ISA Server 2004 client computers may experience an excessive delay before their connection requests are served

SYMPTOMS

Consider the following scenario:

• You have an upstream firewall or proxy server that does not close a TCP session that is established by using a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.
• The firewall or the proxy server does not respond to additional requests to use the TCP session.

In this scenario, ISA Server 2004 client computers may experience an excessive delay before their connection requests are served. The ISA Server client computers may receive an error message if they cannot connect to an ISA Server computer through a firewall or through a proxy server.

CAUSE

This problem occurs if the upstream firewall or proxy server does not act in compliance with Request for Comments (RFC) 793, "Transmission Control Protocol" and drops connections. The behavior can cause the ISA Server client computers to experience an excessive delay during content access or during error messaging.

This problem occurs even though the following conditions are true:

• The ISA Server computer works according to design specifications at the Winsock level.
• The operating system TCP/IP stack enforces strict compliance with RFC 793.

For the solution, check out: http://support.microsoft.com/default.aspx?scid=kb;...

HTH,

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
Email: [email protected]
MVP — ISA Firewalls