Error Code 64 Host not available - Problem solved (Full Version)

All Forums >> [ISA Server 2004 Cache] >> General



Message


pegeberg -> Error Code 64 Host not available - Problem solved (21.Sep.2004 11:06:00 PM)

Hello,

On certain web pages (and not many) I am getting an error page from ISA 2004 server that reads like this.

Network Access Message: The page can not be displayed.
Explanation: The request timed out before the page could be retrieved.

Technical information.

Error Code 64: Host not available
Background: The gateway or proxy server lost connection to the Web Servr:
Source: Remote server.

Running the live log monitor on the clients accessing this site: The "GET" command returns a connection failed.

When first browsing to the page www.dakotadirectory.com it works fine. The initial connection is great. When clicking further into the page to do a search for a business "name" like santema or "heading" like insurance I get the above proxy default error page. I can not replicate this error on my home machine or on a dsl connection we have at work that is not behind the ISA server. After getting the message a refresh will bring up most of the page with out all the link images and the refreshing causes the logging to create additional "connections failed" with the "GET" command. It does not matter if it SNAT or Firewall Client.

I have searched groups.google.com, this board and microsoft board and can not find a similiar problem.

The firewall rule that I have going from internal --> external is basically an any any rule. This is a tri-homed machine.

[ October 10, 2004, 11:45 PM: Message edited by: oscararter ]




pegeberg -> RE: Error Code 64 Host not available - Problem solved (22.Sep.2004 9:49:00 PM)

I also turned off caching to fix to see if it would fix this problem and it did not. I turn on caching with 512 meg of space for appproximately at the peak internet traffic two hundred users. Would the HTTP filter have anything to do this. I just have the defaults configured.




pegeberg -> RE: Error Code 64 Host not available - Problem solved (23.Sep.2004 6:31:00 PM)

I sure could use some help on this one. To add to this, when we you do a query and put a question mark at the end of the name that I listed above "santama" to do the query it works fine. So I think it is a cache issue. In addition a ctrl-F5 will do the same trick. I went through the steps in "How to prevent the caching of content from certain Web sites in Internet Security and Acceleration Server 2004." MKBA 837832 and that did not help.

This is what the URL looks like when it is refreshed after doing the query for names like brookings. [URL=http://www.informationpages.com/search/ypserver.dll?bk=435&pg=75&s=1&gp=&f=&t=01B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000&go=bro oking]http://www.informationpages.com/search/ypserver.dll?bk=435&pg=75&s=1&gp=&f=&t=01B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000&go=br ooking[/URL] s#0

Another thing I noticed is that when you query another name after doing the query it holds part of the last query in the URL string and in this case it will no longer let you refresh. The URL below is going from brookings query to midwest query at the site.

[URL=http://www.informationpages.com/search/ypserver.dll?bk=435&pg=76&s=1&gp=brookings&f=&t=01C0000000000000000000000000000000000000000000000000000000000000000000000000000000000000 00&go]http://www.informationpages.com/search/ypserver.dll?bk=435&pg=76&s=1&gp=brookings&f=&t=01C000000000000000000000000000000000000000000000000000000000000000000000000000000000000 000&go[/URL] =midwest.

I do have a rule set up per the MSKB for both dakotadirectory.com and informationpages.com so they should not be going into cache. Cache rule looks like this: The rule applies to to content requested from these network entities. *.dakotadirectory.com and *.informationpages.com Retrieve from Cache: Only if valid version of the object exists in cache. If no valid version exist, route the request. Store in cache. Never, not content will ever be cached. HTTP tab: enabled checked 20, 15, and 1 (defaults). FTP: enabled, 1 days (defaults). Advanced Tab: Cache SSL responses.

Cache Settings: Active Caching is not enabled. Advanced Tab:

Both "cache objects that have an unspecified last modification time" and "cache objects even if they do not have an HTTP status code of 200" are both enabled. Maximum size of URL cache is 12800. Do not return the expired object (return and error page) is unchecked by default. Return the expired obect if experaton was: At less than this percentage of orginal time to live 50, But nomore than (50), But no more than (60), Percentage of free memory to use for caching(10).

[ September 24, 2004, 05:20 PM: Message edited by: oscararter ]




tshinder -> RE: Error Code 64 Host not available - Problem solved (24.Sep.2004 5:34:00 PM)

Hi Oscar,

Sheesh! What a horribly design site! I'd definitely get with the Web master and teach him about secure site design and that there are things like 'firewalls' that are app aware that don't appears their exploit-oid URLs.

Anyhow, it looks like you'll need to reconfigure the HTTP security filter to support that site.

HTH,
Tom




pegeberg -> RE: Error Code 64 Host not available - Problem solved (24.Sep.2004 6:31:00 PM)

Thanks Tom,

This thing has been driving me nuts. The only thing I don't how to do is change the default settings for the http filter into something that will allow this site to be viewed or even if I should. If you could shoot me in the right direction it would be greatly appreciated.

Philip




pegeberg -> RE: Error Code 64 Host not available - Problem solved (10.Oct.2004 11:28:00 PM)

The problem is cured.

I want to thank Martin Solis at Microsoft for resolving this issue for me. Martin spent a great deal of time on my box running netmon and examining packets plus taught me a lot about troubleshooting at the packet level in the process of resolving the issue.

The problem I was having as stated above was viewing some websites with long search queries in the URL. A message appears after submiting the query with an error page containing the information below.

Network Access Message: The page can not be displayed.
Explanation: The request timed out before the page could be retrieved.

Technical information.

Error Code 64: Host not available
Background: The gateway or proxy server lost connection to the Web Servr:
Source: Remote server.

The particular URL query that caused me all the problems looked something like this.

[URL=http://www.informationpages.com/search/ypserver.dll?bk=435&pg=75&s=1&gp=&f=&t=01B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000&go=br[ /URL]]http://www.informationpages.com/search/ypserver.dll?bk=435&pg=75&s=1&gp=&f=&t=01B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000&go=br [/URL] ooking[/URL] s#0

The problem as discovered by Martin is by default ISA 2004 enables the registry key EnablePMTUDiscovery. It is set to zero on ISA2004 by default to harden the tcp/ip stack.

This is done by default to harden the TCPIP stack from KB324270.

http://support.microsoft.com/default.aspx?scid=kb;en-us;324270

To get rid of the error go to the registry and change the following key.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Tcpip\Parameters And set EnablePMTUDiscovery to 1 then reboot the machine.

This fix does weaken the strength of the TCPIP stack so unless you need this for a business application the KB article mentioned above recommends leaving it alone. This is not a problem with the ISA server but the configuration on the recieving server. Again I can not take any credit for this fix and do appreciate the exceptional support offered by Martin at Microsoft and Tom to get this resolved. This is one headache I would have never solved on my own.

OscarArter

[ October 10, 2004, 11:53 PM: Message edited by: oscararter ]




tshinder -> RE: Error Code 64 Host not available - Problem solved (12.Oct.2004 12:19:00 PM)

Hi Oscar,

Great! So it was the dreaded DSL MTU problem.

Good to hear you got it working and thanks for the follow up!

Tom




Page: [1]