Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web chaining really slow

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Web chaining really slow Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web chaining really slow - 20.Aug.2004 4:24:00 PM   
xdu

 

Posts: 6
Joined: 20.Aug.2004
Status: offline 		Hi all,

I'm using ISA 2004 on my LAN, web-chained to my proxy/firewall. I'm also using one firewall rule filtering users based on Active Directory group.

This configuration works, but is WAY slower than a direct connection to my FW/proxy. ISA log shows that after authentication, it waits about 30 seconds for the other proxy's answer, and that is for each request it makes.

Before I fire Ethereal to make packet capture, has anyone got a clue on what may be going on ?

Thanks in advance

Xavier
Post #: 1
RE: Web chaining really slow - 22.Aug.2004 3:18:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Xavier,

When using two ISA firewalls in a Web chaining configuration, you must make sure that the downstream ISA firewall can resolve the name of the destination FQDN. Is the downstream ISA firewall cannot do this, then disable name resolution on the downstream ISA firewall. There are some instructions on how to do this on the MS.com "coders corner" ISA firewall site.

HTH,
Tom

(in reply to xdu)
Post #: 2
RE: Web chaining really slow - 23.Aug.2004 9:06:00 AM   
xdu

 

Posts: 6
Joined: 20.Aug.2004
Status: offline 		Thanks a lot ! That was it, indeed : DNS resolution. Microsoft has a knowledge base article about this issue (Q292018), but it concerns only ISA 2000.

I'm still looking for the way to tell a downstream 2004 server not to use DNS resolution. I'm quite sure it's a feature included in ISA 2004, as it was a fix for 2000.

If anyone knows...

Thanks again anyway.

(in reply to xdu)
Post #: 3
RE: Web chaining really slow - 23.Aug.2004 9:37:00 AM   
xdu

 

Posts: 6
Joined: 20.Aug.2004
Status: offline 		I've got it, at last ! The script to disable DNS on downstream ISA server is here : http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/disablenameresolution.mspx

It applies to ISA 2004. Strange enough, it's not just a registry key that controls this behaviour, you have to script it.

Thank you Tom for your fast and precise answer.

(in reply to xdu)
Post #: 4
RE: Web chaining really slow - 24.Aug.2004 2:41:00 AM   
tshinder

 

Posts: 47439
Joined: 10.Jan.2001
From: Texas
Status: online 		Hi Xdu,

Great! Good to hear you got it working and thanks for the follow up!

Tom

(in reply to xdu)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Cache] >> Web Proxy client >> Web chaining really slow Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts