ISA Firewall Service Stops Responding on DNS Resolution (818821)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000 SP1
- Microsoft Internet Security and Acceleration Server 2000
SYMPTOMSThe Internet Security and Acceleration (ISA) Server
Firewall service may slow down or stop responding to client requests. ISA
clients may experience slow performance or receive Microsoft Internet Explorer error messages such as the following:
The page cannot be displayed. This may occur when the following
conditions are met: - The ISA Server computer has a Site and Content rule defined that
restricts access based on a domain name (for example, "Deny access to
*.microsoft.com").
- ISA cannot perform DNS lookups for the IP address
of a requested Web site or Pointer (PTR) record.
CAUSEThis occurs because of a code problem that causes ISA Server to temporarily run out of
worker threads during some DNS name checking operations. When this occurs, the ISA
Firewall service may appear to be slow or to stop responding (hang).
To detect this problem with System Monitor, monitor the Available Worker Threads
counter in the ISA Firewall service object. If this value approaches zero, you may see a negative effect on ISA's performance. RESOLUTIONTo resolve this problem, obtain the Update Rollup for ISA Server Services.
For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
810493
Update Rollup for ISA Server Services
WORKAROUNDYou can temporarily work around this problem by
changing the Deny Site and Content rule to specify the IP address of the restricted
site instead of the domain name of the restricted site.
| Modification Type: | Major | Last Reviewed: | 5/15/2006 |
|---|
| Keywords: | kbHotfixServer KB818821 |
|---|
|