Welcome to ISAserver.org

Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> Installation and Planning >> Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

Page: [1]

Message

<< Older Topic Newer Topic >>

Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED - 17.Jun.2008 9:33:05 AM

author22

Posts: 12
Joined: 20.May2006
Status: offline

Hi! As far as I can understand this error means that a TCP session was closed (from ISA's point of view) before the reply was received. So the reply is not treated as a reply but as a separate connection attempt.

I have a strange case of this error. I have two ISA EE arrays which are Front-End and Back-End. CSS is located in the internal network. So all the communications between CSS and Front-End array members go through the Back-End firewall. My DMZ uses private IPs so I use route relationship between Internal network and DMZ and NAT relationship between DMZ and External network. Everything worked fine until this week.

Sorry I can't get which of the last changes has broken it. But now the communication between my Internal network and Front-End array members doesn't work. I can ping the Front-Ens from Internal network and vice versa. I can also see that my management PCs try to connet to the Front-Ends using RPC and 'MS Firewall Control' protocols. But I still cannot manage my Front-End servers in ISA MMC. On 'Servers' node of the MMC my Front-Ends are displayed with red Error sign and I constantly get a message in the upper part of the MMC sayint that it is 'Unable to retrieve data from' the Fotnt-ends.

I think that the problem is that Front-Ends cannot properly reply to the connection attempts from my Managemnt PCs. I see these reply attempts as regular connection attempts from the Front-Ends to the management PCs. And these attempts fail with status 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED.

Post #: 1

Featured Links*

RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_D... - 26.Jun.2008 12:24:09 PM

tshinder

Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline

Are there rules in place to support the connection? Check your System Policy to make sure.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to author22)

Post #: 2

RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_D... - 8.Jul.2008 6:37:01 AM

author22

Posts: 12
Joined: 20.May2006
Status: offline

Sorry Tom, sorry all the forum visitors. I straggled this problem for about a month. And today during SP1 application I found I was using the wrong credentials for my front-end servers.

So this was the cause why they were unavailable in ISA MMC. I do still see some rare "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED" events but that's not a big problem any more.

(in reply to tshinder)

Post #: 3

RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_D... - 11.Jul.2008 11:44:22 AM

tshinder

Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline

Ah, OK!

Good to hear you got things working and thanks for the follow up!

Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to author22)

Post #: 4