ISA Server 2004 client computers may experience an excessive delay before their connection requests are served (919355)



The information in this article applies to:

  • Microsoft Internet Security and Acceleration Server 2004, Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004, Enterprise Edition

SYMPTOMS

Consider the following scenario:
  • You have an upstream firewall or proxy server that does not close a TCP session that is established by a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.
  • The firewall or the proxy server does not respond to additional requests to use the TCP session.
In this scenario, ISA Server 2004 client computers may experience an excessive delay before their connection requests are served. The ISA Server client computers may receive an error message if they cannot connect to an ISA Server computer through a firewall or through a proxy server.

CAUSE

This problem occurs if the upstream firewall or proxy server does not act in compliance with Request for Comments (RFC) 793, "Transmission Control Protocol" and drops connections. The behavior can cause the ISA Server client computers to experience an excessive delay during content access or during error messaging.

This problem occurs even though the following conditions are true:
  • The ISA Server computer works according to design specifications at the Winsock level.
  • The operating system TCP/IP stack enforces strict compliance with RFC 793.

RESOLUTION

To resolve this problem, install the hotfix that is described in the Microsoft Knowledge Base article 919012 on the ISA Server computer. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

919012 Description of the ISA Server 2004 hotfix package: May 10, 2006


After you apply the hotfix, run the following Microsoft Visual Basic script. This script sets the KeepAliveTimeout registry value to 20 seconds.

Note You can change the KeepAliveTimeout value in the script to accommodate your network topology.

To run the script, follow these steps.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Click Start, point to Programs, point to Accessories, and then click Notepad.
  2. Copy the following code, and then paste it into Notepad.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    '
    ' Copyright (c) Microsoft Corporation. All rights reserved.
    ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
    ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
    ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
    ' HEREBY PERMITTED.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' This script adds a KeepAlive value to a given protocol definition.
    ' The value is in seconds.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    
    Sub AddKA2Protocol()
    
        ' Create the root object.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim RuleElements  ' an FPCRuleElements objects.
        Dim ProtocolDefinitions ' an FPCProtocolDefinitions collection.
        Dim ProtocolDefinition  ' an FPCProtocolDefinition object.
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
    
        ' Get references to the array object
        ' and the protocols collection.
        Set array = root.GetContainingArray
    
        On Error Resume Next
        Set RuleElements = array.RuleElements
        CheckError
    
        Set ProtocolDefinitions = RuleElements.ProtocolDefinitions
        CheckError
    
        Wscript.Echo "Number of protocols- " & ProtocolDefinitions.Count
    
        Set ProtocolDefinition = ProtocolDefinitions.Item("HTTP")
    
        Set VendorSets = ProtocolDefinition.VendorParametersSets
        Set VendorSet = VendorSets.Item( "{80ad2d9c-725e-4fcd-a1d4-32c8042c774f}" )
    
        If Err.Number <> 0 Then
            Err.Clear
    
            ' Add the item
            Set VendorSet = VendorSets.Add( "{80ad2d9c-725e-4fcd-a1d4-32c8042c774f}" )
            CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
    
        Else
            WScript.Echo "Existing VendorSet found..."
        End If
    
        VendorSet.Value("KeepAliveTimeout") = 20 ' value in seconds.
    
        VendorSets.Save false, true
    
        WScript.Echo "Done..."
    
    End Sub
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
    AddKA2Protocol
    
  3. Save the Notepad file as HTTPKeepAliveTimeOut.vbs.
  4. Double-click the .vbs file to run the script.
Important If you want to remove hotfix 919012, run the following VisualBasic script before you uninstall the hotfix.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
' Copyright (c) Microsoft Corporation. All rights reserved.
' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
' HEREBY PERMITTED.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' This script removes a KeepAlive value from a given protocol definition.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Sub RemoveKAFromProtocol()

    ' Create the root object.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim RuleElements  ' an FPCRuleElements objects.
    Dim ProtocolDefinitions ' an FPCProtocolDefinitions collection.
    Dim ProtocolDefinition  ' an FPCProtocolDefinition object.
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the protocols collection.
    Set array = root.GetContainingArray

    On Error Resume Next
    Set RuleElements = array.RuleElements
    CheckError

    Set ProtocolDefinitions = RuleElements.ProtocolDefinitions
    CheckError

    Wscript.Echo "Number of protocols- " & ProtocolDefinitions.Count

    Set ProtocolDefinition = ProtocolDefinitions.Item("HTTP")

    Set VendorSets = ProtocolDefinition.VendorParametersSets
    Set VendorSet = VendorSets.Item( "{80ad2d9c-725e-4fcd-a1d4-32c8042c774f}" )

    If Err.Number <> 0 Then
        CheckError
        WScript.Echo "VendorSet does not exit."

    Else
        WScript.Echo "Existing VendorSet found..."
        VendorSets.Remove( "{80ad2d9c-725e-4fcd-a1d4-32c8042c774f}" )

            If Err.Number <> 0 Then
                CheckError
                WScript.Echo "Cannot remove VendorSet"
            Else
                WScript.Echo "VendorSet removed..."
            End If
    End If

    VendorSets.Save false, true
    WScript.Echo "Done..."

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If

End Sub

RemoveKAFromProtocol

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about RFC 793, visit the following Internet Society Web site:

Modification Type:MinorLast Reviewed:8/23/2006
Keywords:kbQFE kbprb KB919355 kbAudITPRO