ISA Server 2000 Fixes (July 2003)


ISA 2000 Hotfixes


(July 2003)


compiled by


Scott Jiles


Table of Contents


ISA 2000 Hotfixes:



  • ISA 2000 Fixes Before SP1



  • ISA 2000 Fixes in Service Pack 1



  • ISA 2000 Post-SP1 Hotfixes



  • ISA Fixes Post Feature Pack 1


NOTE: Click HERE for alternate formatting of this article.


ISA 2000 Fixes Before SP1


Title: 283213 Blocking and Logging Traffic on ISA Server Internal Interfaces


Hotfix: 1200.51


Link: http://support.microsoft.com/?id=283213


Files: mspfltex.sys (41,904 bytes) Friday, December 29, 2000, 1:00:20 PM


Summary: By default, Internet Security and Acceleration (ISA) Server 2000 does not apply packet filtering to the internal interfaces (as determined by the local address table). If you want to filter traffic on those interfaces, use the methods that are described in the “More Information” section of this article.


Title: 285807 Rule Fields in Firewall Log Are Sometimes Not Logged Properly


Hotfix: 1200.54


Link: http://support.microsoft.com/?id=285807


Files: wspsrv.exe (292,112 bytes) Wednesday, January 17, 2001, 9:12:04 AM


Summary: A problem in the Internet Security and Acceleration (ISA) Server 2000 firewall logging module prevents the logging of the “Rule#1” and “Rule#2” fields for certain User Datagram Protocol (UDP) traffic, even if you select these fields in the logging configuration dialog box.


Title: 288247 Access Violation in Mspadmin.exe with ISA Server with Multiple IP Addresses on an External Interface


Hotfix: 1200.55


Link: http://support.microsoft.com/?id=288247


Files: bwserver.dll (29,968 bytes) Sunday, March 11, 2001, 3:37:22 PM


Summary: This issue applies to active interfaces; if your configuration does not match the table above and the ISA Server services start but a user later creates a virtual private network (VPN) connection to the server that is running ISA Server, or if the ISA Server computer dials out with VPN or a modem, causing it to have an additional IP address, the ISA Server services may stop working.


Title: 292014 Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule


Hotfix: 1200.56


Link: http://support.microsoft.com/?id=292014


Files: 3/13/2001 4:37PM 3.0.1200.56 216,336 Smtpfadm.dll


Summary: 305012 How to Remove Corrupt Entries from the SMTP Filter. http://support.microsoft.com/?id=305012


If you disable and then later remove (or delete) an SMTP Filter Attachment rule, it may not be removed from the tool. Instead, it may become corrupted. When this occurs, you cannot edit or remove the rule, and an entry that appears as a “disabled” icon appears, but the text title and description fields for the rule are blank.


Title: Q291427 Only the First Web Site Is Returned Using Web Publishing for Multiple Sites


Hotfix: 1200.57


Link: http://support.microsoft.com/?id=291427


Files: 3/21/2001 3:28PM 3.0.1200.57 373,008 W3proxy.exe


Summary: Internet Security and Acceleration (ISA) Server may return only the Web site that is specified in the first publishing rule in the Web publishing rules list. This behavior can occur if all of the following conditions exist:




· You use Web publishing to publish two or more Web sites, each using a different IP address on the external ISA Server interface.


· None of the external IP addresses have host names associated with them on the DNS server that ISA Server uses for name resolution.


· The external Web browser sends a request by using any IP address (only the IP address, not the fully qualified domain name [FQDN]) other than the one that is listed first in the Web publishing list.


This is likely to occur in laboratory environments in which it is common to test Web publishing by using only IP addresses, and it is also common to not have host names registered for every IP address in use.


Title: 292018 Slow Response from Downstream ISA Server Using Web Proxy Chaining


Hotfix: 1200.57


Link: http://support.microsoft.com/?id=292018


Files: 3/21/2001 3:28PM 3.0.1200.57 373,008 W3proxy.exe


Summary: When clients that use a downstream Internet Security and Acceleration (ISA) Server service for Web proxy request a Web site on the Internet, the downstream ISA Server may take a long time to respond. This issue can occur if the following conditions exist:


· A downstream ISA Server server is configured to chain Web proxy requests to the upstream server.

-and-

The DNS server that ISA Server is configured to use is unable to resolve all possible name resolution requests, which may include names on the internal and external network (intranet and Internet).


· There is a Site and Content rule that applies to any destination type other than “All destinations.”

-or-


· There is a Web Publishing rule that applies to any destination type other than “All destinations.”


Title: Q290731 Firewall Service (Wspsrv.exe) Problems with High S-NAT Client Load


Hotfix: 1200.58


Link: http://support.microsoft.com/?id=290731


Files: 3/19/2001 10:56AM 3.0.1200.58 292,112 Wspsrv.exe


Summary: Many S-NAT socket mappings are created under heavy load, which can lead to heap corruption. This is caused by the double deletion of an S-NAT socket mapping because of a race condition in the threads that delete these mappings.

A race condition is a situation in a multiple-threaded environment in which the result of the execution depends on the order of execution among the threads. In such cases, if thread A wins the race it produces one result, but if thread B wins, it produces another result. The speed of each thread depends on the tasks each thread is performing, context-switches, page faults, and so on.

This issue could be caused by a program (or multiple programs) that sends many UDP or TCP packets to multiple destinations, all with ports that are primary UDP or TCP ports.


Title: 291000 External MAPI Clients Cannot Connect with RPC


Hotfix: 1200.59


Link: http://support.microsoft.com/?id=291000


Files: 3/19/2001 11:00AM 3.0.1200.59 43,280 Rpcfltr.dll


Summary: When you are using Server Publishing in Internet Security and Acceleration (ISA) Server 2000 to publish an RPC server (by using either the “Any RPC Server” or “Exchange RPC Server” protocol definition), external Microsoft Windows 2000-based clients can connect to the RPC server behind ISA Server 2000, but clients that are running Microsoft Windows NT 4.0, Microsoft Windows 98, Microsoft Windows 95, or Microsoft Windows Millennium Edition (Me) cannot connect. The error message that is received on the client varies depending on the RPC client program that is being used.


Title: Q292546 Firewall Service (Wspsrv.exe) Hangs When Handling RTSP Streams


Hotfix: 1200.60


Link: http://support.microsoft.com/?id=292546


Files:


Summary: When ISA Server serves a Real-Time Streaming Protocol (RTSP) connection that uses TCP/IP for the stream data, the ISA Server Firewall service may stop responding (hang).


Title: 293161 “STOP 0x000000D1” When Passing Fragmented Packets Without NAT


Hotfix: 1200.61


Link: http://support.microsoft.com/?id=293161


Files: 7/01/2001 11:06:42 3.0.1200.61 41,904 Mspfltex.sys


Summary: If the Network Address Translation (NAT) driver on an Internet Security and Acceleration (ISA) Server-based server is stopped and the data that is being sent outbound is larger than the Maximum Transmission Unit (MTU) setting, fragmented packets pass through ISA Server, which may cause the following error message on a blue screen:


STOP 0x000000D1 (0x0000010e, 0x00000002, 0x00000000, 0xbfee8c70) DRIVER_IRQL_NOT_LESS_OR_EQUAL error code.


When this occurs, the following Event log entry is generated:


Event Type: Information
Event Source: Save Dump
Event Category: None
Event ID: 1001
Date:
Time:
User: N/A
Computer:
Description:
The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000010e, 0x00000002, 0x00000000, 0xbfee8c70). Microsoft Windows 2000 [v15.2195]. A dump was saved in: %SystemRoot%\MEMORY.DMP.


Title: Q293863 Multiple Overdue Tasks Are Run and Alerts Are Issued for a Short Period


Hotfix: 1200.62


Link: http://support.microsoft.com/?id=293863


Files: Apr 4, 2001 14:13:32 3.0.1200.62 211,216 Msfpc.dll


Summary: On an ISA Server-based computer that has been running for more than 49 days, you may notice one or more of the following symptoms that last for a short duration:


· Some alerts may be triggered over and over again.


· Hundreds of LDAP queries each second may be sent to the Active Directory.


· The creation of ISA log files may stop.


Title: Q295279 Web Proxy Service Crashes If URL Requests a Specifically Malformed


Hotfix: 1200.63


Link: http://support.microsoft.com/?id=295279


Files: 4/3/01 3.0 12:27PM 373,008 W3proxy.exe


Summary: When an incoming Web request is made to a computer that is running Internet Security and Acceleration (ISA) Server and is publishing a Web page by using Web Publishing, the Web Proxy service may stop and an access violation may occur.


Title: 297080 Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is Chained to Upstream Proxy


Hotfix: 1200.64


Link: http://support.microsoft.com/?id=297080


Files: 5/6/2001 02:03PM 3.0.1200.64 373,520 W3proxy.exe


Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser.

These symptoms may occur if the downstream ISA Server computer is configured to require integrated authentication and if the upstream Web proxy server is also configured to require proxy authentication. In addition, the Routing rule on the downstream ISA Server computer is configured to provide Basic Authentication credentials to the upstream Web proxy server.

This behavior does not occur if the downstream ISA Server computer is not configured to provide any credentials or if it is configured to provide Integrated Authentication credentials to the upstream Web proxy server.


Title: 295090 Access Violation in W3proxy.exe Because of HTTP VARY Header Processing


Hotfix: 1200.64


Link: http://support.microsoft.com/?id=295090


Files: 5/6/2001 02:03PM 3.0.1200.64 373,520 W3proxy.exe


Summary: When an outgoing HTTP request is made through Internet Security and Acceleration (ISA) Server, an access violation may occur in W3proxy.exe, causing the Web Proxy service to terminate.


Title: Q301425 ISA Server Does Not Cache Responses That Contain the Location Header


Hotfix: 1200.65


Link: http://support.microsoft.com/?id=301425


Files: 6/12/2001 13:14:32 3.0.1200.65 373,520 W3proxy.exe


Summary: Internet Security and Acceleration (ISA) Server does not cache responses that contain the Location header. (For example, in a Network Monitor trace, under the HTTP protocol in the headers section: Location:Http://domain.com).

Location headers are sometimes used in links that redirect a user to a site based on certain criteria. The link itself may contain only parameters for a query that is run on the Web server. The response to that query is an URL to which the user is being redirected. This URL is sent to the browser as a Location header, the browser then goes to that location.

With ISA Server, the problem can occur if the caching options are set to cache all content including dynamic content and a scheduled content download job is set to download and cache such a site; the links that return location headers are not cached, even though the sites that are returned by the links are cached (provided that the download job specifies the proper depth of links to follow). When such a site is later accessed, ISA Server needs to access the original link and gets the response (the Location header). The site that is referenced in the response is served from the cache.

It may be appropriate in certain situations for ISA Server never to contact the original site but only to serve content from cache. The hotfix that is listed in this article makes ISA Server cache responses that contain Location headers as well.


Title: Q297324 Multiple Authentication Dialog Boxes Are Displayed When You Use Access Control


Hotfix: 1200.65


Link: http://support.microsoft.com/?id=297324


Files: 06/12/2001 06:14 3.0.1200.65 373,520 W3proxy.exe


Summary: When a destination set is configured, the client receives an HTTP 407 error for each domain that is restricted. As a result, the client browser is prompted for authentication. If the destination that is set is restricted to a domain that contains multiple links to other domains, an authentication dialog box appears for each unauthorized link.


Title: Q300707 Invalid Content-Length Header May Cause Requests to Fail Through ISA


Hotfix: 1200.65


Link: http://support.microsoft.com/?id=300707


Files: 06/12/2001 06:14 3.0.1200.65 373,520 W3proxy.exe


Summary: When you send a HTTP POST request from a Web browser through Internet Security and Acceleration (ISA) Server 2000, you may receive the following error message in the Web browser:



HTTP/1.1 400 Bad Request (The data is invalid).


This error message may be the only response that is displayed in the Web Browser, or it may be displayed together with the correct response in the same HTML page.

This error message may be displayed in both a Web publishing scenario or for Web proxy clients behind ISA Server that are accessing Web servers on the Internet.


Title: Q295386 PDF Files Are Not Returned from the ISA Server Cache


Hotfix: 1200.66


Link: http://support.microsoft.com/?id=295386


Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe


Summary: When you open Adobe Acrobat PDF documents, Internet Security and Acceleration (ISA) Server saves them to the cache. However, subsequent requests for the same documents are not served from the cache, but are instead retrieved again from the original source.

The Web proxy logs show that the PDF documents are coming from the intranet (an inet entry in the log, rather than a cache or vcache entry).

The Cachedir.exe utility that is included with the ISA Server CD-ROM shows that the PDF documents are actually in the cache. However, when the client makes the request, ISA Server retrieves them from the intranet. Note that for all other matters, the ISA Server cache appears to work well.


Title: Q294722 Proxy Error 502 Is Returned by ISA Server Under Heavy Stress


Hotfix: 1200.66


Link: http://support.microsoft.com/?id=294722


Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe


Summary: Under stress, the following error responses may be returned to the client occasionally:


502 Proxy Error (Software caused the connection to abort)
502 Proxy Error (Network logon failed)


Title: Q301380 Some Server Variables Are Not Fully Implemented in ISA Server


Hotfix: 1200.66


Link: http://support.microsoft.com/?id=301380


Files: July 1, 2001 14:26:12 3.0.1200.66 381,200 W3proxy.exe


Summary: An ISA Server Web filter that is using one or more of the following variables will not work correctly:


· CERT_FLAGS


· CERT_ISSUER


· CERT_KEYSIZE


· CERT_SECRETKEYSIZE


· CERT_SERIALNUMBER


· CERT_SERVER_ISSUER


· CERT_SERVER_SUBJECT


· CERT_SUBJECT


· HTTPS_KEYSIZE


· HTTPS_SECRETKEYSIZE


· HTTPS_SERVER_ISSUER


· HTTPS_SERVER_SUBJECT


Title: 303379 Firewall Client Conflict with Third-Party Layered Service Providers


Hotfix: 1200.67


Link: http://support.microsoft.com/?id=303379


Files: Stpext32.dll Monday, July 23, 2001, 2:33:26 PM (132,368 bytes)


Files: Wspwsp.dll Sunday, July 01, 2001, 4:55:50 PM (94,480 bytes)


Summary: After you install a third-party program (such as the NewDot and Babylon clients) on a computer that is running the Internet Security and Acceleration (ISA) Server Firewall client software, you may experience problems with network connectivity, slow loading of the operating system and error messages on blue screens or STOP error messages. The same problem may also occur if the ISA Server Firewall client is installed after the third party client or provider.


Title: 295388 Access Violation Occurs in Your Firewall Client When It Is Under a High


Hotfix: 1200.67


Link: http://support.microsoft.com/?id=295388


Files: Stpext32.dll Monday, July 23, 2001, 2:33:26 PM (132,368 bytes)


Files: Wspwsp.dll Sunday, July 01, 2001, 4:55:50 PM (94,480 bytes)


Summary: When the firewall client is set for automatic discovery of Internet Security and Acceleration (ISA) Server, if two or more simultaneous requests for creation of sockets are generated by a program or programs on the client computer, an access violation error message may occur in Wspwsp.dll.


Title: 295389 Scripts Can Be Run in the Error Page That Is Returned by ISA Server


Hotfix: 1200.68


Link: http://support.microsoft.com/?id=295389


Files: 09-Aug-2001 15:15 3.0.1200.68 208,656 H323asn1.dll


Files: 15-Aug-2001 16:48 3.0.1200.68 shp 381,200 W3proxy.exe


Summary: If you click a link (or URL) to a page that includes script code that for any reason generates an error, the error message from Internet Security and Acceleration (ISA) Server contains the original script from the link and it runs in your Web browser.

This is a cross-site scripting vulnerability that affects the error page that ISA Server generates in response to a request for a non-existent page or an unsuccessful connection attempt to a page. As with all cross-site scripting vulnerabilities, this vulnerability could enable an attacker to either run script in the security domain of another, presumably trusted, Web site, or to access cookies that a site had written to a your computer.


Title: 289503 Memory Leak in ISA Server H.323 Gatekeeper Service and Winsock Proxy


Hotfix: 1200.68


Link: http://support.microsoft.com/?id=289503


Files: 09-Aug-2001 15:15 3.0.1200.68 208,656 H323asn1.dll


Files: 15-Aug-2001 16:48 3.0.1200.68 381,200 W3proxy.exe


Summary: It is possible for a memory leak in the Internet Security and Acceleration (ISA) Server Gatekeeper service and Winsock Proxy service to be exploited to deplete resources on the server. If this were to occur, the server could become slow and services could become unresponsive.


Title: 305204 Clients That Use an Automatic Configuration Script May Not Work Because of Proxy Authentication


Hotfix: 1200.69


Link: http://support.microsoft.com/?id=305204


Files: Aug-26-2001 17:34:46 3.0.1200.69 381,712 W3proxy.exe


Summary: Browser clients that are configured to use the default “Automatic Configuration Script” in ISA Server or “Automatically Detect Settings”, may be unable to obtain access to Web sites through the Web Proxy service in ISA Server if it is configured to require proxy authentication.

The clients do not work only if proxy authentication is enforced on the ISA Server by selecting Ask unauthenticated users for identification under the Outgoing Web Requests tab. Also, the client must be requesting the automatic configuration script or the Wpad.dat file (from Automatically Detect Settings) from the TCP port that is specified on the Outgoing Web Requests tab.

If proxy authentication is instead enforced by site and content rules or protocol rules, the clients can obtain access to Web sites without any issues. Similarly, if the browser clients request the automatic configuration script or the Wpad.dat file from the auto discovery TCP port instead of the TCP port that is specified on the Outgoing Web Requests tab, access to Web Sites works correctly.


Title: 304340 The ISA Server Response to Client Options Requests Is Limited to a Predefined Set


Hotfix: 1200.69


Link: http://support.microsoft.com/?id=304340


Files: Aug-26-2001 17:34:46 3.0.1200.69 381,712 W3proxy.exe


Summary:


Title: 307784 Server Publishing Rules Intermittently Fail


Hotfix: 1200.70


Link: http://support.microsoft.com/?id=307784


Files: Sep-23-2001 16:04 3.0.1200.70 292,112 Wspsrv.exe


Summary: When you Web publish a Web Distributed Authoring and Versioning (WebDAV) folder, external clients may not be able to gain access to the folder.

The hotfix that is described in this article corrects a problem with Web publishing WebDAV folders with Internet Security and Acceleration (ISA) Server by allowing ISA Server to respond correctly to the Web browser by sending the actual Options that are sent by the WebDAV server.


ISA 2000 Fixes in Service Pack 1


313249 List of Bugs Fixed by Internet Security and Acceleration Server 2000


http://support.microsoft.com/?id=313249
















































































































































Q283213 Blocking and Logging Traffic on ISA Server Internal Interfaces


Q284835 Cannot Connect to the Enterprise Administration Console


Q285807 Rule Fields in Firewall Log Are Sometimes Not Logged Properly


Q285812 Cannot Configure or Use the SMTP Filter If the Decimal Symbol Is Not a


Q288247 Access Violation in Mspadmin.exe with ISA Server with Multiple IP


Q289503 Memory Leak in ISA Server H.323 Gatekeeper Service and Winsock Proxy


Q290731 Firewall Service (Wspsrv.exe) Problems with High S-NAT Client Load


Q291000 External MAPI Clients Cannot Connect with RPC


Q291427 Only the First Web Site Is Returned Using Web Publishing for Multiple


Q292010 High Memory Consumption by SMTP Message Screener Under Stress


Q292013 Unregistered Fltrsnk1.dll Starts with Inetinfo.exe


Q292014 Deleting Disabled SMTP Filter Attachment Rule Leaves Corrupted Rule


Q292018 Slow Response from Downstream ISA Server Using Web Proxy Chaining


Q292545 Autodetection Does Not Work for Chinese and Korean Versions of Browsers


Q292546 Firewall Service (Wspsrv.exe) Hangs When Handling RTSP Streams


Q293161 “STOP 0x000000D1” When Passing Fragmented Packets Without NAT


Q293863 Multiple Overdue Tasks Are Run and Alerts Are Issued for a Short Period


Q294722 Proxy Error 502 Is Returned by ISA Server Under Heavy Stress


Q295279 Web Proxy Service Crashes If URL Requests a Specifically Malformed


Q295388 Access Violation Occurs in Your Firewall Client When It Is Under a High


Q295389 Scripts Can Be Run in the Error Page That Is Returned by ISA Server


Q297080 Incomplete HTML Pages and Random Authentication Prompts If ISA Server Is


Q297324 Multiple Authentication Dialog Boxes Are Displayed When You Use Access


Q297515 All Requests from SecureNAT and Firewall Clients Are Denied


Q300707 Invalid Content-Length Header May Cause Requests to Fail Through ISA


Q301380 Some Server Variables Are Not Fully Implemented in ISA Server


Q301425 ISA Server Does Not Cache Responses That Contain the Location Header


Q301575 Clients Are Unable to Connect to an FTP Server that Is Published on the


Q303379 Firewall Client Conflict with Third-Party Layered Service Providers


Q303530 VPN Clients May Not Work on ISA Server Perimeter Networks


Q304340 The ISA Server Response to Client Options Requests Is Limited to a


Q305204 Clients That Use an Automatic Configuration Script May Not Work Because


Q306884 The Mspadmin.exe ISA Control Service Stops Responding When You Start the


Q307209 You May Not Be Able to Connect to SSL Published Web Sites with SGC


Q307524 Maximum of 14 Characters Are Allowed on the Credentials Tab for Report


Q307784 Server Publishing Rules Intermittently Fail


Q310362 Compressed Files Content Group Is Ignored


Q311011 ISA Server Control May Not Start to Log Errors in the Event Log


Q311777 How to Enable Translating Client Source Address in Server Publishing


Q312391 ISA Firewall Client Shows Connection to Server Name Instead of IP Address


Q312633 ISACTRL Service Does Not Start When You Enable or Disable Packet Filters


Q313056 A GET Request After a POST Request Does Not Work If There Is an Extra


Q313076 Change to the WebProxyPort Setting Is Not Written to Mspclnt.ini


Q313249 List of Bugs Fixed by Internet Security and Acceleration Server 2000


Q313338 Denied Web Proxy User Appears as “Anonymous” in the Logs


Q313341 Web Filter Order Changes Are Not Saved


Q313342 Problems with a Flood of Sockets for Primary NAT Connections


Q313343 ISA Server Firewall Chaining Can Cause Problems with FTP Access


Q313344 SMTP Filter Becomes Unstable When You Use Space in Keyword Name or


Q313345 SMTP Filter UI Displays Red X Instead of Rules


Q313346 Commas in URLs Are Logged in ISA Log Files


Q313347 Automatic Detection Causes the Program to Stop Responding for Several


Q313350 Problems When You Use a Server Publishing Rule that Uses a Protocol


Q313354 You Cannot Create Reports from Remote Administration


Q313355 Web Proxy Does Not Return Error Response from the Web Server


Q313356 FTP Client May Not Work When You Enable IP Routing on a Downstream ISA


Q313369 Sample ISAPI Filter in ISA Server SDK Causes Events to Be Logged


Q313375 Incorrect Site and Content Rule Behavior Occurs If Multiple Destinations


Q313396 Attachment Rules for SMTP Filter May Become Damaged


Q313410 RTP Streams Between ISA Servers and Cisco Routers Do Not Work


Q313419 You Can Retrieve Cached Content That Is Blocked by Using a Downstream


Q313430 You Do Not Receive a Warning Not to Install ISA Firewall Client on ISA


Q313431 “Access Denied” Error Message When You Try to Delete a Site and Content


Q313432 Destination Set Data in ISA Server 2000 May Be Damaged or Incorrect


Q313433 VPN Dial-up Connections Are Not Filtered by ISA Server


Q313461 Blocked Protocols Appear in ISA Reports


Q313525 Proxy-to-Proxy Authentication Does Not Work Between a Downstream ISA


Q314113 The Firewall Client May Not Work After You Reinstall the Client on a


Q314120 Client Computers May Be Displayed As “Unknown” in the Application Usage


Q314121 MMS and RTSP UDP Packets on the Secondary Channel Are Dropped


ISA 2000 Post-SP1 Hotfixes


Title: 318319 Access Violations Occur in the Web Proxy Service If an Impersonation Failure Occurs


Hotfix: 1200.170


Link: http://support.microsoft.com/?id=318319


Files: 27-Mar-2002 14:10 3.0.1200.170 383,760 W3proxy.exe


Summary: When users try to access resources in an outgoing Web Proxy or in a Web Publishing scenario, the Web Proxy service may generate an access violation error and stop responding if Proxy authentication is required globally, if Ask unauthenticated users for identification is enabled on the Outgoing Web Requests tab for the properties of the server, or if it is enabled specifically by access rules. Typically, the access violation error occurs only for users that are not a local administrator on the computer that is running Internet Server and Acceleration (ISA) Server. If local administrators try to access resources through the Web Proxy service, requests are served without any issues.


Title: 317822 FIX: Problems with Web Browser if ISA Server 2000 Is Chained to an Upstream Web Proxy Server


Hotfix: 1200.170


Link: http://support.microsoft.com/?id=317822


Files: 27-Feb-2002 14:10:00 3.0.1200.170 383,760 W3proxy.exe


Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may experience unexpected delays, incomplete pages, random authentication warning messages, and so forth, when you browse the Web.

This behavior does not occur if the upstream proxy server requires NTLM authentication and the routing rule on the downstream server is configured to provide Integrated Authentication credentials to the upstream Web proxy server.


Title: 317122 Web Proxy Sends TCP Reset Instead of Only Closing Session


Hotfix: 1200.170


Link: http://support.microsoft.com/?id=317122


Files: 27-Feb-02 13:10:39 3.0.1200.170 383,760 W3proxy.exe


Summary: You may receive the following error message in your Web browser program (such as Microsoft Internet Explorer, NetScape Navigator, and so on) when you are posting data to a Web site:


The connection was reset by the server


The browser clients are connecting to the Web sites through an Internet Security and Acceleration (ISA) Server Web proxy server. Subsequent attempts to repost the data may work.


Title: 318005 ISA Firewall Service Cannot Start with More Than 85 IP Addresses on the External Network Adapter


Hotfix: 1200.171


Link: http://support.microsoft.com/?id=318005


Files: 28-Feb-2002 09:21:34 3.0.1200.171 294,672 Wspsrv.exe


Summary: The Internet Security and Acceleration (ISA) Server Firewall service may not start if you add more than 85 IP addresses to the external network adapter. When you start your computer after you do so, you may see an event that is similar to the following event:


Event Type: Error
Event Source: Service Control Manager
Event ID: 7031
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action.


Title: 321846 Incorrect Canonicalization in Rules Engine


Hotfix: 1200.174


Link: http://support.microsoft.com/?id=321846


Files: 5-May-2002 11:30 3.0.1200.174 384,272 W3proxy.exe


Summary: Some specific URLs are not blocked by the Rules engine even when they are denied by a Site and Content rule. If a Site and Content rule exists that denies access to a specific destination such as www.example.com, a user can still visit that site if they type the destination in the following format:



www.example.com.


Note the period at the end of the domain name (also known as the “root” in DNS terms).


Title: 319374 Web Proxy Service Stops Responding


Hotfix: 1200.174


Link: http://support.microsoft.com/?id=319374


Files: 5-May-2002 11:30 3.0.1200.174 384,272 W3proxy.exe


Summary: When an Internet Security and Acceleration (ISA) Server-based computer that is Web publishing an SSL Web site receives an invalid SSL packet, the ISA Server Web Proxy service may crash, generate an access violation error message, and may stop providing services.


Title: 323889 Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attacker’s Choice


Hotfix: 1200.177


Link: http://support.microsoft.com/?id=323889


Files: 11-Jun-2002 13:08 3.0.1200.177 30,992 W3pinet.dll


Summary: A problem may occur on an Internet Security and Acceleration (ISA) Server-based or Proxy Server 2.0-based computer during the processing of Internet Gopher protocol requests. A typical Gopher request may look similar to this:



gopher://gopher.example.com:70/11/example%09%09%2b


When a malicious request is received, the ISA Server-based or Proxy Server 2.0-based computer may send back a response that is not valid, generate an access violation error message, and stop providing services.

A successful attack against the ISA Server-based or Proxy Server 2.0-based computer requires a malicious Gopher request. This request must originate from a valid user who is permitted by the firewall policy and that is received by the Web Proxy service. This means that a valid client would have to submit the initial request.


Title: 319376 How to Automatically Authenticate a User Against All Trusted Domains in


Hotfix: 1200.178


Link: http://support.microsoft.com/?id=319376


Files: 11-Jun-2002 18:38 3.0.1200.178 386,832 W3proxy.exe


Summary: When you use Basic authentication in Internet Security and Acceleration (ISA) Server to authenticate Web Proxy users, ISA does not automatically try to authenticate the user against all trusted domains when no domain name is specified by the user. This occurs even if a backslash (\) is specified as the default authentication domain under Basic authentication for the Web Proxy listener in question, as explained in the following Microsoft Knowledge Base article:



168908 How to Authenticate a User Against All Trusting Domains


Title: 319375 The CERT_CONTEXT Structure Variable Is Not Available for Web Filters in ISA


Hotfix: 1200.178


Link: http://support.microsoft.com/?id=319375


Files: 11-June-2002 18:38 3.0.1200.178 386,832 W3proxy.exe


Summary: When you try to write a Web filter for Internet Security and Acceleration (ISA) Server that does client certificate Certificate Revocation List (CRL) validation, you cannot use the CertVerifyRevocation application programming interface (API) because no CERT_CONTEXT structure server variable is available.


Title: 326116 FIX: Cannot Renew DHCP Assigned IP Address on External ISA Interface


Hotfix: 1200.179


Link: http://support.microsoft.com/?id=326116


Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe


Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll


Summary: On a computer running Internet Security and Acceleration Server, where the external interface is configured to have its IP address dynamically assigned from DHCP, you may not be able to renew the IP address on the interface.

For example, if you run ipconfig /release, followed by ipconfig /renew, from a command prompt, you may receive an error message similar to the following:


The following error occurred when renewing adapter MyAdapterName: DHCP Server unreachable


Additionally, you may not be able to turn off and turn on the external network adapter, or to automatically or manually change the assigned IP address on the external network adapter in ISA Server.

This problem also occurs when you have the DHCP Client Static Packet filter turned on in ISA Server.

The only way to renew the IP address is to temporarily turn off packet filtering or restart the computer running ISA Server.


Title: 321219 FIX: Server Publish May Fail on Dial-up Links


Hotfix: 1200.179


Link: http://support.microsoft.com/?id=321219


Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe


Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll


Summary: If you use ISA Server to server publish on a dial-up adapter link (such as an analog modem, ISDN, or ADSL), the server publish operation may fail. This problem may occur although you use a fixed IP address on the dial-up interface.

When you run netstat -an from a command prompt on the computer running ISA Server, you see that ISA Server is not listening on the published port on behalf of the published service. Because of this, no connections can be made to the server published service.

Typically, this problem occurs on a slow link such as an analog modem connection. However, it may occur when you use any type of dial-up adapter.

To get the server publishing rule to work, you must turn off and then turn on the server publishing rule, or you must stop and then restart the Firewall Service.


Title: 319378 ISA splits POSTs into multiple frames causing timeouts to some web


Hotfix: 1200.179


Link: http://support.microsoft.com/?id=319378


Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe


Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll


Summary: A client that is submitting form data through an ISA Server may experience a timeout or an erroneous error message upon submission of the form.


A network trace will reveal that, on the external interface of the ISA Server, the HTTP POST is split into two parts; additionally, the web server can be seen to respond to the first part before it has received and processed the second.


Title: 319377 FIX: ISA Server Blocks Incoming Traffic Although a Valid Server


Hotfix: 1200.179


Link: http://support.microsoft.com/?id=319377


Files: 24-Oct-2002 20:21 3.0.1200.179 176,912 Mspadmin.exe


Files: 24-Oct-2002 20:20 3.0.1200.179 388,368 W3proxy.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 297,232 Wspsrv.exe


Files: 24-Oct-2002 20:21 3.0.1200.179 99,600 Msphlpr.dll


Summary: ISA Server may temporarily block incoming traffic that is destined for a protocol that has a valid Server Publishing rule defined. This blockage typically does not occur for more than a few minutes.


Title: 313318 Cannot Relay Mail Through ISA Server If Authentication Is Required


Hotfix: 1200.180


Link: http://support.microsoft.com/?id=313318


Files: 22-Oct-2002 14:25:24 3.0.1200.180 60,176 Fltrsnk1.dll


Files: 22-Oct-2002 14:25:28 3.0.1200.180 93,968 Smtpfltr.dll


Summary: Clients that are outside an ISA server cannot relay mail through that ISA server. This problem may occur if external clients try to send mail to other external recipients.


Title: 331063 Macintosh Outlook Clients Cannot Connect to Exchange Server Through ISA


Hotfix: 1200.181


Link: http://support.microsoft.com/?id=331063


Files: 25-Nov-2002 05:19 3.0.1200.181 47,888 Rpcfltr.dll


Summary: When you use Internet Security and Acceleration Server (ISA) to publish an Exchange server and give external clients permission to connect to an internal Exchange server, x86-based Outlook clients can connect to the Exchange server, but Macintosh Outlook clients cannot connect to the Exchange server.


Title: 331064 FIX: ISA Reports May Span Unexpected Date Range or Show Incomplete Data


Hotfix: 1200.182


Link: http://support.microsoft.com/?id=331064


Files: 05-Feb-2003 13:28 501 Os.map


Files: 05-Feb-2003 13:59 3.0.1200.182 792,848 Sumgen.dll


Summary: Reports created on an ISA Server computer may span an unexpected date range or may show blank or incomplete data under certain conditions.


Title: 328705 FIX: ISA may show empty tables on the ‘Traffic & Utilization’ report


Hotfix: 1200.182


Link: http://support.microsoft.com/?id=328705


Files: 05-Feb-2003 13:28 501 Os.map


Files: 05-Feb-2003 13:59 3.0.1200.182 792,848 Sumgen.dll


Summary: Parts of the ISA ‘Summary’ and ‘Traffic and Utilization’ report may show tables that are empty or initialized to 0 for the first 12 days of the month.


Title: 319381 Server-Side Playlists Do Not Work with ISA Server


Hotfix: 1200.183


Link: http://support.microsoft.com/?id=319381


Files: 03-Nov-2002 10:48 3.0.1200.183 176,912 Mspadmin.exe


Files: 03-Nov-2002 10:48 3.0.1200.183 99,600 Msphlpr.dll


Files: 03-Nov-2002 10:48 3.0.1200.183 62,736 Strmfltr.dll


Files: 03-Nov-2002 10:47 3.0.1200.183 388,368 W3proxy.exe


Files: 03-Nov-2002 10:48 3.0.1200.183 297,232 Wspsrv.exe


Summary: When you use the Microsoft Media Server – Universal Datagram Protocol (MMSU) protocol from a Windows Media Player client that is behind an ISA Server computer, the Windows Media Player client may not work when it is connected to an external Windows Media Services resource that is hosting a server-side playlist and you try to move from one item in the server-side playlist to another.

You only see these symptoms when you connect to the server-side playlist host from a computer that is using the firewall client. Secure network address translation (SecureNAT) clients do not experience this issue.

Note that you only see the issue when you use MMSU to connect. If you instead use Microsoft Media Server – Transmission Control Protocol (MMST) to connect, you do not experience this issue. Also, the Windows Media Player client may not work if you connect by using Microsoft Media Server (MMS). By default, MMS tries MMSU first.


ISA Fixes Post Feature Pack 1


Title: 331062 Running ISA Server on Windows Server 2003


Hotfix: 1200.255


Link: http://support.microsoft.com/?id=331062


Files: 11-Feb-2003 23:24 3.0.1200.255 8,976 Bwcpmon.dll


Files: 14-Feb-2003 01:41 3.0.1200.255 30,992 Bwserver.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 60,688 Fltrsnk1.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 85,264 H323fltr.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 5,904 Hfperf.dll


Files: 28-Feb-2003 21:23 3.0.1200.255 34,064 Hotfix_res.dll


Files: 16-Feb-2003 19:47 3.0.1200.255 5,904 Hotfix_utl.dll


Files: 11-Feb-2003 23:22 3.0.1200.255 1,821,968 Msfpccom.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 2,570,000 Msfpcsnp.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 178,448 Mspadmin.exe


Files: 11-Feb-2003 23:23 3.0.1200.255 41,296 Mspfltex.sys


Files: 11-Feb-2003 23:23 3.0.1200.255 101,136 Msphlpr.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 16,656 Mspmon.dll


Files: 05-Feb-2003 21:28 3.0.1200.255 501 Os.map


Files: 11-Feb-2003 23:24 3.0.1200.255 34,064 Socksflt.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 6,416 Socksprf.dll


Files: 11-Feb-2003 23:23 3.0.1200.255 390,928 W3proxy.exe


Files: 11-Feb-2003 23:24 3.0.1200.255 6,928 Wspperf.dll


Files: 11-Feb-2003 23:24 3.0.1200.255 298,768 Wspsrv.exe


Summary: The following updates are required for Internet Security and Acceleration (ISA) Server 2000 to function correctly on computers running Windows Server 2003:




· ISA Server Service Pack 1 (SP1)


· The ISA Server 2000 Required Updates for Windows Server 2003 package


ISA Server is supported on all versions of Windows Server 2003 except Windows Server 2003, Web Edition.


Title: 331065 MS03-009: A Problem in the ISA Server DNS Intrusion Detection Filter May Cause Denial of Service


Hotfix: 1200.256


Link: http://support.microsoft.com/?id=331065


Files: 9-Mar-2003 11:55 3.0.1200.256 77,072 Issfltr.dll


Summary: A problem may occur on an Internet Security and Acceleration (ISA) Server 2000-based computer during the processing of incoming Domain Name System (DNS) requests that are sent to a published internal DNS server.

A successful attack against the ISA Server-based computer requires a malicious DNS request. An attacker might be able to exploit the vulnerability by sending a specially formed request to an ISA Server-based computer that is publishing a DNS server. This might then result in a denial of service to the published DNS server. If this occurs, all future incoming DNS requests to the ISA Server-based computer are stopped at the firewall, and are not passed to the internal DNS server. All other ISA Server functionality is unaffected.


Title: 331066 MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service


Hotfix: 1200.257


Link: http://support.microsoft.com/?id=331066


Files: 20-Mar-2003 14:56 3.0.1200.257 178,448 Mspadmin.exe


Files: 20-Mar-2003 14:55 3.0.1200.257 101,136 Msphlpr.dll


Files: 20-Mar-2003 14:55 3.0.1200.257 391,440 W3proxy.exe


Files: 20-Mar-2003 14:55 3.0.1200.257 298,768 Wspsrv.exe


Summary: Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.

The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.

A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.


Title: 816621 FIX: Message Screener Causes Handle Leak in Lsass.exe


Hotfix: 1200.258


Link: http://support.microsoft.com/?id=816621


Files: 23-Mar-2003 18:32 3.0.1200.258 60,688 Fltrsnk1.dll


Summary: You cannot run reports in Internet Security and Acceleration (ISA) Server 2000, and the following event ID message is logged in the event log:



Event Type: Error
Event Source: Microsoft ISA report generator Event
Category: None
Event ID: 21026
Date: 2002-10-13
Time: 00:50:00
Description: The action to create the scheduled report, “Weekly Report”, with the specified credentials, failed. The error code in the Data area of the event properties indicates the cause.
Data: 0000: 0d 00 00 00


To get the Win32 error for the status code 13 (0x0d) in the Data field of the event, type the following line at a command prompt:

net helpmsg 13

This command returns the following output:


The data is invalid


Note This problem occurs only if ISA Server and the ISA Server SMTP Message Screener (Fltrsnk1.dll) are installed and running on the same computer. To verify that the message screener is installed, follow the steps in the “More Information” section of this article.


Title: 331067 FIX: ISA Reports May Contain Negative Numbers in the ‘All Others’ Row


Hotfix: 1200.259


Link: http://support.microsoft.com/?id=331067


Files: 26-Mar-2003 13:34 3.0.1200.259 792,848 Sumgen.dll


Summary: When you view HTML reports, Internet Security and Acceleration (ISA) Server report may show large negative numbers in the All Others row and percentage numbers that do not add up to 100 percent. The report may also include rows with duplicate key names. This may occur when you view reports that are generated from monthly or yearly summary files. Reports that are generated from daily summary files do not have the problem. The default number of daily summaries saved is 36.


Title: 817829 FIX: Passive Mode FTP May Break with Multiple IP Addresses on External Interfaces


Hotfix: 1200.260


Link: http://support.microsoft.com/?id=817829


Files: 02-Apr-2003 11:52 3.0.1200.260 19,216 Ftpfltr.dll


Summary: Internal SecureNAT and Internet Security and Acceleration Server (ISA) Firewall clients may not open the FTP data connection to an FTP server that is using passive mode FTP (PASV). The FTP server may return one of the following error messages:


426 Connection closed; transfer aborted.


-or-


425 Can’t open data connection.


In some circumstances, the FTP client may seem to stop responding (hang) or time out. FTP clients that use active mode FTP (PORT) work without error.


Title: 810561 RemoveAllProxyAuthorization Not Applied to SSL Tunneling (CONNECT)


Hotfix: 1200.261


Link: http://support.microsoft.com/?id=810561


Files: 02-Apr-2003 17:04 3.0.1200.261 178,448 Mspadmin.exe


Files: 02-Apr-2003 17:04 3.0.1200.261 101,136 Msphlpr.dll


Files: 02-Apr-2003 17:03 3.0.1200.261 391,440 W3proxy.exe


Files: 02-Apr-2003 17:04 3.0.1200.261 298,768 Wspsrv.exe


Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser when you connect to secure HTTPS sites.

These symptoms may occur if the downstream ISA Server computer is configured to require Integrated proxy authentication and if the upstream Web proxy server is either configured to allow anonymous access or require proxy authentication (typically Basic proxy authentication). This problem occurs most frequently if you connect to a secure HTTPS site that uses a combination of HTTP and HTTPS links.


Title: 810493 INFO: Update Rollup for ISA Server Services


Hotfix: 1200.264


Link: http://support.microsoft.com/?id=810493


Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


Summary: Microsoft has released an Update Rollup Package for Microsoft ISA Server 2000 that corrects the problems that are described in the following Microsoft Knowledge Base articles:



810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP Protocols


331068 FIX: ISA Firewall Causes Handle Leak in LSASS


813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions


Title: 810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP


Hotfix: 1200.264


Link: http://support.microsoft.com/?id=810559


Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


Summary: When you use Server Publishing UDP Protocols (for example, DNS Query), you may notice a variety of problems:


· A lot of performance problems.


· You cannot connect to the published DNS server externally.


· The server may also stop responding after some days and the only resolution is to restart the computer.


Typically, these problems occur when you use Server Publishing DNS Query protocols where requests to the published DNS server from external sources receive a response only after a long delay, or not at all (the request does not succeed).


Title: 331068 FIX: ISA Firewall Causes Handle Leak in LSASS


Hotfix: 1200.264


Link: http://support.microsoft.com/?id=331068


Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


Summary: Internet Security and Acceleration (ISA) Server Firewall service may slow down or stop responding to client requests.

This behavior occurs under the following configuration:


· The internal clients are running the ISA Server Firewall client.

-and-


· The ISA Server has access policies defined that require user authentication. This might be Protocol rules or Site and Content rules that apply to specific users or groups.


Title: 813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions


Hotfix: 1200.264


Link: http://support.microsoft.com/?id=813864


Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


Summary: When you use Content Types (HTTP Content) in Site and Content Rules to deny or allow requests for downloading specific files (for example, .exe files), ISA Server does not deny or allow the request if you only have the file name extension (for example, .exe) configured in the appropriate Content Group.

This problem occurs only when you serve outgoing HTTP request through ISA Server.


Title: 816828 “Permission Denied” Error Message When You Use Rlogin to Log On to a


Hotfix: 1200.264


Link: http://support.microsoft.com/?id=816828


Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll


Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe


Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe


Summary: When you try to use an rlogin connection through Microsoft Internet Security and Acceleration (ISA) Server 2000 to log on to a server on the Internet (for example, to an AIX400 server), you may receive the following error message:


Permission Denied


Title: 815051 The Firewall Client Does Not Support the ConnectEx and WSARecvMsg APIs


Hotfix: 1200.265


Link: http://support.microsoft.com/?id=815051


Files: 20-Apr-2003 14:12 3.0.1200.265 97,552 Wspwsp.dll


Summary: When you use the Firewall client on either Microsoft Windows XP or Microsoft Windows Server 2003, some Winsock applications may not work through ISA Server 2000. For example, Remote Procedure Call (RPC) applications that are using Winsock may not connect through ISA Server 2000. You do not see this issue with Microsoft Windows 2000 or earlier versions of Microsoft Windows when you are running the Firewall client.


Title: 331069 Hotfix to Permit URL Path Redirection in Web Publishing Rules


Hotfix: 1200.266


Link: http://support.microsoft.com/?id=331069


Files: 08-May-2003 21:24 3.0.1200.266 178,448 Mspadmin.exe


Files: 08-May-2003 21:23 3.0.1200.266 103,184 Msphlpr.dll


Files: 09-May-2003 00:45 1.0 19,572 Pathmappingeditor.hta


Files: 08-May-2003 21:23 3.0.1200.266 391,440 W3proxy.exe


Files: 08-May-2003 21:24 3.0.1200.266 299,280 Wspsrv.exe


Summary: When you use Web Publishing Rules to publish an internal Web site, you cannot redirect the URL path to a different path on the internal Web server.


Title: 818621 No Links to Navigate Up Through Directory Levels in FTP Sites When Accessed Through Internet Explorer


Hotfix: 1200.268


Link: http://support.microsoft.com/?id=818621


Files: 05-13-2003 15:38 3.0.1200.268 178,448 Mspadmin.exe


Files: 05-13-2003 15:38 3.0.1200.268 391,952 W3proxy.exe


Files: 05-13-2003 15:38 3.0.1200.268 299,280 Wspsrv.exe


Files: 05-13-2003 15:38 3.0.1200.268 103,184 Msphlpr.dll


Summary: When you view File Transfer Protocol (FTP) sites in Microsoft Internet Explorer, you may notice that there are no links to navigate up through directory levels to the parent directory in the FTP site.


Title: 821098 FIX: Content Cache Issues on Downstream ISA Server Computer


Hotfix: 1200.269


Link: http://support.microsoft.com/?id=821098


Files: 16-May-2003 09:38 3.0.1200.269 178,448 Mspadmin.exe


Files: 16-May-2003 09:38 3.0.1200.269 103,184 Msphlpr.dll


Files: 16-May-2003 09:37 3.0.1200.269 391,952 W3proxy.exe


Files: 16-May-2003 09:38 3.0.1200.269 299,280 Wspsrv.exe


Summary: This article discusses problems that you may experience when you cache Hypertext Transfer Protocol (HTTP) content on a downstream Internet Security and Acceleration (ISA) Server. In these scenarios, all the following configuration conditions apply:


· The downstream ISA Server computer does not request authentication.


· The downstream ISA Server computer is chaining to an upstream proxy server and you have not set the connection user in the Routing rule of the downstream server.


· The upstream proxy server requests authentication.


Title: 813865 FIX: Multiple Registered Web Filters in Active Directory Are Handled


Hotfix: 1200.270


Link: http://support.microsoft.com/?id=813865


Files: 26-June-2003 09:07 3.0.1200.270 212,240 Msfpc.dll


26-June-2003 09:08 3.0.1200.270 1,822,480 Msfpccom.dll


Summary:


After you install ISA Server Web filters such as Urlscan or Link Translation, the ISA Server control service may not start, or the Web filter may not work correctly and may not appear in the ISA Server Microsoft Management Console (MMC).


Title: 816454 Proxy Service Logs an Event ID 14146 Message After Link Translation


Hotfix: 1200.271


Link: http://support.microsoft.com/?id=816454


Files: 25-May-2003 13:19 3.0.1200.271 34,064 Lnktrans.dll


Summary: After you install Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1 and you turn on the Link Translation filter that is included Feature Pack 1, when you start the Web Proxy service, some link translation rules may not work and the following event ID message may be logged:



Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14146
Description: ISA Server failed to load Web Filter DLL C:\Program Files\Microsoft ISA Server\\LnkTrans.dll. The error code shown in the Data area of the event properties indicates the cause of the failure.


Title: 818136 Web Proxy Service May Crash When It Processes a Redirect Action


Hotfix: 1200.276


Link: http://support.microsoft.com/?id=818136


Files: 12-Jun-2003 07:37 3.0.1200.276 178,448 Mspadmin.exe


Files: 12-Jun-2003 07:37 3.0.1200.276 103,184 Msphlpr.dll


Files: 12-Jun-2003 07:36 3.0.1200.276 391,952 W3proxy.exe


Files: 12-Jun-2003 07:37 3.0.1200.276 299,280 Wspsrv.exe


Summary: The Web proxy service (W3proxy.exe) may crash (that is, experience an access violation) when it processes an HTTP redirect action on a site and content rule that denies access


Title: Q816456 MS03-028: Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack


Hotfix: 1200.277


Link: http://support.microsoft.com/?id=816456


Files: -Jun-2003 16:49 2,060 10053.htm


Files: -Jun-2003 16:49 1,983 10053r.htm


Files: -Jun-2003 16:49 2,069 10054.htm


Files: -Jun-2003 16:49 2,007 10054r.htm


Files: -Jun-2003 16:49 2,180 10060.htm


Files: -Jun-2003 16:49 1,986 10060r.htm


Files: -Jun-2003 16:49 2,150 10061.htm


Files: -Jun-2003 16:49 2,074 10061r.htm


Files: -Jun-2003 16:49 1,925 11001.htm


Files: -Jun-2003 16:49 1,987 11001r.htm


Files: -Jun-2003 16:49 1,939 11002.htm


Files: -Jun-2003 16:49 2,001 11002r.htm


Files: -Jun-2003 16:49 1,925 11004.htm


Files: -Jun-2003 16:49 1,987 11004r.htm


Files: -Jun-2003 16:49 1,882 12206.htm


Files: -Jun-2003 16:49 2,086 12206r.htm


Files: -Jun-2003 16:49 2,217 1460.htm


Files: -Jun-2003 16:49 1,969 1460r.htm


Files: -Jun-2003 16:49 2,014 2r.htm


Files: -Jun-2003 16:49 1,590 401r.htm


Files: -Jun-2003 16:49 1,950 407.htm


Files: -Jun-2003 16:49 2,096 502.htm


Files: -Jun-2003 16:49 1,976 502r.htm


Files: -Jun-2003 16:49 2,105 504.htm


Files: -Jun-2003 16:49 1,985 504r.htm


Files: -Jun-2003 16:49 2,052 64.htm


Files: -Jun-2003 16:49 1,959 64r.htm


Files: -Jun-2003 16:50 2,279 Default.htm


Files: -Jun-2003 16:50 1,715 Defaultr.htm


Summary:


Under specific circumstances, an attacker might be able to execute a cross-site scripting (XSS) attack on a computer that is running Internet Security and Acceleration (ISA) Server. This type of attack could potentially provide an attacker with access to any data that resides on the original site. A XSS attack causes a Web browser to execute code from a domain that is different from the domain that the user believes they are accessing. This could allow an attack to run in the user’s browser with the security settings that are appropriate to the original Web site. This problem is the same as the problem that is discussed in MS02-018.


Title: 823261 “Web Proxy Service returns 12013 error upon 230 response from FTP Server”


Hotfix: 1200.278


Link: http://support.microsoft.com/?id=823261


Files: 22-June-2003 12:54 3.0.1200.278 30,992 W3pinet.dll


Summary: When you try to connect to a FTP server through an ISA Server 2000 Web proxy service, you may receive the following error message:


HTTP 502 Proxy Error – The user name was not allowed. Try a different


name, or retry the same name after verifying that it is typed


correctly. (12013)


Title: 821724 “Basic Credentials are requested over HTTP when SSL is required “


Hotfix: 1200. 279


Link: http://support.microsoft.com/?id=821724


Files: -June-2003 08:51 3.0.1200.279 178,448 Mspadmin.exe


24-June-2003 08:51 3.0.1200.279 103,184 Msphlpr.dll


24-June-2003 08:51 3.0.1200.279 392,464 W3proxy.exe


24-June-2003 08:51 3.0.1200.279 299,280 Wspsrv.exe


Summary: In a Web publishing scenario where Basic authentication is enabled on the Incoming Web Requests listener, Basic credentials may be sent over an external HTTP connection even though the Web publishing rule that processes the request is configured for “SSL required”. This problem may create a security issue because Basic credentials are Base64-encoded. If Basic credentials are sent over an HTTP connection, they may be read as clear text and decoded.


Title: 824246 “Response with Cache-Control: s-maxage=0 does not expire immediately”


Hotfix: 1200.281


Link: http://support.microsoft.com/?id=824246


Files: -Jul-2003 18:42 3.0.1200.281 178,448 Mspadmin.exe


10-Jul-2003 18:41 3.0.1200.281 103,184 Msphlpr.dll


10-Jul-2003 18:41 3.0.1200.281 392,464 W3proxy.exe


10-Jul-2003 18:41 3.0.1200.281 299,280 Wspsrv.exe


Summary: If you use Internet Security and Acceleration (ISA) Server 2000 in either a Web publishing scenario or a Web proxy scenario, ISA Server may not immediately expire a response that contains the Cache-Control: s-maxage=0 header. This header is used to tell a proxy server not to use an entry after it is delivered to the requesting client unless it first revalidates the entry with the origin server. A value of 0 means that the cached response should expire immediately.


Scott Jiles is an Escalation Engineer with Microsoft PSS

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top