0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (Full Version)

All Forums >> [ISA 2006 General] >> General


campingman777 -> 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 7:44:56 AM)

Hello all.

We have been struggling with this issue for a few years now. We had previously opened two separate support tickets with Microsoft to no avail.

We cannot get most external people that use Internet Explorer of any version to be able to access our web site using TCP port 80.

Firefox works flawlessly.

SSL works on either Firefox or Internet Explorer.

We have six additional ports published for our library card catalog, and they work too. They are 8081-8086 ( http://www.petoskeyschools.org:8086 )

Our address is http://www.petoskeyschools.org

We have tried ISA 2004, ISA 2006, and Forefront on server 2008. We previously had our web site on IIS 5 with windows 2000 server, but we now host it on IIS 7 with Windows Server 2008 x64. I have also tried binding IIS to port 85 as well as 80 and telling ISA to forward to port 85. Same problem.

We are one step away from abandoning ISA forever.

Please, is there any way to fix this?

Thanks in advance.


Here is the log text:
Closed Connection FIREWALL2 8/25/2009 6:03:20 AM

Log type: Firewall service
Status: A connection was abortively closed after one of the peers sent an RST packet. 
Source: External (
Destination: Local Host (
Protocol: HTTP

Additional information:

Number of bytes sent: 128 Number of bytes received: 48
Processing time: 0ms Original Client IP:

SteveMoffat -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 7:53:49 AM)

Nothing wrong with it today....IE 8 Widows 7.

campingman777 -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 7:56:36 AM)

Yeah, some can get in. Most can't. Our stakeholders are angry and the state government is complaining as well.

Weird, huh?


SteveMoffat -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 7:58:28 AM)


campingman777 -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 8:38:18 AM)

I have tested Apache, and I have the same issue.

campingman777 -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 11:12:28 AM)

I think this might shed a little light on the current issue:


SteveMoffat -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 11:31:50 AM)

Yep, as I said. Not an ISA error.

campingman777 -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (25.Aug.2009 11:42:19 AM)

I also discovered this: http://support.microsoft.com/kb/934301

There is no 'resolution' section.



campingman777 -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (31.Aug.2009 7:44:53 AM)


This issue was resolved by modifying the IDS on our Cisco 3640 router. This was the culprit:

WWW Host: field overflow
Triggers if web traffic is detected sending an abnormally large GET request with a large host field.

In summary:

1.) The problem only effected Internet Explorer, all other browsers worked fine.
2.) The problem only existed if ISA was between IIS and IE.
3.) Changing the 'ip audit attack action alarm drop reset' to 'ip audit attack action alarm' solved the issue because IDS is no longer dropping packets. This opens a new can of worms that hopefully an upgrade to IOS 2.4(24)T will solve.

tshinder -> RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN (31.Aug.2009 8:25:43 AM)

As noted by Steve and others -- it was never an ISA firewall issues. I think once people get it into their heads that 98.6% of the time it's not an ISA firewall issue, they can more quickly get to the root cause.

Good to hear you got it working and thanks for the follow up!


Page: [1]