From: San Angelo, TX
I am having a strange problem. We are having an issue where usually once a day, http proxying just stops on our ISA 2004 server. Everything else works okay - server publishing, webmail publishing, other protocols - ftp, msn messenger, etc. You just can't get on the internet with a web proxy client. It doesn't time out or anything, you just immediately get a "Page cannot be displayed" message in your browser. Everything on the ISA server seems to be running. All ISA services are running and restarting the Firewall service does not fix the problem.
In the ISA logs , you just see three entries - "Initiated Connection > Denied Connection > Closed COnnection", but there is no rule listed or any reason why the connection is denied. Also, the protocol is listed as Unidentified IP traffic and there is no Client Username or Destination URL listed. It's like the proxy filter is just not working.
So one time I saw an error message in the Windows event viewer that says "The Web Proxy filter failed to bind its socket to <IP Address> port 8080. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure."
Restarting the service did not help and in fact the same error showed up every time I restarted the service. I used a program called TCPView and discovered that the only process that was supposedly using port 8080 was the "System" process. But I could not kill that process to see if that would help. Usually you should see the wspsrv.exe process using port 8080 with a lot of TCP connections, but there were not any listed - just the system process. I don't know why the system process would be trying to use port 8080 - any ideas?
One time when this happened, as a troubleshooting method, I changed the HTTP port that ISA listens on from 8080 to port 80 and changed my browser to port 80 and sure enough, I could get on the internet. When I changed it back to port 8080 - no more internet traffic.
Basically, when this happens the only thing I can do is reboot the ISA server and HTTP traffic starts moving again.
Does anyone have any ideas what may be causing this? We ran ISA 2004 for 4 months on the trial version with absolutely no problems and then when we bought and installed the full version, we have had this problem ever since. I have tried changing out both network cards and I even tried reinstalling ISA from scratch and installing it on a completely different server to see if it was a hardware issue, but the same thing happened on it also.
Thanks, and advice will help. Jack
[ January 31, 2005, 03:41 PM: Message edited by: Jack Wilcox ]
From: San Angelo, TX
No, not really. This is still happening - usually once a day. Our thinking is that some access or publishing rule is the culprit, just not sure which one. We have rebuilt the server a couple times, but always just restored our configuration from a backup to save time. But if something in the config was causing the problem, then we were always just reimporting the same problem. Our next step is to rebuild the server and rebuild all our rules from scratch. We have some cleanup we need to do anyway, so this will be a good thing. I will try to keep you posted on how this works out for us.
We have the same problem, it happend when you disconnect the network cable from the NIC, or the NIC lost the link. The only sollution witch I know it to restart the isa server service from the management console. I try to find a hotfix for this problem, but I cant find any useful.
From: Cape Town, South Africa
Sounds like something else is grabbing port 8080. It could be another webservice/application. I'd suggest using APORTS(find it on downloads.com) and see what is using port 8080. If another application has taken port 8080, restarting your ISA server won't neccessarily free the port. Also check your Event Viewer and you could see the application that has "stolen" port 8080.