• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Unidentified IP Traffic - Denied Connection, NON-SYN Packets

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> Unidentified IP Traffic - Denied Connection, NON-SYN Packets Page: [1]
Login
Message << Older Topic   Newer Topic >>
Unidentified IP Traffic - Denied Connection, NON-SYN Pa... - 19.Feb.2008 8:12:42 PM   
acarra

 

Posts: 6
Joined: 11.Feb.2008
Status: offline
Configuration:

Have been running ISA2000 for 3 years now without issue, just replaced the server with ISA2004.

ISA Server 2004 with SP3 on Win2k3 server with SP2
ISA Server Best Practice Analyzer returns no errors
Edge Network configuration, WAN card repsonds to 28 public IP addresses.
Each public IP address is publishing a website, or being a SMTP mail server.
Also have an internal Exchange server on one of the IP addresses publishing OWA, and OMA.

Netgear GA302T Gigabit card on Local LAN interface
Intel Pro100 NIC on the WAN Interface

The Issue:

The ISA server is basically working.  Outbound access to the Internet is ok and Inbound public access to the websites works, except some customers are reporting bad web sessions to our web servers. Outbound web access works, but sometimes you get the brown proxy error page appear, hit refresh in IE and it goes to the page. (If was just on support.microsoft.com, got the proxy error, a refresh displayed the page).

The ISA log is reporting many errors, with an error appearing every 2 seconds on average.

Most errors are 'Denied Connection', Protocol: 'Unidentified IP Traffic'.
I am also seeing many 'A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer' errors again from public IP's to the External Interface.


The errors are all between the External Interface and the Internet.
They seem to occur for all traffic type, whether its HTTP outbound web traffic, or SSL OMA traffic.

It seems that the ISA server has decided in the middle of a session with an external Internet computer that some packets of the session are no longer valid (it seems as if its forgoten the session).

Should you expect this rate and type of errors appearing in the ISA log ?

Before submitting this issue, I did some searching and found Microsofts Support Article KB 936594, and some articles in the Microsoft Partners ISA server Managed Newsgroups.

These articles poiunted to issues with Receive Side Scaling and TCP/IP Offloading issues causing failures as I have noticed.

I have installed hotfix KB936594.
I have change the registry settings, disabling Receive Side Scaling, EnableTCPA and EnableRSS.

All NIC device drivers are running their latest version.
The Max MTU for both NICs are 1500 bytes.

Thanks, Andrew










Post #: 1
RE: Unidentified IP Traffic - Denied Connection, NON-SY... - 19.Feb.2008 8:40:05 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Andrew,

Although the NIC drivers are latest version you most likely need to uninstall them and reinstall. Applying the RSS work around does not usually fix it until doing so.

HTH

RB  



_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to acarra)
Post #: 2
RE: Unidentified IP Traffic - Denied Connection, NON-SY... - 20.Feb.2008 6:45:07 PM   
acarra

 

Posts: 6
Joined: 11.Feb.2008
Status: offline
RB,
In your experience does the RSS issue cause the issues I have identitied?

Thanks, Andrew

< Message edited by acarra -- 20.Feb.2008 9:33:56 PM >

(in reply to Rotorblade)
Post #: 3
RE: Unidentified IP Traffic - Denied Connection, NON-SY... - 21.Feb.2008 7:07:08 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Yes, Iíve seen similar issues that intermittently occur like in your issue. Connections issues with OWA, SSL sites and VPN issues just to name a few. A good packet trace may help lead you to the problem. TCP resets will occur and that sounds like what is happening.  It could be related to other issues with your setup but because it is only occurring intermittently leads me to believe itís related to RSS. Even though you did all the workarounds, uninstalling and reinstalling the NIC drivers is sometimes necessary to get things working.

HTH

RB   

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to acarra)
Post #: 4
RE: Unidentified IP Traffic - Denied Connection, NON-SY... - 6.Mar.2008 4:17:05 PM   
randy_ray

 

Posts: 59
Joined: 7.Sep.2002
From: Houston, TX
Status: offline
I'm having this same problem but my ISA2k4 sp3 server does NOT have W2k3 Ser Ent sp2, it is only sp1.  The system does not have RSS, TCPA in registry and the HP adapters do not have Receive Side Scaling options.
On a second server I have ISA2k4 sp3 and W2k3 Ser Ent with sp2 and have the RSS, TCPA in disabled in registry; but just like my production server, the HP NC7170 Dual Gigabit and HP NC7781 Gigabit adapters do not have Receive Side Scaling as an option. So the "fix" I keep finding is not the solution.

(in reply to Rotorblade)
Post #: 5
RE: Unidentified IP Traffic - Denied Connection, NON-SY... - 6.Mar.2008 9:49:23 PM   
acarra

 

Posts: 6
Joined: 11.Feb.2008
Status: offline
I am still having exactly the issue you noted.
I had a Netgear NIC on the LAN and an Intel On-Motherboard Server 100BaseT NIC for the WAN.

Removed the NetGear NIC, and used the two onboard Intel Server 100BaseT NIC on the Motherboard.  Removed the drivers, install new drivers.

Ensured RSS and TCPA was disabled.

Still the same issues.

I was planning on swapping the NIC's to an HPNC7170 Dula NIC card.
I'll still try this...

Anyone got any further ideas.


(in reply to randy_ray)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> Unidentified IP Traffic - Denied Connection, NON-SYN Packets Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts