Root")    'Declare the other objects needed.    Dim array       ' An FPCArray object    Dim VendorSets  ' An FPCVendorParametersSets collection    Dim VendorSet   ' An FPCVendorParametersSet object    ' Get references to the array object    ' and the network rules collection.    Set array = root.GetContainingArray    Set VendorSets = array.VendorParametersSets    On Error Resume Next    Set VendorSet = VendorSets.Item( SE_VPS_GUID )    If Err.Number <> 0 Then        Err.Clear        ' Add the item        Set VendorSet = VendorSets.Add( SE_VPS_GUID )        CheckError        WScript.Echo "New VendorSet added... " & VendorSet.Name    Else        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)    End If    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then        Err.Clear        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE        If Err.Number <> 0 Then            CheckError        Else            VendorSets.Save false, true            CheckError            If Err.Number = 0 Then                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"            End If        End If    Else        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"    End IfEnd SubSub CheckError()    If Err.Number <> 0 Then        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description        Err.Clear    End IfEnd SubSetValue
  3. Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, save the file by using the following name:
    EnableKB937451.vbs
  4. Start a command prompt, move to the location where you saved the EnableKB937451.vbs file, and then run the following command:
    cscript EnableKB937451.vbs
Note After you run this script, ISA Server 2006 uses a separate connection for each external client. ISA Server 2006 uses a separate connection only for clients that use the HTTPS protocol. This hotfix does not apply to HTTP connections
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
WORKAROUND
To work around this problem, follow these steps:
  1. Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
  2. In the console tree, expand Microsoft Internet Security and Acceleration Server 2006.
  3. If you are running ISA Server 2006 Enterprise Edition, expand Arrays, and then expand the node that corresponds to the array. If you are running ISA Server 2006 Standard Edition, expand the node that corresponds to the server.
  4. Click Firewall Policy.
  5. In the details pane, right-click the Web publishing rule, and then click Properties.
  6. On the To tab, click Requests appear to come from the original client, and then click OK.
  7. Click Apply.
Properties

Article ID: 937451 - Last Review: 01/15/2015 08:47:34 - Revision: 2.0

  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • kbnosurvey kbarchive kbtshoot kbexpertiseinter kbprb KB937451
Feedback