• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

RST Segment Error

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> RST Segment Error Page: [1]
Login
Message << Older Topic   Newer Topic >>
RST Segment Error - 28.Dec.2009 12:47:03 PM   
dmtinklenb

 

Posts: 3
Joined: 28.Dec.2009
Status: offline
We are using ISA2004 SP3 as a web proxy server to the Internet.  I have several users who for no apparent reason suddenly get prompted by the ISA server to authenticate when connecting to the Internet but their credentials won't work.  In the ISA logs I can see the Allowed entries and then there will be one entry with this error:

A connection was abortively closed after one of the peers sent a RST segment

After that entry all the log entries will be denied or closed connection and the user will not be able to get to the Internet until there is intervention from our IT department.  We have tried new profiles for these users, removed their computer from the domain and added it back in and then they will be able to connect to the Internet for a while, but then for no apparent reason they will get prompted again and I will see the same error in the ISA logs.

Can anyone shed some light on what may be happening here?

Thanks.
Post #: 1
RE: RST Segment Error - 28.Dec.2009 3:56:39 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Well, you're not alone on this one..... It could be caused by a few things depending on how you have configured authentication. If you're "requiring authentication on the proxy web listener" itself; then this could be the issue. If you are, then disable that option and force authentication through your FW access rules. It could also be IE and its inability to be consistent with sending Kerberos authentication through to ISA. The quick fix on this one is to uncheck the option of “use integrated authentication” in IE advance settings. This will force the use of NTLM over Kerberos.

HTH

RB

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to dmtinklenb)
Post #: 2
RE: RST Segment Error - 28.Dec.2009 3:59:56 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
I would also assume that your ISA is a member server of the Domain and the Time is correct on the server?

_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to Rotorblade)
Post #: 3
RE: RST Segment Error - 28.Dec.2009 4:04:37 PM   
dmtinklenb

 

Posts: 3
Joined: 28.Dec.2009
Status: offline
Yes, it is a member of the domain and the time is correct.

(in reply to Rotorblade)
Post #: 4
RE: RST Segment Error - 28.Dec.2009 4:17:44 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Good. I probably see this issue come up in 1 of every 10 of my clients and the only way I have found around it so far is to force NTLM.  This problem started back when MS patched IE 6 and defaulted too in IE 7 to use Kerberos. It’s been a thorn in the butt ever since. There are a few KB’s published on the issue but it seems MS has not yet found a fix for the problem in IE 8.

RB


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to dmtinklenb)
Post #: 5
RE: RST Segment Error - 28.Dec.2009 4:22:20 PM   
dmtinklenb

 

Posts: 3
Joined: 28.Dec.2009
Status: offline
Thanks for the info.  After hearing your first reply I was leaning toward the IE authentication too since the Require Authentication is unchecked on the web proxy filter and the users are authenticating to the FW access rules.    I will try changing the IE authentication settings with one of our users to see if that resolves the issue. 

Thanks again.

(in reply to Rotorblade)
Post #: 6

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> RST Segment Error Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts