ISA Fixes Post Feature Pack 1


ISA Fixes Post Feature Pack 1


By Scott Jiles


 


Title: 331062 Running ISA Server on Windows Server 2003


Hotfix: 1200.255


Link: http://support.microsoft.com/?id=331062


Files: 11-Feb-2003 23:24 3.0.1200.255 8,976 Bwcpmon.dll


Files: 14-Feb-2003 01:41 3.0.1200.255 30,992 Bwserver.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 60,688 Fltrsnk1.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 85,264 H323fltr.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 5,904 Hfperf.dll


Files: 28-Feb-2003 21:23 3.0.1200.255 34,064 Hotfix_res.dll


Files: 16-Feb-2003 19:47 3.0.1200.255 5,904 Hotfix_utl.dll


Files: 11-Feb-2003 23:22 3.0.1200.255 1,821,968 Msfpccom.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 2,570,000 Msfpcsnp.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 178,448 Mspadmin.exe


Files: 11-Feb-2003 23:23 3.0.1200.255 41,296 Mspfltex.sys


Files: 11-Feb-2003 23:23 3.0.1200.255 101,136 Msphlpr.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 16,656 Mspmon.dll


Files: 05-Feb-2003 21:28 3.0.1200.255 501 Os.map


Files: 11-Feb-2003 23:24 3.0.1200.255 34,064 Socksflt.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 6,416 Socksprf.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 390,928 W3proxy.exe


Files: 11-Feb-2003 23:24 3.0.1200.255 6,928 Wspperf.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 298,768 Wspsrv.exe


Summary: The following updates are required for Internet Security and Acceleration (ISA) Server 2000 to function correctly on computers running Windows Server 2003:




  • ISA Server Service Pack 1 (SP1)



  • The ISA Server 2000 Required Updates for Windows Server 2003 package


  • ISA Server is supported on all versions of Windows Server 2003 except Windows Server 2003, Web Edition.


     


    Title: 331065 MS03-009: A Problem in the ISA Server DNS Intrusion Detection Filter May Cause Denial of Service


    Hotfix: 1200.256


    Link: http://support.microsoft.com/?id=331065


    Files: 9-Mar-2003 11:55 3.0.1200.256 77,072 Issfltr.dll


    Summary: A problem may occur on an Internet Security and Acceleration (ISA) Server 2000-based computer during the processing of incoming Domain Name System (DNS) requests that are sent to a published internal DNS server.

    A successful attack against the ISA Server-based computer requires a malicious DNS request. An attacker might be able to exploit the vulnerability by sending a specially formed request to an ISA Server-based computer that is publishing a DNS server. This might then result in a denial of service to the published DNS server. If this occurs, all future incoming DNS requests to the ISA Server-based computer are stopped at the firewall, and are not passed to the internal DNS server. All other ISA Server functionality is unaffected.


     


    Title: 331066 MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service


    Hotfix: 1200.257


    Link: http://support.microsoft.com/?id=331066


    Files: 20-Mar-2003 14:56 3.0.1200.257 178,448 Mspadmin.exe


    Files: 20-Mar-2003 14:55 3.0.1200.257 101,136 Msphlpr.dll


    Files: 20-Mar-2003 14:55 3.0.1200.257 391,440 W3proxy.exe


    Files: 20-Mar-2003 14:55 3.0.1200.257 298,768 Wspsrv.exe


    Summary: Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.

    The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.

    A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.


     


    Title: 816621 FIX: Message Screener Causes Handle Leak in Lsass.exe


    Hotfix: 1200.258


    Link: http://support.microsoft.com/?id=816621


    Files: 23-Mar-2003 18:32 3.0.1200.258 60,688 Fltrsnk1.dll


    Summary: You cannot run reports in Internet Security and Acceleration (ISA) Server 2000, and the following event ID message is logged in the event log:



    Event Type: Error
    Event Source: Microsoft ISA report generator Event
    Category: None
    Event ID: 21026
    Date: 2002-10-13
    Time: 00:50:00
    Description: The action to create the scheduled report, “Weekly Report”, with the specified credentials, failed. The error code in the Data area of the event properties indicates the cause.
    Data: 0000: 0d 00 00 00


    To get the Win32 error for the status code 13 (0x0d) in the Data field of the event, type the following line at a command prompt:

    net helpmsg 13

    This command returns the following output:


    The data is invalid


    Note This problem occurs only if ISA Server and the ISA Server SMTP Message Screener (Fltrsnk1.dll) are installed and running on the same computer. To verify that the message screener is installed, follow the steps in the “More Information” section of this article.


     


    Title: 331067 FIX: ISA Reports May Contain Negative Numbers in the ‘All Others’ Row


    Hotfix: 1200.259


    Link: http://support.microsoft.com/?id=331067


    Files: 26-Mar-2003 13:34 3.0.1200.259 792,848 Sumgen.dll


    Summary: When you view HTML reports, Internet Security and Acceleration (ISA) Server report may show large negative numbers in the All Others row and percentage numbers that do not add up to 100 percent. The report may also include rows with duplicate key names. This may occur when you view reports that are generated from monthly or yearly summary files. Reports that are generated from daily summary files do not have the problem. The default number of daily summaries saved is 36.


     


    Title: 817829 FIX: Passive Mode FTP May Break with Multiple IP Addresses on External Interfaces


    Hotfix: 1200.260


    Link: http://support.microsoft.com/?id=817829


    Files: 02-Apr-2003 11:52 3.0.1200.260 19,216 Ftpfltr.dll


    Summary: Internal SecureNAT and Internet Security and Acceleration Server (ISA) Firewall clients may not open the FTP data connection to an FTP server that is using passive mode FTP (PASV). The FTP server may return one of the following error messages:


    426 Connection closed; transfer aborted.


    -or-


    425 Can’t open data connection.


    In some circumstances, the FTP client may seem to stop responding (hang) or time out. FTP clients that use active mode FTP (PORT) work without error.


     


    Title: 810561 RemoveAllProxyAuthorization Not Applied to SSL Tunneling (CONNECT)


    Hotfix: 1200.261


    Link: http://support.microsoft.com/?id=810561


    Files: 02-Apr-2003 17:04 3.0.1200.261 178,448 Mspadmin.exe


    Files: 02-Apr-2003 17:04 3.0.1200.261 101,136 Msphlpr.dll


    Files: 02-Apr-2003 17:03 3.0.1200.261 391,440 W3proxy.exe


    Files: 02-Apr-2003 17:04 3.0.1200.261 298,768 Wspsrv.exe


    Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser when you connect to secure HTTPS sites.

    These symptoms may occur if the downstream ISA Server computer is configured to require Integrated proxy authentication and if the upstream Web proxy server is either configured to allow anonymous access or require proxy authentication (typically Basic proxy authentication). This problem occurs most frequently if you connect to a secure HTTPS site that uses a combination of HTTP and HTTPS links.


     


    Title: 810493 INFO: Update Rollup for ISA Server Services


    Hotfix: 1200.264


    Link: http://support.microsoft.com/?id=810493


    Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


    Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


    Summary: Microsoft has released an Update Rollup Package for Microsoft ISA Server 2000 that corrects the problems that are described in the following Microsoft Knowledge Base articles:



    810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP Protocols


    331068 FIX: ISA Firewall Causes Handle Leak in LSASS


    813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions


     


    Title: 810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP


    Hotfix: 1200.264


    Link: http://support.microsoft.com/?id=810559


    Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


    Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


    Summary: When you use Server Publishing UDP Protocols (for example, DNS Query), you may notice a variety of problems:




  • A lot of performance problems.



  • You cannot connect to the published DNS server externally.



  • The server may also stop responding after some days and the only resolution is to restart the computer.


  • Typically, these problems occur when you use Server Publishing DNS Query protocols where requests to the published DNS server from external sources receive a response only after a long delay, or not at all (the request does not succeed).


     


    Title: 331068 FIX: ISA Firewall Causes Handle Leak in LSASS


    Hotfix: 1200.264


    Link: http://support.microsoft.com/?id=331068


    Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


    Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


    Summary: Internet Security and Acceleration (ISA) Server Firewall service may slow down or stop responding to client requests.

    This behavior occurs under the following configuration:




  • The internal clients are running the ISA Server Firewall client.

    -and-
     



  • The ISA Server has access policies defined that require user authentication. This might be Protocol rules or Site and Content rules that apply to specific users or groups.





     


  • Title: 813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions


    Hotfix: 1200.264


    Link: http://support.microsoft.com/?id=813864


    Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


    Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


    Summary: When you use Content Types (HTTP Content) in Site and Content Rules to deny or allow requests for downloading specific files (for example, .exe files), ISA Server does not deny or allow the request if you only have the file name extension (for example, .exe) configured in the appropriate Content Group.

    This problem occurs only when you serve outgoing HTTP request through ISA Server.


     


    Title: 816828 “Permission Denied” Error Message When You Use Rlogin to Log On to a


    Hotfix: 1200.264


    Link: http://support.microsoft.com/?id=816828


    Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


    Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


    Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


    Summary: When you try to use an rlogin connection through Microsoft Internet Security and Acceleration (ISA) Server 2000 to log on to a server on the Internet (for example, to an AIX400 server), you may receive the following error message:


    Permission Denied


     


    Title: 815051 The Firewall Client Does Not Support the ConnectEx and WSARecvMsg APIs


    Hotfix: 1200.265


    Link: http://support.microsoft.com/?id=815051


    Files: 20-Apr-2003 14:12 3.0.1200.265 97,552 Wspwsp.dll


    Summary: When you use the Firewall client on either Microsoft Windows XP or Microsoft Windows Server 2003, some Winsock applications may not work through ISA Server 2000. For example, Remote Procedure Call (RPC) applications that are using Winsock may not connect through ISA Server 2000. You do not see this issue with Microsoft Windows 2000 or earlier versions of Microsoft Windows when you are running the Firewall client.


     


    Title: 331069 Hotfix to Permit URL Path Redirection in Web Publishing Rules


    Hotfix: 1200.266


    Link: http://support.microsoft.com/?id=331069


    Files: 08-May-2003 21:24 3.0.1200.266 178,448 Mspadmin.exe


    Files: 08-May-2003 21:23 3.0.1200.266 103,184 Msphlpr.dll


    Files: 09-May-2003 00:45 1.0 19,572 Pathmappingeditor.hta


    Files: 08-May-2003 21:23 3.0.1200.266 391,440 W3proxy.exe


    Files: 08-May-2003 21:24 3.0.1200.266 299,280 Wspsrv.exe


    Summary: When you use Web Publishing Rules to publish an internal Web site, you cannot redirect the URL path to a different path on the internal Web server.


     


    Title: 818621 No Links to Navigate Up Through Directory Levels in FTP Sites When Accessed Through Internet Explorer


    Hotfix: 1200.268


    Link: http://support.microsoft.com/?id=818621


    Files: 05-13-2003 15:38 3.0.1200.268 178,448 Mspadmin.exe


    Files: 05-13-2003 15:38 3.0.1200.268 391,952 W3proxy.exe


    Files: 05-13-2003 15:38 3.0.1200.268 299,280 Wspsrv.exe


    Files: 05-13-2003 15:38 3.0.1200.268 103,184 Msphlpr.dll


    Summary: When you view File Transfer Protocol (FTP) sites in Microsoft Internet Explorer, you may notice that there are no links to navigate up through directory levels to the parent directory in the FTP site.


     


    Title: 821098 FIX: Content Cache Issues on Downstream ISA Server Computer


    Hotfix: 1200.269


    Link: http://support.microsoft.com/?id=821098


    Files: 16-May-2003 09:38 3.0.1200.269 178,448 Mspadmin.exe


    Files: 16-May-2003 09:38 3.0.1200.269 103,184 Msphlpr.dll


    Files: 16-May-2003 09:37 3.0.1200.269 391,952 W3proxy.exe


    Files: 16-May-2003 09:38 3.0.1200.269 299,280 Wspsrv.exe


    Summary: This article discusses problems that you may experience when you cache Hypertext Transfer Protocol (HTTP) content on a downstream Internet Security and Acceleration (ISA) Server. In these scenarios, all the following configuration conditions apply:




  • The downstream ISA Server computer does not request authentication.



  • The downstream ISA Server computer is chaining to an upstream proxy server and you have not set the connection user in the Routing rule of the downstream server.



  • The upstream proxy server requests authentication.





     


  • Title: 816454 Proxy Service Logs an Event ID 14146 Message After Link Translation


    Hotfix: 1200.271


    Link: http://support.microsoft.com/?id=816454


    Files: 25-May-2003 13:19 3.0.1200.271 34,064 Lnktrans.dll


    Summary: After you install Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1 and you turn on the Link Translation filter that is included Feature Pack 1, when you start the Web Proxy service, some link translation rules may not work and the following event ID message may be logged:



    Event Type: Error
    Event Source: Microsoft Web Proxy
    Event Category: None
    Event ID: 14146
    Description: ISA Server failed to load Web Filter DLL C:\Program Files\Microsoft ISA Server\\LnkTrans.dll. The error code shown in the Data area of the event properties indicates the cause of the failure.


     


    Title: 818136 Web Proxy Service May Crash When It Processes a Redirect Action


    Hotfix: 1200.276


    Link: http://support.microsoft.com/?id=818136


    Files: 12-Jun-2003 07:37 3.0.1200.276 178,448 Mspadmin.exe


    Files: 12-Jun-2003 07:37 3.0.1200.276 103,184 Msphlpr.dll


    Files: 12-Jun-2003 07:36 3.0.1200.276 391,952 W3proxy.exe


    Files: 12-Jun-2003 07:37 3.0.1200.276 299,280 Wspsrv.exe


    Summary: The Web proxy service (W3proxy.exe) may crash (that is, experience an access violation) when it processes an HTTP redirect action on a site and content rule that denies access


     


    Scott Jiles is an Escalation Engineer with Microsoft PSS.


     

    About The Author

    Leave a Comment

    Your email address will not be published. Required fields are marked *

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

    Scroll to Top