Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Web Proxy error accessing certian sites.
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Web Proxy error accessing certian sites. - 8.Apr.2008 8:30:04 AM
|
|
|
gazzer82
Posts: 4
Joined: 8.Apr.2008
Status: offline
|
Hello All,
Long time lurker who for once can't find the solution from someone elses post :)
I am recieveing the following message when accessing certain sites through the web proxy,
A connection request was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake
It isn't allocated to a particular rule, that section is blank, the requested page then comes up with an
Error Code 64:Host not available
Backround: The Gateway or proxy server lost connection to the Web Server.
This problem only occurs when going through the web proxy, if i remove the proxy settings from IE and use secure NAT then the page loads correctly.
This is a Dual NIC SBS 2003 Premium setup, running ISA 2004. We have a split DNS to internally resolve our domain name to the IIS server, which seems to work fine for everything else, so i am not sure thats where the problem is.
The error occurs on the same pages, and can be reproduced easily.
Anyone got any ideas?
Cheers
Gareth
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 1:45:52 PM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
Hi,
The information you have shared is not much to go on but it sounds like a RST is being done on the connection. My first thoughts are that this is a known RSS issue with Windows Server 2003 service pack 2 and ISA?
Please have a look.
http://support.microsoft.com/kb/936594
http://support.microsoft.com/default.aspx?scid=kb;EN-US;927695
HTH
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 3:06:36 PM
|
|
|
gazzer82
Posts: 4
Joined: 8.Apr.2008
Status: offline
|
Thanks for your reply,
Sorry i haven't posted much inofmation, i am not really sure what would be relevant so please let me know what additional information you would like and i will certainly provide it!!
I have previouslu run the ISA Best Practice Analyser so the problem you linked to was pointed out by that, so i have already gone through the steps in that knowledgebase.
Cheers
Gareth
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 3:30:01 PM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
So did you completely uninstall and then reinstall the NIC drivers? Simply updating doesn’t get it! You should follow the steps in order as mentioned in the KB 936954
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 3:36:58 PM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
Would you mind sharing your Interface settings? Please mask for security reasons.
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 3:57:08 PM
|
|
|
gazzer82
Posts: 4
Joined: 8.Apr.2008
Status: offline
|
I haven't gone through the process or removing and re-installing the network drivers recently, but i had major problems when we first set up the server with the network interfaces loosing there static ip addresses, so i have followed that knowledge base to the letter a few months ago.
I would certainly share my network configuration.
They are both Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) interfaces on a dell poweredge server.
As i said it's a two NIC setup as follows.
Wan Interface,
Static IP: 192.168.1.250
Subnet Mask: 255.255.255.0
Default gateway: 192.168.1.254
DNS Server: 192.168.0.169
Wins Server: 192.168.0.169
Lan Interface,
Static IP: 192.168.0.169
Subnet Mask: 255.255.255.0
Default Gateway: (Blank)
DNS Server: 192.168.0.169
Wins Server: 192.168.0.169
The internet connection is provided by a ZyXel P-662HW-D1 ADSL Router in routing mode on the ip address 192.168.1.254, with port forwarding of the required ports for Web and Email server to the Wan Interface, 192.168.1.250
Dns on the server is setup to forward DNS requests to the ISP's DNS server.
Anything else you need to know??
Thanks in advance.
Gareth
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 8.Apr.2008 8:07:22 PM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
quote:
Anything else you need to know??
Yes, you need to correct your Interface settings. There should be no DNS settings on the External NIC and Winns/Netbios should be disabled on that NIC as well!
http://www.isaserver.org/tutorials/Configuring_ISA_Server_Interface_Settings.html
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 9.Apr.2008 5:35:27 AM
|
|
|
gazzer82
Posts: 4
Joined: 8.Apr.2008
Status: offline
|
Thanks Rotorblade, i have corrected the mistakes you pointed out, i have also run through all the settings in that tutorial and made sure all the settings match. Unfortunatly it hasn't fixed the problem.
I have taken a screenshot of my Ipconfig /all screen but it appears i am unable to upload it here.
I had followed some troubleshooting advice on another site, they reccomended moving the sbs internet access rule to the top in ISA to try and eliminate the problem. I have done this and the only effect it seems to have is to cause the message i was recieving before to be listed under that rule rather than no rule when it is logged.
So i am again at a bit of a dead end.
Cheers
Gareth
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 9.Apr.2008 9:02:25 AM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
Is there anything showing in the server's Event logs? Adapter related and such?
What about the DSL router? Is logging enabled on the router to help clue you in on the issue? Could be a MTU issue and the connection is dropping becuase of it. I would suggest bypassing the DSL router and go direct to ISA to see if the problem goes away.
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
|
RE: Web Proxy error accessing certian sites. - 9.Apr.2008 9:25:38 AM
|
|
|
Rotorblade
Posts: 861
Joined: 27.Feb.2007
Status: offline
|
Also...
You might try disabling the Compression Filter. You will find under Configuration, Add-ins, Web Filters tab.
Report back the results.
RB
_____________________________
David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
