SYMPTOMS
If a Web server is Web published by Internet Security and Acceleration Server, and the internal Web server accepts or requires client certificate authentication, you may receive the following error message when Internet Security and Acceleration Server 2000 receives a request for a Web Published site:
500: ( Operation Would Block. For more information about this event, see ISA Server Help. )
The Web Proxy log file on ISA Server computer may show that the request failed with a sc-status code of 10035 (WSAEWOULDBLOCK).
Depending on timing, the back-end Web server may log one of the following error codes. These error codes are from an IIS Web server, but the problem is not specific to IIS. It may occur with any Web server, and the error codes may vary.
If the error occurs before all data has been sent from ISA to the internal Web server, ISA will reset the connection because it treats the Winsock error as a fatal error. The Web server sees the connection being closed before all data has been received and returns a HTTP 400 response to ISA. The following event is logged in the IIS log file:
sc-status 400 (HTTP 400 - Bad Request)
sc-win32-status 64 (The specified network name is no longer available.)
If the error occurs immediately after all data has been sent and during ordinary SSL tunnel maintenance, ISA will again reset the connection.
In this case the Web server has received all the expected request data and then immediately received the reset from ISA. As the connection has been reset by the client the Web server cannot return the response to the client and therefore logs the fact that connection was reset by the client. The following event is logged in the IIS log file:
sc-status 500
sc-win32-status 10054 (WSAECONNRESET)
In both of these scenarios, the messages that are seen by the client and the events that are logged in the ISA log are the same.
RESOLUTION
To resolve this problem, obtain latest service pack for ISA Server 2000.
For additional information about the latest service pack, click the following article number to view the article in the Microsoft Knowledge Base:
313139
How to obtain the latest Internet Security and Acceleration Server 2000 service pack