ISA Server 2006 may forward requests to an incorrect Web server when a client computer accesses Web sites that have different public names in the same session

This article has been archived. It is offered "as is" and will no longer be updated.
Consider the following scenario:
  • In Microsoft Internet Security and Acceleration (ISA) Server 2006, you create a Web farm that contains multiple Web servers.
  • You create multiple Web publishing rules to publish multiple public names that use the same Web farm.
  • In the Web publishing rules, the load balance mechanism is set to Cookie based.
In this scenario, ISA Server may forward requests to an incorrect Web server. When a client computer accesses Web sites that have different public names in the same session, ISA Server does not forward the request to the same Web server.

For example, this problem occurs when the client accesses the following Web sites in the same session:
This problem occurs when the Web browser does not send a Web Publishing Load Balancing (WPLB) cookie to ISA Server.

By default, a Web browser does not use a cookie from one site in a request that it sends to another site. Before the current fix is enabled, ISA Server will send to the client a Set-Cookie HTTP header that contains the first public name that is specified in the publishing rule. Therefore, the request that is sent to ISA Server for a public name other than the first public name does not contain the WPLB cookie. In this scenario, ISA Server may select a different server from the Web farm to handle the request.
To resolve this problem, follow these steps:
  1. Apply the hotfix package that is described in the following Microsoft Knowledge Base article:
    945225 Description of the ISA Server 2006 hotfix package: November 18, 2007
  2. Start Notepad.
  3. Copy and then paste the following text into Notepad.

    Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
    ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-'    This code is Copyright (c) 2007 Microsoft Corporation.  ''    All rights reserved.''    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A'    PARTICULAR PURPOSE.''    IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE'    LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE'    OF THIS CODE OR INFORMATION.'' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"Const SE_VPS_NAME = "CreateDomainCookie"Const SE_VPS_VALUE = true'Define the constants neededconst Error_FileNotFound = &H80070002Const fpcPolicyWebPublishing = 2Main(WScript.Arguments)Sub Main(args)    If(args.Count = 1) Then        SetWPLBhttpOnly args(0)    Else        Usage()    End IfEnd SubSub SetWPLBhttpOnly(ruleName)    ' Create the root object.    Dim root  ' The FPCLib.FPC root object    Set root = CreateObject("FPC.Root")    ' Declare the other objects needed.    Dim isaArray        ' An FPCArray object    Dim rule            ' An FPCPolicyRule object    ' Obtain a reference to the array object.    Set isaArray = root.GetContainingArray()    ' Obtain a reference to the policy rule specified.    On Error Resume Next    Set rule = isaArray.ArrayPolicy.PolicyRules.Item(ruleName)    If Err.Number = Error_FileNotFound Then        WScript.Echo "The policy rule specified could not be found."    Else        Err.Clear        On Error GoTo 0        If rule.Type = fpcPolicyWebPublishing Then            Dim VendorSets  ' An FPCVendorParametersSets collection            Dim VendorSet   ' An FPCVendorParametersSet object            Set VendorSets = rule.VendorParametersSets            On Error Resume Next            Set VendorSet = VendorSets.Item( SE_VPS_GUID )            If Err.Number <> 0 Then                Err.Clear                ' Add the item                Set VendorSet = VendorSets.Add( SE_VPS_GUID )                CheckError                WScript.Echo "New VendorSet added... " & VendorSet.Name            Else                WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)            End If            if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then                Err.Clear                VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE                If Err.Number <> 0 Then                        CheckError                End If            End If            rule.Save            WScript.Echo "Done!"        Else            WScript.Echo "The policy rule specified is not a Web publishing rule."        End If    End IfEnd SubSub Usage()    WScript.Echo "Usage:" & VbCrLf _        & "  " & WScript.ScriptName & " RuleName" & VbCrLf _        & "" & VbCrLf _        & "    RuleName - Name of the Web publishing rule"    WScript.QuitEnd SubSub CheckError()    If Err.Number <> 0 Then        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description        Err.Clear    End IfEnd Sub
  4. Save the file as a .vbs file. For example, use the following name to save the file:
  5. Open a command prompt, move to the location in which you saved the CreateDomainCookie.vbs file, and then type the following command:
    cscript CreateDomainCookie.vbs Rulename
    Note Replace the Rulename placeholder with the name of the publishing rule.
After you follow these steps, ISA Server checks the top-level domain from the host header in the request. Then, ISA Server uses this domain as a WPLB cookie domain. For example, if the requested host header is, the cookie will be "cookie domain:"

Note When ISA Server obtains the top-level domain, ISA Server merely extracts the rightmost two names. For example, if the site name is, ISA Server uses as the top-level domain in the WPLB cookie. Therefore, this fix does not help you if your top-level domain resembles "" or if you want to use as the top-level domain. In this case, you can use another fix to specify a single top-level domain that can be used in all WPLB cookies. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
940242 ISA Server 2006 forwards requests to an incorrect Web server when a client computer accesses Web sites that have different host names in the same session
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Article ID: 945224 - Last Review: 01/15/2015 18:38:19 - Revision: 1.1

  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • kbnosurvey kbarchive kbexpertiseinter kbbug kbfix kbqfe KB945224