ISA 2000 Hotfixes
(July 2003)
compiled by
Scott Jiles
Table of Contents
ISA 2000 Hotfixes:
ISA 2000 Fixes Before SP1
ISA 2000 Fixes in Service Pack 1
ISA 2000 Post-SP1 Hotfixes
ISA Fixes Post Feature Pack 1
NOTE: Click HERE for alternate formatting of this article.
ISA 2000 Fixes Before SP1
Title: 283213 Blocking and Logging Traffic on ISA Server Internal Interfaces
Hotfix: 1200.51
Link: http://support.microsoft.com/?id=283213
Files: mspfltex.sys (41,904 bytes) Friday, December 29, 2000, 1:00:20 PM
Summary: By default, Internet Security and Acceleration (ISA) Server 2000 does not apply packet filtering to the internal interfaces (as determined by the local address table). If you want to filter traffic on those interfaces, use the methods that are described in the “More Information” section of this article.
Title: 285807 Rule Fields in Firewall Log Are Sometimes Not Logged Properly
Hotfix: 1200.54
Link: http://support.microsoft.com/?id=285807
Files: wspsrv.exe (292,112 bytes) Wednesday, January 17, 2001, 9:12:04 AM
Summary: A problem in the Internet Security and Acceleration (ISA) Server 2000 firewall logging module prevents the logging of the “Rule#1” and “Rule#2” fields for certain User Datagram Protocol (UDP) traffic, even if you select these fields in the logging configuration dialog box.
Title: 288247 Access Violation in Mspadmin.exe with ISA Server with Multiple IP Addresses on an External Interface
Hotfix: 1200.55
Link: http://support.microsoft.com/?id=288247
Files: bwserver.dll (29,968 bytes) Sunday, March 11, 2001, 3:37:22 PM
Summary: This issue applies to active interfaces; if your configuration does not match the table above and the ISA Server services start but a user later creates a virtual private network (VPN) connection to the server that is running ISA Server, or if the ISA Server computer dials out with VPN or a modem, causing it to have an additional IP address, the ISA Server services may stop working.
Title: 292014 Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule
Hotfix: 1200.56
Link: http://support.microsoft.com/?id=292014
Files: 3/13/2001 4:37PM 3.0.1200.56 216,336 Smtpfadm.dll
Summary: 305012 How to Remove Corrupt Entries from the SMTP Filter. http://support.microsoft.com/?id=305012
If you disable and then later remove (or delete) an SMTP Filter Attachment rule, it may not be removed from the tool. Instead, it may become corrupted. When this occurs, you cannot edit or remove the rule, and an entry that appears as a “disabled” icon appears, but the text title and description fields for the rule are blank.
Title: Q291427 Only the First Web Site Is Returned Using Web Publishing for Multiple Sites
Hotfix: 1200.57
Link: http://support.microsoft.com/?id=291427
Files: 3/21/2001 3:28PM 3.0.1200.57 373,008 W3proxy.exe
Summary: Internet Security and Acceleration (ISA) Server may return only the Web site that is specified in the first publishing rule in the Web publishing rules list. This behavior can occur if all of the following conditions exist:
· You use Web publishing to publish two or more Web sites, each using a different IP address on the external ISA Server interface.
· None of the external IP addresses have host names associated with them on the DNS server that ISA Server uses for name resolution.
· The external Web browser sends a request by using any IP address (only the IP address, not the fully qualified domain name [FQDN]) other than the one that is listed first in the Web publishing list.
This is likely to occur in laboratory environments in which it is common to test Web publishing by using only IP addresses, and it is also common to not have host names registered for every IP address in use.
Title: 292018 Slow Response from Downstream ISA Server Using Web Proxy Chaining
Hotfix: 1200.57
Link: http://support.microsoft.com/?id=292018
Files: 3/21/2001 3:28PM 3.0.1200.57 373,008 W3proxy.exe
Summary: When clients that use a downstream Internet Security and Acceleration (ISA) Server service for Web proxy request a Web site on the Internet, the downstream ISA Server may take a long time to respond. This issue can occur if the following conditions exist:
· A downstream ISA Server server is configured to chain Web proxy requests to the upstream server.
-and-
The DNS server that ISA Server is configured to use is unable to resolve all possible name resolution requests, which may include names on the internal and external network (intranet and Internet).
· There is a Site and Content rule that applies to any destination type other than “All destinations.”
-or-
· There is a Web Publishing rule that applies to any destination type other than “All destinations.”
Title: Q290731 Firewall Service (Wspsrv.exe) Problems with High S-NAT Client Load
Hotfix: 1200.58
Link: http://support.microsoft.com/?id=290731
Files: 3/19/2001 10:56AM 3.0.1200.58 292,112 Wspsrv.exe
Summary: Many S-NAT socket mappings are created under heavy load, which can lead to heap corruption. This is caused by the double deletion of an S-NAT socket mapping because of a race condition in the threads that delete these mappings.
A race condition is a situation in a multiple-threaded environment in which the result of the execution depends on the order of execution among the threads. In such cases, if thread A wins the race it produces one result, but if thread B wins, it produces another result. The speed of each thread depends on the tasks each thread is performing, context-switches, page faults, and so on.
This issue could be caused by a program (or multiple programs) that sends many UDP or TCP packets to multiple destinations, all with ports that are primary UDP or TCP ports.
Title: 291000 External MAPI Clients Cannot Connect with RPC
Hotfix: 1200.59
Link: http://support.microsoft.com/?id=291000
Files: 3/19/2001 11:00AM 3.0.1200.59 43,280 Rpcfltr.dll
Summary: When you are using Server Publishing in Internet Security and Acceleration (ISA) Server 2000 to publish an RPC server (by using either the “Any RPC Server” or “Exchange RPC Server” protocol definition), external Microsoft Windows 2000-based clients can connect to the RPC server behind ISA Server 2000, but clients that are running Microsoft Windows NT 4.0, Microsoft Windows 98, Microsoft Windows 95, or Microsoft Windows Millennium Edition (Me) cannot connect. The error message that is received on the client varies depending on the RPC client program that is being used.
Title: Q292546 Firewall Service (Wspsrv.exe) Hangs When Handling RTSP Streams
Hotfix: 1200.60
Link: http://support.microsoft.com/?id=292546
Files:
Summary: When ISA Server serves a Real-Time Streaming Protocol (RTSP) connection that uses TCP/IP for the stream data, the ISA Server Firewall service may stop responding (hang).
Title: 293161 “STOP 0x000000D1” When Passing Fragmented Packets Without NAT
Hotfix: 1200.61
Link: http://support.microsoft.com/?id=293161
Files: 7/01/2001 11:06:42 3.0.1200.61 41,904 Mspfltex.sys
Summary: If the Network Address Translation (NAT) driver on an Internet Security and Acceleration (ISA) Server-based server is stopped and the data that is being sent outbound is larger than the Maximum Transmission Unit (MTU) setting, fragmented packets pass through ISA Server, which may cause the following error message on a blue screen:
STOP 0x000000D1 (0x0000010e, 0x00000002, 0x00000000, 0xbfee8c70) DRIVER_IRQL_NOT_LESS_OR_EQUAL error code.
When this occurs, the following Event log entry is generated:
Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date:
Time:
User: N/A
Computer:
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000010e, 0x00000002, 0x00000000, 0xbfee8c70). Microsoft Windows 2000 [v15.2195]. A dump was saved in: %SystemRoot%\MEMORY.DMP.
Title: Q293863 Multiple Overdue Tasks Are Run and Alerts Are Issued for a Short Period
Hotfix: 1200.62
Link: http://support.microsoft.com/?id=293863
Files: Apr 4, 2001 14:13:32 3.0.1200.62 211,216 Msfpc.dll
Summary: On an ISA Server-based computer that has been running for more than 49 days, you may notice one or more of the following symptoms that last for a short duration:
· Some alerts may be triggered over and over again.
· Hundreds of LDAP queries each second may be sent to the Active Directory.
· The creation of ISA log files may stop.
Title: Q295279 Web Proxy Service Crashes If URL Requests a Specifically Malformed
Hotfix: 1200.63
Link: http://support.microsoft.com/?id=295279
Files: 4/3/01 3.0 12:27PM 373,008 W3proxy.exe
Summary: When an incoming Web request is made to a computer that is running Internet Security and Acceleration (ISA) Server and is publishing a Web page by using Web Publishing, the Web Proxy service may stop and an access violation may occur.
Title: 297080 Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy
Hotfix: 1200.64
Link: http://support.microsoft.com/?id=297080
Files: 5/6/2001 02:03PM 3.0.1200.64 373,520 W3proxy.exe
Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser.
These symptoms may occur if the downstream ISA Server computer is configured to require integrated authentication and if the upstream Web proxy server is also configured to require proxy authentication. In addition, the Routing rule on the downstream ISA Server computer is configured to provide Basic Authentication credentials to the upstream Web proxy server.
This behavior does not occur if the downstream ISA Server computer is not configured to provide any credentials or if it is configured to provide Integrated Authentication credentials to the upstream Web proxy server.
Title: 295090 Access Violation in W3proxy.exe Because of HTTP VARY Header Processing
Hotfix: 1200.64
Link: http://support.microsoft.com/?id=295090
Files: 5/6/2001 02:03PM 3.0.1200.64 373,520 W3proxy.exe
Summary: When an outgoing HTTP request is made through Internet Security and Acceleration (ISA) Server, an access violation may occur in W3proxy.exe, causing the Web Proxy service to terminate.
Title: Q301425 ISA Server Does Not Cache Responses That Contain the Location Header
Hotfix: 1200.65
Link: http://support.microsoft.com/?id=301425
Files: 6/12/2001 13:14:32 3.0.1200.65 373,520 W3proxy.exe
Summary: Internet Security and Acceleration (ISA) Server does not cache responses that contain the Location header. (For example, in a Network Monitor trace, under the HTTP protocol in the headers section: Location:Http://domain.com).
Location headers are sometimes used in links that redirect a user to a site based on certain criteria. The link itself may contain only parameters for a query that is run on the Web server. The response to that query is an URL to which the user is being redirected. This URL is sent to the browser as a Location header, the browser then goes to that location.
With ISA Server, the problem can occur if the caching options are set to cache all content including dynamic content and a scheduled content download job is set to download and cache such a site; the links that return location headers are not cached, even though the sites that are returned by the links are cached (provided that the download job specifies the proper depth of links to follow). When such a site is later accessed, ISA Server needs to access the original link and gets the response (the Location header). The site that is referenced in the response is served from the cache.
It may be appropriate in certain situations for ISA Server never to contact the original site but only to serve content from cache. The hotfix that is listed in this article makes ISA Server cache responses that contain Location headers as well.
Title: Q297324 Multiple Authentication Dialog Boxes Are Displayed When You Use Access Control
Hotfix: 1200.65
Link: http://support.microsoft.com/?id=297324
Files: 06/12/2001 06:14 3.0.1200.65 373,520 W3proxy.exe
Summary: When a destination set is configured, the client receives an HTTP 407 error for each domain that is restricted. As a result, the client browser is prompted for authentication. If the destination that is set is restricted to a domain that contains multiple links to other domains, an authentication dialog box appears for each unauthorized link.
Title: Q300707 Invalid Content-Length Header May Cause Requests to Fail Through ISA
Hotfix: 1200.65
Link: http://support.microsoft.com/?id=300707
Files: 06/12/2001 06:14 3.0.1200.65 373,520 W3proxy.exe
Summary: When you send a HTTP POST request from a Web browser through Internet Security and Acceleration (ISA) Server 2000, you may receive the following error message in the Web browser:
HTTP/1.1 400 Bad Request (The data is invalid).
This error message may be the only response that is displayed in the Web Browser, or it may be displayed together with the correct response in the same HTML page.
This error message may be displayed in both a Web publishing scenario or for Web proxy clients behind ISA Server that are accessing Web servers on the Internet.
Title: Q295386 PDF Files Are Not Returned from the ISA Server Cache
Hotfix: 1200.66
Link: http://support.microsoft.com/?id=295386
Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe
Summary: When you open Adobe Acrobat PDF documents, Internet Security and Acceleration (ISA) Server saves them to the cache. However, subsequent requests for the same documents are not served from the cache, but are instead retrieved again from the original source.
The Web proxy logs show that the PDF documents are coming from the intranet (an inet entry in the log, rather than a cache or vcache entry).
The Cachedir.exe utility that is included with the ISA Server CD-ROM shows that the PDF documents are actually in the cache. However, when the client makes the request, ISA Server retrieves them from the intranet. Note that for all other matters, the ISA Server cache appears to work well.
Title: Q294722 Proxy Error 502 Is Returned by ISA Server Under Heavy Stress
Hotfix: 1200.66
Link: http://support.microsoft.com/?id=294722
Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe
Summary: Under stress, the following error responses may be returned to the client occasionally:
502 Proxy Error (Software caused the connection to abort)
502 Proxy Error (Network logon failed)
Title: Q301380 Some Server Variables Are Not Fully Implemented in ISA Server
Hotfix: 1200.66
Link: http://support.microsoft.com/?id=301380
Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe
Summary: An ISA Server Web filter that is using one or more of the following variables will not work correctly:
· CERT_FLAGS
· CERT_ISSUER
· CERT_KEYSIZE
· CERT_SECRETKEYSIZE
· CERT_SERIALNUMBER
· CERT_SERVER_ISSUER
· CERT_SERVER_SUBJECT
· CERT_SUBJECT
· HTTPS_KEYSIZE
· HTTPS_SECRETKEYSIZE
· HTTPS_SERVER_ISSUER
· HTTPS_SERVER_SUBJECT
Title: 303379 Firewall Client Conflict with Third-Party Layered Service Providers
Hotfix: 1200.67
Link: http://support.microsoft.com/?id=303379
Files: Stpext32.dll Monday, July 23, 2001, 2:33:26 PM (132,368 bytes)
Files: Wspwsp.dll Sunday, July 01, 2001, 4:55:50 PM (94,480 bytes)
Summary: After you install a third-party program (such as the NewDot and Babylon clients) on a computer that is running the Internet Security and Acceleration (ISA) Server Firewall client software, you may experience problems with network connectivity, slow loading of the operating system and error messages on blue screens or STOP error messages. The same problem may also occur if the ISA Server Firewall client is installed after the third party client or provider.
Title: 295388 Access Violation Occurs in Your Firewall Client When It Is Under a High
Hotfix: 1200.67
Link: http://support.microsoft.com/?id=295388
Files: Stpext32.dll Monday, July 23, 2001, 2:33:26 PM (132,368 bytes)
Files: Wspwsp.dll Sunday, July 01, 2001, 4:55:50 PM (94,480 bytes)
Summary: When the firewall client is set for automatic discovery of Internet Security and Acceleration (ISA) Server, if two or more simultaneous requests for creation of sockets are generated by a program or programs on the client computer, an access violation error message may occur in Wspwsp.dll.
Title: 295389 Scripts Can Be Run in the Error Page That Is Returned by ISA Server
Hotfix: 1200.68
Link: http://support.microsoft.com/?id=295389
Files: 09-Aug-2001 15:15 3.0.1200.68 208,656 H323asn1.dll
Files: 15-Aug-2001 16:48 3.0.1200.68 shp 381,200 W3proxy.exe
Summary: If you click a link (or URL) to a page that includes script code that for any reason generates an error, the error message from Internet Security and Acceleration (ISA) Server contains the original script from the link and it runs in your Web browser.
This is a cross-site scripting vulnerability that affects the error page that ISA Server generates in response to a request for a non-existent page or an unsuccessful connection attempt to a page. As with all cross-site scripting vulnerabilities, this vulnerability could enable an attacker to either run script in the security domain of another, presumably trusted, Web site, or to access cookies that a site had written to a your computer.
Title: 289503 Memory Leak in ISA Server H.323 Gatekeeper Service and Winsock Proxy
Hotfix: 1200.68
Link: http://support.microsoft.com/?id=289503
Files: 09-Aug-2001 15:15 3.0.1200.68 208,656 H323asn1.dll
Files: 15-Aug-2001 16:48 3.0.1200.68 381,200 W3proxy.exe
Summary: It is possible for a memory leak in the Internet Security and Acceleration (ISA) Server Gatekeeper service and Winsock Proxy service to be exploited to deplete resources on the server. If this were to occur, the server could become slow and services could become unresponsive.
Title: 305204 Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication
Hotfix: 1200.69
Link: http://support.microsoft.com/?id=305204
Files: Aug-26-2001 17:34:46 3.0.1200.69 381,712 W3proxy.exe
Summary: Browser clients that are configured to use the default “Automatic Configuration Script” in ISA Server or “Automatically Detect Settings”, may be unable to obtain access to Web sites through the Web Proxy service in ISA Server if it is configured to require proxy authentication.
The clients do not work only if proxy authentication is enforced on the ISA Server by selecting Ask unauthenticated users for identification under the Outgoing Web Requests tab. Also, the client must be requesting the automatic configuration script or the Wpad.dat file (from Automatically Detect Settings) from the TCP port that is specified on the Outgoing Web Requests tab.
If proxy authentication is instead enforced by site and content rules or protocol rules, the clients can obtain access to Web sites without any issues. Similarly, if the browser clients request the automatic configuration script or the Wpad.dat file from the auto discovery TCP port instead of the TCP port that is specified on the Outgoing Web Requests tab, access to Web Sites works correctly.
Title: 304340 The ISA Server Response to Client Options Requests Is Limited to a Predefined Set
Hotfix: 1200.69
Link: http://support.microsoft.com/?id=304340
Files: Aug-26-2001 17:34:46 3.0.1200.69 381,712 W3proxy.exe
Summary:
Title: 307784 Server Publishing Rules Intermittently Fail
Hotfix: 1200.70
Link: http://support.microsoft.com/?id=307784
Files: Sep-23-2001 16:04 3.0.1200.70 292,112 Wspsrv.exe
Summary: When you Web publish a Web Distributed Authoring and Versioning (WebDAV) folder, external clients may not be able to gain access to the folder.
The hotfix that is described in this article corrects a problem with Web publishing WebDAV folders with Internet Security and Acceleration (ISA) Server by allowing ISA Server to respond correctly to the Web browser by sending the actual Options that are sent by the WebDAV server.
ISA 2000 Fixes in Service Pack 1
313249 List of Bugs Fixed by Internet Security and Acceleration Server 2000
http://support.microsoft.com/?id=313249
Q283213 Blocking and Logging Traffic on ISA Server Internal Interfaces |
Q284835 Cannot Connect to the Enterprise Administration Console |
Q285807 Rule Fields in Firewall Log Are Sometimes Not Logged Properly |
Q285812 Cannot Configure or Use the SMTP Filter If the Decimal Symbol Is Not a |
Q288247 Access Violation in Mspadmin.exe with ISA Server with Multiple IP |
Q289503 Memory Leak in ISA Server H.323 Gatekeeper Service and Winsock Proxy |
Q290731 Firewall Service (Wspsrv.exe) Problems with High S-NAT Client Load |
Q291000 External MAPI Clients Cannot Connect with RPC |
Q291427 Only the First Web Site Is Returned Using Web Publishing for Multiple |
Q292010 High Memory Consumption by SMTP Message Screener Under Stress |
Q292013 Unregistered Fltrsnk1.dll Starts with Inetinfo.exe |
Q292014 Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule |
Q292018 Slow Response from Downstream ISA Server Using Web Proxy Chaining |
Q292545 Autodetection Does Not Work for Chinese and Korean Versions of Browsers |
Q292546 Firewall Service (Wspsrv.exe) Hangs When Handling RTSP Streams |
Q293161 “STOP 0x000000D1” When Passing Fragmented Packets Without NAT |
Q293863 Multiple Overdue Tasks Are Run and Alerts Are Issued for a Short Period |
Q294722 Proxy Error 502 Is Returned by ISA Server Under Heavy Stress |
Q295279 Web Proxy Service Crashes If URL Requests a Specifically Malformed |
Q295388 Access Violation Occurs in Your Firewall Client When It Is Under a High |
Q295389 Scripts Can Be Run in the Error Page That Is Returned by ISA Server |
Q297080 Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is |
Q297324 Multiple Authentication Dialog Boxes Are Displayed When You Use Access |
Q297515 All Requests from SecureNAT and Firewall Clients Are Denied |
Q300707 Invalid Content-Length Header May Cause Requests to Fail Through ISA |
Q301380 Some Server Variables Are Not Fully Implemented in ISA Server |
Q301425 ISA Server Does Not Cache Responses That Contain the Location Header |
Q301575 Clients Are Unable to Connect to an FTP Server that Is Published on the |
Q303379 Firewall Client Conflict with Third-Party Layered Service Providers |
Q303530 VPN Clients May Not Work on ISA Server Perimeter Networks |
Q304340 The ISA Server Response to Client Options Requests Is Limited to a |
Q305204 Clients That Use an Automatic Configuration Script May Not Work Because |
Q306884 The Mspadmin.exe ISA Control Service Stops Responding When You Start the |
Q307209 You May Not Be Able to Connect to SSL Published Web Sites with SGC |
Q307524 Maximum of 14 Characters Are Allowed on the Credentials Tab for Report |
Q307784 Server Publishing Rules Intermittently Fail |
Q310362 Compressed Files Content Group Is Ignored |
Q311011 ISA Server Control May Not Start to Log Errors in the Event Log |
Q311777 How to Enable Translating Client Source Address in Server Publishing |
Q312391 ISA Firewall Client Shows Connection to Server Name Instead of IP Address |
Q312633 ISACTRL Service Does Not Start When You Enable or Disable Packet Filters |
Q313056 A GET Request After a POST Request Does Not Work If There Is an Extra |
Q313076 Change to the WebProxyPort Setting Is Not Written to Mspclnt.ini |
Q313249 List of Bugs Fixed by Internet Security and Acceleration Server 2000 |
Q313338 Denied Web Proxy User Appears as “Anonymous” in the Logs |
Q313341 Web Filter Order Changes Are Not Saved |
Q313342 Problems with a Flood of Sockets for Primary NAT Connections |
Q313343 ISA Server Firewall Chaining Can Cause Problems with FTP Access |
Q313344 SMTP Filter Becomes Unstable When You Use Space in Keyword Name or |
Q313345 SMTP Filter UI Displays Red X Instead of Rules |
Q313346 Commas in URLs Are Logged in ISA Log Files |
Q313347 Automatic Detection Causes the Program to Stop Responding for Several |
Q313350 Problems When You Use a Server Publishing Rule that Uses a Protocol |
Q313354 You Cannot Create Reports from Remote Administration |
Q313355 Web Proxy Does Not Return Error Response from the Web Server |
Q313356 FTP Client May Not Work When You Enable IP Routing on a Downstream ISA |
Q313369 Sample ISAPI Filter in ISA Server SDK Causes Events to Be Logged |
Q313375 Incorrect Site and Content Rule Behavior Occurs If Multiple Destinations |
Q313396 Attachment Rules for SMTP Filter May Become Damaged |
Q313410 RTP Streams Between ISA Servers and Cisco Routers Do Not Work |
Q313419 You Can Retrieve Cached Content That Is Blocked by Using a Downstream |
Q313430 You Do Not Receive a Warning Not to Install ISA Firewall Client on ISA |
Q313431 “Access Denied” Error Message When You Try to Delete a Site and Content |
Q313432 Destination Set Data in ISA Server 2000 May Be Damaged or Incorrect |
Q313433 VPN Dial-up Connections Are Not Filtered by ISA Server |
Q313461 Blocked Protocols Appear in ISA Reports |
Q313525 Proxy-to-Proxy Authentication Does Not Work Between a Downstream ISA |
Q314113 The Firewall Client May Not Work After You Reinstall the Client on a |
Q314120 Client Computers May Be Displayed As “Unknown” in the Application Usage |
Q314121 MMS and RTSP UDP Packets on the Secondary Channel Are Dropped |
ISA 2000 Post-SP1 Hotfixes
Title: 318319 Access Violations Occur in the Web Proxy Service If an Impersonation Failure Occurs
Hotfix: 1200.170
Link: http://support.microsoft.com/?id=318319
Files: 27-Mar-2002 14:10 3.0.1200.170 383,760 W3proxy.exe
Summary: When users try to access resources in an outgoing Web Proxy or in a Web Publishing scenario, the Web Proxy service may generate an access violation error and stop responding if Proxy authentication is required globally, if Ask unauthenticated users for identification is enabled on the Outgoing Web Requests tab for the properties of the server, or if it is enabled specifically by access rules. Typically, the access violation error occurs only for users that are not a local administrator on the computer that is running Internet Server and Acceleration (ISA) Server. If local administrators try to access resources through the Web Proxy service, requests are served without any issues.
Title: 317822 FIX: Problems with Web Browser if ISA Server 2000 Is Chained to an Upstream Web Proxy Server
Hotfix: 1200.170
Link: http://support.microsoft.com/?id=317822
Files: 27-Feb-2002 14:10:00 3.0.1200.170 383,760 W3proxy.exe
Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may experience unexpected delays, incomplete pages, random authentication warning messages, and so forth, when you browse the Web.
This behavior does not occur if the upstream proxy server requires NTLM authentication and the routing rule on the downstream server is configured to provide Integrated Authentication credentials to the upstream Web proxy server.
Title: 317122 Web Proxy Sends TCP Reset Instead of Only Closing Session
Hotfix: 1200.170
Link: http://support.microsoft.com/?id=317122
Files: 27-Feb-02 13:10:39 3.0.1200.170 383,760 W3proxy.exe
Summary: You may receive the following error message in your Web browser program (such as Microsoft Internet Explorer, NetScape Navigator, and so on) when you are posting data to a Web site:
The connection was reset by the server
The browser clients are connecting to the Web sites through an Internet Security and Acceleration (ISA) Server Web proxy server. Subsequent attempts to repost the data may work.
Title: 318005 ISA Firewall Service Cannot Start with More Than 85 IP Addresses on the External Network Adapter
Hotfix: 1200.171
Link: http://support.microsoft.com/?id=318005
Files: 28-Feb-2002 09:21:34 3.0.1200.171 294,672 Wspsrv.exe
Summary: The Internet Security and Acceleration (ISA) Server Firewall service may not start if you add more than 85 IP addresses to the external network adapter. When you start your computer after you do so, you may see an event that is similar to the following event:
Event Type: Error
Event Source: Service Control Manager
Event ID: 7031
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.
Title: 321846 Incorrect Canonicalization in Rules Engine
Hotfix: 1200.174
Link: http://support.microsoft.com/?id=321846
Files: 5-May-2002 11:30 3.0.1200.174 384,272 W3proxy.exe
Summary: Some specific URLs are not blocked by the Rules engine even when they are denied by a Site and Content rule. If a Site and Content rule exists that denies access to a specific destination such as www.example.com, a user can still visit that site if they type the destination in the following format:
www.example.com.
Note the period at the end of the domain name (also known as the “root” in DNS terms).
Title: 319374 Web Proxy Service Stops Responding
Hotfix: 1200.174
Link: http://support.microsoft.com/?id=319374
Files: 5-May-2002 11:30 3.0.1200.174 384,272 W3proxy.exe
Summary: When an Internet Security and Acceleration (ISA) Server-based computer that is Web publishing an SSL Web site receives an invalid SSL packet, the ISA Server Web Proxy service may crash, generate an access violation error message, and may stop providing services.
Title: 323889 Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker’s Choice
Hotfix: 1200.177
Link: http://support.microsoft.com/?id=323889
Files: 11-Jun-2002 13:08 3.0.1200.177 30,992 W3pinet.dll
Summary: A problem may occur on an Internet Security and Acceleration (ISA) Server-based or Proxy Server 2.0-based computer during the processing of Internet Gopher protocol requests. A typical Gopher request may look similar to this:
gopher://gopher.example.com:70/11/example%09%09%2b
When a malicious request is received, the ISA Server-based or Proxy Server 2.0-based computer may send back a response that is not valid, generate an access violation error message, and stop providing services.
A successful attack against the ISA Server-based or Proxy Server 2.0-based computer requires a malicious Gopher request. This request must originate from a valid user who is permitted by the firewall policy and that is received by the Web Proxy service. This means that a valid client would have to submit the initial request.
Title: 319376 How to Automatically Authenticate a User Against All Trusted Domains in
Hotfix: 1200.178
Link: http://support.microsoft.com/?id=319376
Files: 11-Jun-2002 18:38 3.0.1200.178 386,832 W3proxy.exe
Summary: When you use Basic authentication in Internet Security and Acceleration (ISA) Server to authenticate Web Proxy users, ISA does not automatically try to authenticate the user against all trusted domains when no domain name is specified by the user. This occurs even if a backslash (\) is specified as the default authentication domain under Basic authentication for the Web Proxy listener in question, as explained in the following Microsoft Knowledge Base article:
168908 How to Authenticate a User Against All Trusting Domains
Title: 319375 The CERT_CONTEXT Structure Variable Is Not Available for Web Filters in ISA
Hotfix: 1200.178
Link: http://support.microsoft.com/?id=319375
Files: 11-June-2002 18:38 3.0.1200.178 386,832 W3proxy.exe
Summary: When you try to write a Web filter for Internet Security and Acceleration (ISA) Server that does client certificate Certificate Revocation List (CRL) validation, you cannot use the CertVerifyRevocation application programming interface (API) because no CERT_CONTEXT structure server variable is available.
Title: 326116 FIX: Cannot Renew DHCP Assigned IP Address on External ISA Interface
Hotfix: 1200.179
Link: http://support.microsoft.com/?id=326116
Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe
Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll
Summary: On a computer running Internet Security and Acceleration Server, where the external interface is configured to have its IP address dynamically assigned from DHCP, you may not be able to renew the IP address on the interface.
For example, if you run ipconfig /release, followed by ipconfig /renew, from a command prompt, you may receive an error message similar to the following:
The following error occurred when renewing adapter MyAdapterName: DHCP Server unreachable
Additionally, you may not be able to turn off and turn on the external network adapter, or to automatically or manually change the assigned IP address on the external network adapter in ISA Server.
This problem also occurs when you have the DHCP Client Static Packet filter turned on in ISA Server.
The only way to renew the IP address is to temporarily turn off packet filtering or restart the computer running ISA Server.
Title: 321219 FIX: Server Publish May Fail on Dial-up Links
Hotfix: 1200.179
Link: http://support.microsoft.com/?id=321219
Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe
Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll
Summary: If you use ISA Server to server publish on a dial-up adapter link (such as an analog modem, ISDN, or ADSL), the server publish operation may fail. This problem may occur although you use a fixed IP address on the dial-up interface.
When you run netstat -an from a command prompt on the computer running ISA Server, you see that ISA Server is not listening on the published port on behalf of the published service. Because of this, no connections can be made to the server published service.
Typically, this problem occurs on a slow link such as an analog modem connection. However, it may occur when you use any type of dial-up adapter.
To get the server publishing rule to work, you must turn off and then turn on the server publishing rule, or you must stop and then restart the Firewall Service.
Title: 319378 ISA splits POSTs into multiple frames causing timeouts to some web
Hotfix: 1200.179
Link: http://support.microsoft.com/?id=319378
Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe
Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll
Summary: A client that is submitting form data through an ISA Server may experience a timeout or an erroneous error message upon submission of the form.
A network trace will reveal that, on the external interface of the ISA Server, the HTTP POST is split into two parts; additionally, the web server can be seen to respond to the first part before it has received and processed the second.
Title: 319377 FIX: ISA Server Blocks Incoming Traffic Although a Valid Server
Hotfix: 1200.179
Link: http://support.microsoft.com/?id=319377
Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe
Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe
Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll
Summary: ISA Server may temporarily block incoming traffic that is destined for a protocol that has a valid Server Publishing rule defined. This blockage typically does not occur for more than a few minutes.
Title: 313318 Cannot Relay Mail Through ISA Server If Authentication Is Required
Hotfix: 1200.180
Link: http://support.microsoft.com/?id=313318
Files: 22-Oct-2002 14:25:24 3.0.1200.180 60,176 Fltrsnk1.dll
Files: 22-Oct-2002 14:25:28 3.0.1200.180 93,968 Smtpfltr.dll
Summary: Clients that are outside an ISA server cannot relay mail through that ISA server. This problem may occur if external clients try to send mail to other external recipients.
Title: 331063 Macintosh Outlook Clients Cannot Connect to Exchange Server Through ISA
Hotfix: 1200.181
Link: http://support.microsoft.com/?id=331063
Files: 25-Nov-2002 05:19 3.0.1200.181 47,888 Rpcfltr.dll
Summary: When you use Internet Security and Acceleration Server (ISA) to publish an Exchange server and give external clients permission to connect to an internal Exchange server, x86-based Outlook clients can connect to the Exchange server, but Macintosh Outlook clients cannot connect to the Exchange server.
Title: 331064 FIX: ISA Reports May Span Unexpected Date Range or Show Incomplete Data
Hotfix: 1200.182
Link: http://support.microsoft.com/?id=331064
Files: 05-Feb-2003 13:28 501 Os.map
Files: 05-Feb-2003 13:59 3.0.1200.182 792,848 Sumgen.dll
Summary: Reports created on an ISA Server computer may span an unexpected date range or may show blank or incomplete data under certain conditions.
Title: 328705 FIX: ISA may show empty tables on the ‘Traffic & Utilization’ report
Hotfix: 1200.182
Link: http://support.microsoft.com/?id=328705
Files: 05-Feb-2003 13:28 501 Os.map
Files: 05-Feb-2003 13:59 3.0.1200.182 792,848 Sumgen.dll
Summary: Parts of the ISA ‘Summary’ and ‘Traffic and Utilization’ report may show tables that are empty or initialized to 0 for the first 12 days of the month.
Title: 319381 Server-Side Playlists Do Not Work with ISA Server
Hotfix: 1200.183
Link: http://support.microsoft.com/?id=319381
Files: 03-Nov-2002 10:48 3.0.1200.183 176,912 Mspadmin.exe
Files: 03-Nov-2002 10:48 3.0.1200.183 99,600 Msphlpr.dll
Files: 03-Nov-2002 10:48 3.0.1200.183 62,736 Strmfltr.dll
Files: 03-Nov-2002 10:47 3.0.1200.183 388,368 W3proxy.exe
Files: 03-Nov-2002 10:48 3.0.1200.183 297,232 Wspsrv.exe
Summary: When you use the Microsoft Media Server – Universal Datagram Protocol (MMSU) protocol from a Windows Media Player client that is behind an ISA Server computer, the Windows Media Player client may not work when it is connected to an external Windows Media Services resource that is hosting a server-side playlist and you try to move from one item in the server-side playlist to another.
You only see these symptoms when you connect to the server-side playlist host from a computer that is using the firewall client. Secure network address translation (SecureNAT) clients do not experience this issue.
Note that you only see the issue when you use MMSU to connect. If you instead use Microsoft Media Server – Transmission Control Protocol (MMST) to connect, you do not experience this issue. Also, the Windows Media Player client may not work if you connect by using Microsoft Media Server (MMS). By default, MMS tries MMSU first.
ISA Fixes Post Feature Pack 1
Title: 331062 Running ISA Server on Windows Server 2003
Hotfix: 1200.255
Link: http://support.microsoft.com/?id=331062
Files: 11-Feb-2003 23:24 3.0.1200.255 8,976 Bwcpmon.dll
Files: 14-Feb-2003 01:41 3.0.1200.255 30,992 Bwserver.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 60,688 Fltrsnk1.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 85,264 H323fltr.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 5,904 Hfperf.dll
Files: 28-Feb-2003 21:23 3.0.1200.255 34,064 Hotfix_res.dll
Files: 16-Feb-2003 19:47 3.0.1200.255 5,904 Hotfix_utl.dll
Files: 11-Feb-2003 23:22 3.0.1200.255 1,821,968 Msfpccom.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 2,570,000 Msfpcsnp.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 178,448 Mspadmin.exe
Files: 11-Feb-2003 23:23 3.0.1200.255 41,296 Mspfltex.sys
Files: 11-Feb-2003 23:23 3.0.1200.255 101,136 Msphlpr.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 16,656 Mspmon.dll
Files: 05-Feb-2003 21:28 3.0.1200.255 501 Os.map
Files: 11-Feb-2003 23:24 3.0.1200.255 34,064 Socksflt.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 6,416 Socksprf.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 390,928 W3proxy.exe
Files: 11-Feb-2003 23:24 3.0.1200.255 6,928 Wspperf.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 298,768 Wspsrv.exe
Summary: The following updates are required for Internet Security and Acceleration (ISA) Server 2000 to function correctly on computers running Windows Server 2003:
· ISA Server Service Pack 1 (SP1)
· The ISA Server 2000 Required Updates for Windows Server 2003 package
ISA Server is supported on all versions of Windows Server 2003 except Windows Server 2003, Web Edition.
Title: 331065 MS03-009: A Problem in the ISA Server DNS Intrusion Detection Filter May Cause Denial of Service
Hotfix: 1200.256
Link: http://support.microsoft.com/?id=331065
Files: 9-Mar-2003 11:55 3.0.1200.256 77,072 Issfltr.dll
Summary: A problem may occur on an Internet Security and Acceleration (ISA) Server 2000-based computer during the processing of incoming Domain Name System (DNS) requests that are sent to a published internal DNS server.
A successful attack against the ISA Server-based computer requires a malicious DNS request. An attacker might be able to exploit the vulnerability by sending a specially formed request to an ISA Server-based computer that is publishing a DNS server. This might then result in a denial of service to the published DNS server. If this occurs, all future incoming DNS requests to the ISA Server-based computer are stopped at the firewall, and are not passed to the internal DNS server. All other ISA Server functionality is unaffected.
Title: 331066 MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service
Hotfix: 1200.257
Link: http://support.microsoft.com/?id=331066
Files: 20-Mar-2003 14:56 3.0.1200.257 178,448 Mspadmin.exe
Files: 20-Mar-2003 14:55 3.0.1200.257 101,136 Msphlpr.dll
Files: 20-Mar-2003 14:55 3.0.1200.257 391,440 W3proxy.exe
Files: 20-Mar-2003 14:55 3.0.1200.257 298,768 Wspsrv.exe
Summary: Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.
The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.
A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.
Title: 816621 FIX: Message Screener Causes Handle Leak in Lsass.exe
Hotfix: 1200.258
Link: http://support.microsoft.com/?id=816621
Files: 23-Mar-2003 18:32 3.0.1200.258 60,688 Fltrsnk1.dll
Summary: You cannot run reports in Internet Security and Acceleration (ISA) Server 2000, and the following event ID message is logged in the event log:
Event Type: Error
Event Source: Microsoft ISA report generator Event
Category: None
Event ID: 21026
Date: 2002-10-13
Time: 00:50:00
Description: The action to create the scheduled report, “Weekly Report”, with the specified credentials, failed. The error code in the Data area of the event properties indicates the cause.
Data: 0000: 0d 00 00 00
To get the Win32 error for the status code 13 (0x0d) in the Data field of the event, type the following line at a command prompt:
net helpmsg 13
This command returns the following output:
The data is invalid
Note
This problem occurs only if ISA Server and the ISA Server SMTP Message Screener (Fltrsnk1.dll) are installed and running on the same computer. To verify that the message screener is installed, follow the steps in the “More Information” section of this article.Title: 331067 FIX: ISA Reports May Contain Negative Numbers in the ‘All Others’ Row
Hotfix: 1200.259
Link: http://support.microsoft.com/?id=331067
Files: 26-Mar-2003 13:34 3.0.1200.259 792,848 Sumgen.dll
Summary: When you view HTML reports, Internet Security and Acceleration (ISA) Server report may show large negative numbers in the All Others row and percentage numbers that do not add up to 100 percent. The report may also include rows with duplicate key names. This may occur when you view reports that are generated from monthly or yearly summary files. Reports that are generated from daily summary files do not have the problem. The default number of daily summaries saved is 36.
Title: 817829 FIX: Passive Mode FTP May Break with Multiple IP Addresses on External Interfaces
Hotfix: 1200.260
Link: http://support.microsoft.com/?id=817829
Files: 02-Apr-2003 11:52 3.0.1200.260 19,216 Ftpfltr.dll
Summary: Internal SecureNAT and Internet Security and Acceleration Server (ISA) Firewall clients may not open the FTP data connection to an FTP server that is using passive mode FTP (PASV). The FTP server may return one of the following error messages:
426 Connection closed; transfer aborted.
-or-
425 Can’t open data connection.
In some circumstances, the FTP client may seem to stop responding (hang) or time out. FTP clients that use active mode FTP (PORT) work without error.
Title: 810561 RemoveAllProxyAuthorization Not Applied to SSL Tunneling (CONNECT)
Hotfix: 1200.261
Link: http://support.microsoft.com/?id=810561
Files: 02-Apr-2003 17:04 3.0.1200.261 178,448 Mspadmin.exe
Files: 02-Apr-2003 17:04 3.0.1200.261 101,136 Msphlpr.dll
Files: 02-Apr-2003 17:03 3.0.1200.261 391,440 W3proxy.exe
Files: 02-Apr-2003 17:04 3.0.1200.261 298,768 Wspsrv.exe
Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser when you connect to secure HTTPS sites.
These symptoms may occur if the downstream ISA Server computer is configured to require Integrated proxy authentication and if the upstream Web proxy server is either configured to allow anonymous access or require proxy authentication (typically Basic proxy authentication). This problem occurs most frequently if you connect to a secure HTTPS site that uses a combination of HTTP and HTTPS links.
Title: 810493 INFO: Update Rollup for ISA Server Services
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=810493
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: Microsoft has released an Update Rollup Package for Microsoft ISA Server 2000 that corrects the problems that are described in the following Microsoft Knowledge Base articles:
810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP Protocols
331068 FIX: ISA Firewall Causes Handle Leak in LSASS
813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions
Title: 810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=810559
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you use Server Publishing UDP Protocols (for example, DNS Query), you may notice a variety of problems:
· A lot of performance problems.
· You cannot connect to the published DNS server externally.
· The server may also stop responding after some days and the only resolution is to restart the computer.
Typically, these problems occur when you use Server Publishing DNS Query protocols where requests to the published DNS server from external sources receive a response only after a long delay, or not at all (the request does not succeed).
Title: 331068 FIX: ISA Firewall Causes Handle Leak in LSASS
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=331068
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: Internet Security and Acceleration (ISA) Server Firewall service may slow down or stop responding to client requests.
This behavior occurs under the following configuration:
· The internal clients are running the ISA Server Firewall client.
-and-
· The ISA Server has access policies defined that require user authentication. This might be Protocol rules or Site and Content rules that apply to specific users or groups.
Title: 813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=813864
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you use Content Types (HTTP Content) in Site and Content Rules to deny or allow requests for downloading specific files (for example, .exe files), ISA Server does not deny or allow the request if you only have the file name extension (for example, .exe) configured in the appropriate Content Group.
This problem occurs only when you serve outgoing HTTP request through ISA Server.
Title: 816828 “Permission Denied” Error Message When You Use Rlogin to Log On to a
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=816828
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you try to use an rlogin connection through Microsoft Internet Security and Acceleration (ISA) Server 2000 to log on to a server on the Internet (for example, to an AIX400 server), you may receive the following error message:
Permission Denied
Title: 815051 The Firewall Client Does Not Support the ConnectEx and WSARecvMsg APIs
Hotfix: 1200.265
Link: http://support.microsoft.com/?id=815051
Files: 20-Apr-2003 14:12 3.0.1200.265 97,552 Wspwsp.dll
Summary: When you use the Firewall client on either Microsoft Windows XP or Microsoft Windows Server 2003, some Winsock applications may not work through ISA Server 2000. For example, Remote Procedure Call (RPC) applications that are using Winsock may not connect through ISA Server 2000. You do not see this issue with Microsoft Windows 2000 or earlier versions of Microsoft Windows when you are running the Firewall client.
Title: 331069 Hotfix to Permit URL Path Redirection in Web Publishing Rules
Hotfix: 1200.266
Link: http://support.microsoft.com/?id=331069
Files: 08-May-2003 21:24 3.0.1200.266 178,448 Mspadmin.exe
Files: 08-May-2003 21:23 3.0.1200.266 103,184 Msphlpr.dll
Files: 09-May-2003 00:45 1.0 19,572 Pathmappingeditor.hta
Files: 08-May-2003 21:23 3.0.1200.266 391,440 W3proxy.exe
Files: 08-May-2003 21:24 3.0.1200.266 299,280 Wspsrv.exe
Summary: When you use Web Publishing Rules to publish an internal Web site, you cannot redirect the URL path to a different path on the internal Web server.
Title: 818621 No Links to Navigate Up Through Directory Levels in FTP Sites When Accessed Through Internet Explorer
Hotfix: 1200.268
Link: http://support.microsoft.com/?id=818621
Files: 05-13-2003 15:38 3.0.1200.268 178,448 Mspadmin.exe
Files: 05-13-2003 15:38 3.0.1200.268 391,952 W3proxy.exe
Files: 05-13-2003 15:38 3.0.1200.268 299,280 Wspsrv.exe
Files: 05-13-2003 15:38 3.0.1200.268 103,184 Msphlpr.dll
Summary: When you view File Transfer Protocol (FTP) sites in Microsoft Internet Explorer, you may notice that there are no links to navigate up through directory levels to the parent directory in the FTP site.
Title: 821098 FIX: Content Cache Issues on Downstream ISA Server Computer
Hotfix: 1200.269
Link: http://support.microsoft.com/?id=821098
Files: 16-May-2003 09:38 3.0.1200.269 178,448 Mspadmin.exe
Files: 16-May-2003 09:38 3.0.1200.269 103,184 Msphlpr.dll
Files: 16-May-2003 09:37 3.0.1200.269 391,952 W3proxy.exe
Files: 16-May-2003 09:38 3.0.1200.269 299,280 Wspsrv.exe
Summary: This article discusses problems that you may experience when you cache Hypertext Transfer Protocol (HTTP) content on a downstream Internet Security and Acceleration (ISA) Server. In these scenarios, all the following configuration conditions apply:
· The downstream ISA Server computer does not request authentication.
· The downstream ISA Server computer is chaining to an upstream proxy server and you have not set the connection user in the Routing rule of the downstream server.
· The upstream proxy server requests authentication.
Title: 813865 FIX: Multiple Registered Web Filters in Active Directory Are Handled
Hotfix: 1200.270
Link: http://support.microsoft.com/?id=813865
Files: 26-June-2003 09:07 3.0.1200.270 212,240 Msfpc.dll
26-June-2003 09:08 3.0.1200.270 1,822,480 Msfpccom.dll
Summary:
After you install ISA Server Web filters such as Urlscan or Link Translation, the ISA Server control service may not start, or the Web filter may not work correctly and may not appear in the ISA Server Microsoft Management Console (MMC).
Title: 816454 Proxy Service Logs an Event ID 14146 Message After Link Translation
Hotfix: 1200.271
Link: http://support.microsoft.com/?id=816454
Files: 25-May-2003 13:19 3.0.1200.271 34,064 Lnktrans.dll
Summary: After you install Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1 and you turn on the Link Translation filter that is included Feature Pack 1, when you start the Web Proxy service, some link translation rules may not work and the following event ID message may be logged:
Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14146
Description: ISA Server failed to load Web Filter DLL C:\Program Files\Microsoft ISA Server\\LnkTrans.dll. The error code shown in the Data area of the event properties indicates the cause of the failure.
Title: 818136 Web Proxy Service May Crash When It Processes a Redirect Action
Hotfix: 1200.276
Link: http://support.microsoft.com/?id=818136
Files: 12-Jun-2003 07:37 3.0.1200.276 178,448 Mspadmin.exe
Files: 12-Jun-2003 07:37 3.0.1200.276 103,184 Msphlpr.dll
Files: 12-Jun-2003 07:36 3.0.1200.276 391,952 W3proxy.exe
Files: 12-Jun-2003 07:37 3.0.1200.276 299,280 Wspsrv.exe
Summary: The Web proxy service (W3proxy.exe) may crash (that is, experience an access violation) when it processes an HTTP redirect action on a site and content rule that denies access
Title: Q816456 MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack
Hotfix: 1200.277
Link: http://support.microsoft.com/?id=816456
Files: -Jun-2003 16:49 2,060 10053.htm
Files: -Jun-2003 16:49 1,983 10053r.htm
Files: -Jun-2003 16:49 2,069 10054.htm
Files: -Jun-2003 16:49 2,007 10054r.htm
Files: -Jun-2003 16:49 2,180 10060.htm
Files: -Jun-2003 16:49 1,986 10060r.htm
Files: -Jun-2003 16:49 2,150 10061.htm
Files: -Jun-2003 16:49 2,074 10061r.htm
Files: -Jun-2003 16:49 1,925 11001.htm
Files: -Jun-2003 16:49 1,987 11001r.htm
Files: -Jun-2003 16:49 1,939 11002.htm
Files: -Jun-2003 16:49 2,001 11002r.htm
Files: -Jun-2003 16:49 1,925 11004.htm
Files: -Jun-2003 16:49 1,987 11004r.htm
Files: -Jun-2003 16:49 1,882 12206.htm
Files: -Jun-2003 16:49 2,086 12206r.htm
Files: -Jun-2003 16:49 2,217 1460.htm
Files: -Jun-2003 16:49 1,969 1460r.htm
Files: -Jun-2003 16:49 2,014 2r.htm
Files: -Jun-2003 16:49 1,590 401r.htm
Files: -Jun-2003 16:49 1,950 407.htm
Files: -Jun-2003 16:49 2,096 502.htm
Files: -Jun-2003 16:49 1,976 502r.htm
Files: -Jun-2003 16:49 2,105 504.htm
Files: -Jun-2003 16:49 1,985 504r.htm
Files: -Jun-2003 16:49 2,052 64.htm
Files: -Jun-2003 16:49 1,959 64r.htm
Files: -Jun-2003 16:50 2,279 Default.htm
Files: -Jun-2003 16:50 1,715 Defaultr.htm
Summary:
Under specific circumstances, an attacker might be able to execute a cross-site scripting (XSS) attack on a computer that is running Internet Security and Acceleration (ISA) Server. This type of attack could potentially provide an attacker with access to any data that resides on the original site. A XSS attack causes a Web browser to execute code from a domain that is different from the domain that the user believes they are accessing. This could allow an attack to run in the user’s browser with the security settings that are appropriate to the original Web site. This problem is the same as the problem that is discussed in MS02-018.
Title: 823261 “Web Proxy Service returns 12013 error upon 230 response from FTP Server”
Hotfix: 1200.278
Link: http://support.microsoft.com/?id=823261
Files: 22-June-2003 12:54 3.0.1200.278 30,992 W3pinet.dll
Summary: When you try to connect to a FTP server through an ISA Server 2000 Web proxy service, you may receive the following error message:
HTTP 502 Proxy Error – The user name was not allowed. Try a different
name, or retry the same name after verifying that it is typed
correctly. (12013)
Title: 821724 “Basic Credentials are requested over HTTP when SSL is required “
Hotfix: 1200. 279
Link: http://support.microsoft.com/?id=821724
Files: -June-2003 08:51 3.0.1200.279 178,448 Mspadmin.exe
24-June-2003 08:51 3.0.1200.279 103,184 Msphlpr.dll
24-June-2003 08:51 3.0.1200.279 392,464 W3proxy.exe
24-June-2003 08:51 3.0.1200.279 299,280 Wspsrv.exe
Summary: In a Web publishing scenario where Basic authentication is enabled on the Incoming Web Requests listener, Basic credentials may be sent over an external HTTP connection even though the Web publishing rule that processes the request is configured for “SSL required”. This problem may create a security issue because Basic credentials are Base64-encoded. If Basic credentials are sent over an HTTP connection, they may be read as clear text and decoded.
Title: 824246 “Response with Cache-Control: s-maxage=0 does not expire immediately”
Hotfix: 1200.281
Link: http://support.microsoft.com/?id=824246
Files: -Jul-2003 18:42 3.0.1200.281 178,448 Mspadmin.exe
10-Jul-2003 18:41 3.0.1200.281 103,184 Msphlpr.dll
10-Jul-2003 18:41 3.0.1200.281 392,464 W3proxy.exe
10-Jul-2003 18:41 3.0.1200.281 299,280 Wspsrv.exe
Summary: If you use Internet Security and Acceleration (ISA) Server 2000 in either a Web publishing scenario or a Web proxy scenario, ISA Server may not immediately expire a response that contains the Cache-Control: s-maxage=0 header. This header is used to tell a proxy server not to use an entry after it is delivered to the requesting client unless it first revalidates the entry with the origin server. A value of 0 means that the cached response should expire immediately.
Scott Jiles is an Escalation Engineer with Microsoft PSS
