Welcome to ISAserver.org

0x80074e21 FWX_E_ABORTIVE_SHUTDOWN

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> General >> 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN

Page: [1]

Message

<< Older Topic Newer Topic >>

0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 7:44:56 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

Hello all.

We have been struggling with this issue for a few years now. We had previously opened two separate support tickets with Microsoft to no avail.

We cannot get most external people that use Internet Explorer of any version to be able to access our web site using TCP port 80.

Firefox works flawlessly.

SSL works on either Firefox or Internet Explorer.

We have six additional ports published for our library card catalog, and they work too. They are 8081-8086 ( http://www.petoskeyschools.org:8086 )

Our address is http://www.petoskeyschools.org

We have tried ISA 2004, ISA 2006, and Forefront on server 2008. We previously had our web site on IIS 5 with windows 2000 server, but we now host it on IIS 7 with Windows Server 2008 x64. I have also tried binding IIS to port 85 as well as 80 and telling ISA to forward to port 85. Same problem.

We are one step away from abandoning ISA forever.

Please, is there any way to fix this?

Thanks in advance.

~Howard

Here is the log text:
___________________________________________________________
Closed Connection FIREWALL2 8/25/2009 6:03:20 AM

Log type: Firewall service
Status: A connection was abortively closed after one of the peers sent an RST packet.
Source: External (68.188.212.180:64517)
Destination: Local Host (66.129.40.177:80)
Protocol: HTTP

Additional information:

Number of bytes sent: 128 Number of bytes received: 48
Processing time: 0ms Original Client IP: 68.188.212.180

Post #: 1

Featured Links*

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 7:53:49 AM

SteveMoffat

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline

Nothing wrong with it today....IE 8 Widows 7.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to campingman777)

Post #: 2

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 7:56:36 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

Yeah, some can get in. Most can't. Our stakeholders are angry and the state government is complaining as well.

Weird, huh?

~Howard

(in reply to SteveMoffat)

Post #: 3

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 7:58:28 AM

SteveMoffat

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline

Not an ISA ISSUE.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to campingman777)

Post #: 4

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 8:38:18 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

I have tested Apache, and I have the same issue.

(in reply to SteveMoffat)

Post #: 5

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 11:12:28 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

I think this might shed a little light on the current issue:

http://stroppykitten.com/cms/index.php/rants-mainmenu-26/14-tech/index.php?option=com_content&view=article&id=2:internet-explorer-and-tcp-rst-a-reason-to-dislike&catid=1:tech&Itemid=2

(in reply to campingman777)

Post #: 6

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 11:31:50 AM

SteveMoffat

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline

Yep, as I said. Not an ISA error.

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to campingman777)

Post #: 7

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 25.Aug.2009 11:42:19 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

I also discovered this: http://support.microsoft.com/kb/934301

There is no 'resolution' section.

Dang.

~Howard

(in reply to SteveMoffat)

Post #: 8

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 31.Aug.2009 7:44:53 AM

campingman777

Posts: 6
Joined: 25.Aug.2009
Status: offline

SOLVED!

This issue was resolved by modifying the IDS on our Cisco 3640 router. This was the culprit:

5123
WWW Host: field overflow
Compound/Attack
Triggers if web traffic is detected sending an abnormally large GET request with a large host field.

In summary:

1.) The problem only effected Internet Explorer, all other browsers worked fine.
2.) The problem only existed if ISA was between IIS and IE.
3.) Changing the 'ip audit attack action alarm drop reset' to 'ip audit attack action alarm' solved the issue because IDS is no longer dropping packets. This opens a new can of worms that hopefully an upgrade to IOS 2.4(24)T will solve.

(in reply to campingman777)

Post #: 9

RE: 0x80074e21 FWX_E_ABORTIVE_SHUTDOWN - 31.Aug.2009 8:25:43 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

As noted by Steve and others -- it was never an ISA firewall issues. I think once people get it into their heads that 98.6% of the time it's not an ISA firewall issue, they can more quickly get to the root cause.

Good to hear you got it working and thanks for the follow up!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to campingman777)

Post #: 10