Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Troubleshoot connection problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Troubleshoot connection problem - 28.Sep.2005 11:45:00 PM
|
|
|
asdavey
Posts: 5
Joined: 29.May2003
Status: offline
|
Brief Problem Description
Client machine cannot browse (or telnet) on port 80 to external hosts (sometimes), when behind ISA firewall.
Question
I'm kindof stumped on this one and would like some tips on how to get to the bottom of this.
Problem description in full
I have an ISA 2004 installation running as an Edge Firewall. The setup has been around now for about 12 months and everything was pretty rosy. All clients connect to ISA via SecureNAT.
Except for my machine (Win XP SP2). For some reason I cannot establish connections on port 80, but only some of the time. What usually happens is I'll get to work, start up my browser (I leave my machine on mostly) and everything is fine until all of a sudden Firefox reports timeouts when browsing. No one else in the office (there are another 10 clients hooked up to ISA via SecureNAT) will be experiencing any problems. So I try and telnet to google on port 80 and no connection is established. If I telnet on port 443 there is no problem.
This problem first appeared about 4 months ago, and I thought that an LSP or something with Winsock was to blame. So I reformatted the machine and everything was fine for about a week and then the problem appeared again. I played with some settings (resetting the winsock etc) and everything was ok again.
Until this last week.
So I executed 'netsh winsock reset' and this fixed the problem for about an hour. I've run Adaware and MS Antispyware tool and nothing was found. I've uninstalled Google Desktop Search in case its LSP hook was stuffing things up. I've enabled and disabled NETBIOS of TCP, sometimes this would fix the problem for a time and sometimes it wouldn't. In essence I've tried a lot of things and sometimes they fix the problem for a time and sometimes they don't.
So yesterday I thought maybe my integrated NIC was the problem. So I installed a new network card and disabled the old one. Everything seemed pretty good until I rebooted this morning.
I then wondered if ISA was my problem. So I set my PC to use a backup Internet connection through my new NIC and everything was OK. I then reconnected to ISA and I couldn't browse.
So I downloaded Ethereal and installed it on my machine and on ISA. Sure enough port 80 packets where going from my new NIC to the LAN NIC on ISA. All my theories of the packets not leaving my machine were proven to be false.
I then looked at the monitoring on ISA and set the filter to limit to my machine. What is strange is ISA only shows my requests with an action of 'Closed Connection'. There is no 'Initiated Connection' or what I was expecting 'Denied Connection'.
Questions
- Any tips on how to see if ISA is blocking/dropping/not receiving my packets? I thought I read in the manual that ISA will not show packets in the monitoring window if ISA thinks they are being spoofed etc.
- Has anyone else seen a similar problem to this and found a fix?
|
|
|
|
|
RE: Troubleshoot connection problem - 29.Sep.2005 6:17:00 PM
|
|
|
asdavey
Posts: 5
Joined: 29.May2003
Status: offline
|
Well yesterday I thought I fixed the problem.
I noticed an Alert saying that my IP had exceeded its connection limit. So I disabled the "Limit the number of connections" option and low and behold I was able to browse. I then enabled the option and as expected I was unable to browse.
I then read some posts by other people about Connection Limits, and so I decided to include the 'Result Code' field in my monitoring. For all of unsuccessful browse attempts, the result code was 0x80074E23. So as far as I'm concerned this has confirmed why I am unable to browse.
But then this morning once again I was unable to browse, much to my surprise and dismay. So I looked at the Alerts and sure enough it said that I had exceeded my connection limit. So I checked the settings and the 'Limit the number of connections' option was still unchecked.
Questions
- If I've unchecked the 'Limit number of connections' why are my connections still being closed? and
- I've been monitoring the traffic between my machine and ISA and there is certainly not 1000 connections per second being attempted - so why am I tripping the threshold in the first place? and
- Why are only my port 80 requests being blocked? If I am indeed exceeding a connection limit threshold, shouldn't all traffic from my workstation through ISA be blocked?
Thanks in advance for any help, I really appreciate it.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
