Microsoft KB Archive/318619

= Uploading files by using an HTTP Post through Proxy Server 2.0 may fail after you install the fixes in Q296458, Q301625 or Q299444 =

Article ID: 318619

Article Last Modified on 11/16/2005

-

APPLIES TO


 * Microsoft Proxy Server 2.0 Standard Edition
 * Microsoft Internet Information Services 5.0
 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q318619



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Uploading files by using an HTTP Post through Proxy Server 2.0 may fail with some third-party client applications under the following circumstances:  After you install the security patch that is included in the Microsoft Knowledge Base article Q296458. After you install the package in which this security patch is included:  For Microsoft Windows NT 4.0: Q301625 For Microsoft Windows 2000: Q299444  If you are using NTLM Authentication on Proxy Server (Default Website).</ol>

Note These symptoms do not occur if you are using:
 * Internet Security and Acceleration (ISA) Server
 * Basic Authentication on Proxy Server (Default Website)
 * Anonymous Authentication

<div class="cause_section">

CAUSE
The security fix Q296458 (for Windows NT 4.0 and for Windows 2000) causes a regression on Internet Information Server (IIS) 4.0 and on Internet Information Services (IIS) 5.0 if you have installed Proxy Server 2.0 and you have configured NTLM Authentication on the default Web site. This problem occurs because some third-party applications (that are configured to use Proxy Server 2.0) send requests to the host name of the destination URL first, and then to the IP address on the same, authenticated, NTLM Proxy connection. When you install the security patch, the TCP connection is closed because the host headers are changed on the same connection. When this occurs, an access denied error (407) is sent from the Proxy server to the third-party client application; however, because the third-party client cannot handle the unexpected re-authentication request, the upload fails.

<div class="resolution_section">

RESOLUTION
Install the regression hotfix that is included in the following Microsoft Knowledge Base articles:
 * For Internet Information Services 5.0: Q309562
 * For Internet Information Server 4.0: Q308244

<div class="references_section">