You are currently offline, waiting for your internet to reconnect

The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation

SYMPTOMS
Consider the following scenario:
  • You publish a Web server in Microsoft Internet Security and Acceleration (ISA) Server 2006.
  • You configure NTLM authentication delegation in the Web-publishing rule.
In this scenario, the Microsoft Firewall service stops responding to client requests.

Additionally, the following event is logged in the System log:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s).

And the following events are logged in the Application log:

Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14057
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\w3filter.dll generated an exception code C0000005 in address 6473AC0B when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.

Event Type: Error
Event Source: Microsoft ISA Server 2006
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
Faulting application wspsrv.exe, 5.0.5720.100, 44a3a98a, w3filter.dll, 5.0.5720.100, 44a3a962, 0, 0004ac0b.

CAUSE
This issue occurs because the Microsoft Firewall service incorrectly handles incomplete NTLM authentication responses that are received from the published Web server. This behavior is especially likely to occur when the published Web server tries to break the connection to ISA Server.
RESOLUTION
To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
950140 Description of the ISA Server 2006 hotfix package: March 9, 2008
WORKAROUND
To work around this problem, change the authentication delegation type in the Web-publishing rule. For example, you can use Basic authentication or Kerberos authentication.

Note You must change the authentication type on the published Web server according to the authentication delegation type.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
REFERENCES
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 950139 - Last Review: 03/15/2008 12:36:09 - Revision: 1.3

  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • kbqfe kbexpertiseinter KB950139
Feedback