• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Denied connections - TCP NOT SYNCED

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Denied connections - TCP NOT SYNCED Page: [1]
Login
Message << Older Topic   Newer Topic >>
Denied connections - TCP NOT SYNCED - 15.Oct.2008 3:45:04 AM   
ranz

 

Posts: 1
Joined: 15.Oct.2008
Status: offline
Hi,

I have searched for information regarding this problem on google which lead me to these great forums but unfortunately my question is a bit different, or more defined than the other issues raised by this error messages on ISA 2006 logging console.

I'm not gonna elaborate too much on my application but I'll just say that I have a server running ISA 2006 which is kind of a proxy server with some extra skills.

How I see the problem:
1. I go to ISA server management => Monitoring => Logging
2. In the rules I add - action / equels / denied connection.
3. I look for denied connection which were not denied by any of my rules and add the result code column.

Now, the only results that I get are with this error:
0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED

The official explanation for this error from the MS site is:
A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the ISA Server computer.


Now my question is fairly simple... I've read explanations about this being because the session with the remote client has already ended and that's why there is no established connection, but how and why could this be?
Could there be another reason for such dropped packets? I am afraid that these dropped packets actually interfere with the application but we are just not aware of it.
The weird thing is that my server's ip could be either the destination or the client ip of that "line" in the log...

I took a few of the Destination IPs and tried to browse to them, it seems that most of them are landing sites for Apache or other HTTP servers (Like - first configuration html pages), could this mean that all these denied requests are actually 404 for sites that the server could not find? don't forget that this server is kind of proxy which retrieves sites.

I'd love to hear if anyone has any interesting information regarding this issue or any idea as to what I should investigate further.

Thanks in advance.
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Logging and Reporting >> Denied connections - TCP NOT SYNCED Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts