Uploading files by using an HTTP Post through Proxy Server 2.0 may fail after you install the fixes in Q296458, Q301625 or Q299444 (318619)
The information in this article applies to:
- Microsoft Proxy Server 2.0
- Microsoft Internet Information Services 5.0
- Microsoft Internet Information Server 4.0
This article was previously published under Q318619 We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site: SYMPTOMS
Uploading files by using an HTTP Post through Proxy Server 2.0 may fail with some third-party client applications under the following circumstances: - After you install the security patch that is included in the Microsoft Knowledge Base article Q296458.
- After you install the package in which this security patch is included:
- For Microsoft Windows NT 4.0: Q301625
- For Microsoft Windows 2000: Q299444
- If you are using NTLM Authentication on Proxy Server (Default Website).
Note These symptoms do not occur if you are using: - Internet Security and Acceleration (ISA) Server
- Basic Authentication on Proxy Server (Default Website)
- Anonymous Authentication
CAUSE
The security fix Q296458 (for Windows NT 4.0 and for Windows 2000) causes a regression on Internet Information Server (IIS) 4.0 and on Internet Information Services (IIS) 5.0 if you have installed Proxy Server 2.0 and you have configured NTLM Authentication on the default Web site. This problem occurs because some third-party applications (that are configured to use Proxy Server 2.0) send requests to the host name of the destination URL first, and then to the IP address on the same, authenticated, NTLM Proxy connection. When you install the security patch, the TCP connection is closed because the host headers are changed on the same connection. When this occurs, an access denied error (407) is sent from the Proxy server to the third-party client application; however, because the third-party client cannot handle the unexpected re-authentication request, the upload fails.RESOLUTION
Install the regression hotfix that is included in the following Microsoft Knowledge Base articles: - For Internet Information Services 5.0: Q309562
- For Internet Information Server 4.0: Q308244
REFERENCES
Click the following links to see the Microsoft Knowledge Base articles that are referenced throughout this article:
308244 NTLM password changes may fail after Q299444 and Q301625 applied
309562 Proxy-to-Proxy authentication error after installing IIS patch
296458 IIS disregards host headers when using keep-alives
301625 MS01-044: Patch available for SSI privilege elevation vulnerability
299444 Post-Windows NT 4.0 SP6a Security Rollup Package (SRP)
| Modification Type: | Major | Last Reviewed: | 11/16/2005 |
|---|
| Keywords: | kbfix kbprb KB318619 |
|---|
|