Have been running ISA2000 for 3 years now without issue, just replaced the server with ISA2004.
ISA Server 2004 with SP3 on Win2k3 server with SP2 ISA Server Best Practice Analyzer returns no errors Edge Network configuration, WAN card repsonds to 28 public IP addresses. Each public IP address is publishing a website, or being a SMTP mail server. Also have an internal Exchange server on one of the IP addresses publishing OWA, and OMA.
Netgear GA302T Gigabit card on Local LAN interface Intel Pro100 NIC on the WAN Interface
The ISA server is basically working. Outbound access to the Internet is ok and Inbound public access to the websites works, except some customers are reporting bad web sessions to our web servers. Outbound web access works, but sometimes you get the brown proxy error page appear, hit refresh in IE and it goes to the page. (If was just on support.microsoft.com, got the proxy error, a refresh displayed the page).
The ISA log is reporting many errors, with an error appearing every 2 seconds on average.
Most errors are 'Denied Connection', Protocol: 'Unidentified IP Traffic'. I am also seeing many 'A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer' errors again from public IP's to the External Interface.
The errors are all between the External Interface and the Internet. They seem to occur for all traffic type, whether its HTTP outbound web traffic, or SSL OMA traffic.
It seems that the ISA server has decided in the middle of a session with an external Internet computer that some packets of the session are no longer valid (it seems as if its forgoten the session).
Should you expect this rate and type of errors appearing in the ISA log ?
Before submitting this issue, I did some searching and found Microsofts Support Article KB 936594, and some articles in the Microsoft Partners ISA server Managed Newsgroups.
These articles poiunted to issues with Receive Side Scaling and TCP/IP Offloading issues causing failures as I have noticed.
I have installed hotfix KB936594. I have change the registry settings, disabling Receive Side Scaling, EnableTCPA and EnableRSS.
All NIC device drivers are running their latest version. The Max MTU for both NICs are 1500 bytes.
Yes, Iíve seen similar issues that intermittently occur like in your issue. Connections issues with OWA, SSL sites and VPN issues just to name a few. A good packet trace may help lead you to the problem. TCP resets will occur and that sounds like what is happening. It could be related to other issues with your setup but because it is only occurring intermittently leads me to believe itís related to RSS. Even though you did all the workarounds, uninstalling and reinstalling the NIC drivers is sometimes necessary to get things working.
David Melvin Ohio MCSE: Security 2003, MCSA:Security 2003
I'm having this same problem but my ISA2k4 sp3 server does NOT have W2k3 Ser Ent sp2, it is only sp1. The system does not have RSS, TCPA in registry and the HP adapters do not have Receive Side Scaling options. On a second server I have ISA2k4 sp3 and W2k3 Ser Ent with sp2 and have the RSS, TCPA in disabled in registry; but just like my production server, the HP NC7170 Dual Gigabit and HP NC7781 Gigabit adapters do not have Receive Side Scaling as an option. So the "fix" I keep finding is not the solution.