I'm in the process of implementing ISA Enterprise 2004 running in parallel to our existing 2004 Std installation and am setting up our OWA rules which are functioning but the OWA response is extremely slow. Both installations are running on Windows 2003 Server on very capable new hardware with 2 teamed nics.
Upon watching the logs while trying to access the site I recieve a mix of success and failure messages.
The one I am suspecting to be at fault has the following text:
Action Failed Connection Attempt
Http Status Code: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.
Like I mentioned, the site works correctly, although is quite slow. Our other ISA Standard site is configured the same and works quite quickly. Caching is disabled on both. The only two rules in place on the ISA are a HTTP rule to direct the user first to a non-SSL disclaimer page then a HTTPS rule for the actual OWA forms based login.
Does anyone know what causes this ISAPI filter message or how else to troubleshoot why it is slowing things down? Any help would be much appreciated.
Thanks for the reply. I googled for a bit before posting, found somebody else with a big brother type Add-in that was causing the problem so I checked mine but as its a fresh install I don't have any addins.
What is CRL checking? It might be a direction to head at least.
If I don't get anywhere further I'll probably end up doing an install on a dev machine to see if these errors are repeatable with the same setup procedures.
You can speed things up quite a bit by publishing your CRL. I create a Web Publishing Rule that publishes just the path to the file, including the file name.
Ok, I've found out that my functional/fast std ISA setup is also getting this same error with no adverse effects, and have narrowed down the speed issue to a set of test computers and not to others so I think I'm having a network issue with the test clients rather than an actual ISA issue. The error message must be a red herring. Thanks for your help though.
Your Certificate Authority generates this list automatically and it contains all of the certiicates that have been revoked by the CA. This list is accessible via LDAP or HTTP. You can look in the certificate details and on the Details tab, there is a CDP attribute - Certificate Distribution Point - that specifies the LDAP or HTTP path where the CRL is located.
< Message edited by ClintD -- 20.Jan.2006 8:37:38 PM >
I have the same issue on the SBS server. When I try OWA I'm getting "12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. " I published OWA many times on standard or enterprise isa servers but this is the first time I dont know whats the problem.
The only times i see "An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator." is when i have a filter like websense loaded...
do you have any 3rd party filters running?
if so, in the case of websense you can tell the policy server which addresses to ignore - i'm sure other filter products will allow the same.