Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED (Full Version)

All Forums >> [ISA 2006 General] >> Installation and Planning

Message

author22 -> Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED (17.Jun.2008 9:33:05 AM)
Hi! As far as I can understand this error means that a TCP session was closed (from ISA's point of view) before the reply was received. So the reply is not treated as a reply but as a separate connection attempt. I have a strange case of this error. I have two ISA EE arrays which are Front-End and Back-End. CSS is located in the internal network. So all the communications between CSS and Front-End array members go through the Back-End firewall. My DMZ uses private IPs so I use route relationship between Internal network and DMZ and NAT relationship between DMZ and External network. Everything worked fine until this week. Sorry I can't get which of the last changes has broken it. But now the communication between my Internal network and Front-End array members doesn't work. I can ping the Front-Ens from Internal network and vice versa. I can also see that my management PCs try to connet to the Front-Ends using RPC and 'MS Firewall Control' protocols. But I still cannot manage my Front-End servers in ISA MMC. On 'Servers' node of the MMC my Front-Ends are displayed with red Error sign and I constantly get a message in the upper part of the MMC sayint that it is 'Unable to retrieve data from' the Fotnt-ends. I think that the problem is that Front-Ends cannot properly reply to the connection attempts from my Managemnt PCs. I see these reply attempts as regular connection attempts from the Front-Ends to the management PCs. And these attempts fail with status 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED.

tshinder -> RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED (26.Jun.2008 12:24:09 PM)
Are there rules in place to support the connection? Check your System Policy to make sure. HTH, Tom

author22 -> RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED (8.Jul.2008 6:37:01 AM)
Sorry Tom, sorry all the forum visitors. I straggled this problem for about a month. And today during SP1 application I found I was using the wrong credentials for my front-end servers. So this was the cause why they were unavailable in ISA MMC. I do still see some rare "0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED" events but that's not a big problem any more.

tshinder -> RE: Once again on 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED (11.Jul.2008 11:44:22 AM)
Ah, OK! Good to hear you got things working and thanks for the follow up! Tom

Page: [1]