This post refers to an interesting problem regarding the “no available ports” error sometimes seen on hammered ISA firewalls. The first post describes the ISA firewall admin’s problem and the second post describes a possible solution.
===============================
Every six weeks or so, I have had a strange problem that only happens to one of two ISA 2004 servers. It starts loosing connectivity slowly and then crashes completely. We have to restart the server and then everything is fine.
Since the last crash, I was able to log that I have actually run out of sockets. Is there a fix?
The Web Proxy filter failed to create a network socket because there are no available ports on this computer. ISA Server already reset the maximal port number to 65535. Make sure this is the value at HKLM\System\CurrentControlSet\Services\TcpIp\Parameters\MaxUsePort and restart the computer to apply this change.
I do have that registry setting. Am I running out of sockets? Any explanation?
=================================
May be a solution for this problem.
Try lowering the TcpTimedWaitDelay to 30, which means that the connections will stay in TIMED_WAIT state for only 30 seconds instead of 240. This lowers the chance of the same port being reused by TCP.
Here are a couple of links about the matter:
http://www.winguides.com/registry/display.php/878/
http://technet2.microsoft.com/WindowsServer/en/Library/38b8bf76-b7d3-473c-84e8-e657c0c619d11033.mspx
This is Ori Yosef’s [MSFT] solution, from microsoft.public.isa (msnews.microsoft.com NNTP server)
I tried it, and my ISA Server worked without any errors more then 5 day’s.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP — ISA Firewalls