Microsoft KB Archive/923322

= A large file download fails when an ISA Server 2004 SOCKS client computer uses passive mode FTP =

Article ID: 923322

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition

-



SYMPTOMS
When an FTP client computer downloads a large file by using passive mode FTP, the download fails if it takes longer than 120 seconds.



CAUSE
This problem may occur if the following conditions are true:
 * The FTP client computer is configured to use the SOCKS protocol.
 * The FTP client computer uses Microsoft Internet Security and Acceleration (ISA) Server 2004 for outgoing passive FTP access.
 * The idle connection time-out value in ISA Server 2004 is set to the default value of 120 seconds.

Passive mode FTP uses an outgoing control channel connection and an outgoing data channel connection. The file transmission occurs over the data channel. The FTP control channel times out if the following conditions are true:
 * Data is not sent over the control channel during the download operation.
 * A passive mode FTP file download takes longer than 120 seconds.

Then, the FTP server stops the file download operation.



RESOLUTION
To resolve this problem, install the hotfix package that is described in the Knowledge Base article 923330, and then follow the steps that are described in this article. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

923330 Description of the ISA Server 2004 hotfix package: July 27, 2006

After you install this hotfix, run the following Microsoft Visual Basic script to configure the SOCKS filter idle connection time-out value to an appropriate value.

Note To determine the appropriate time-out value, use the following equation:

Timeout (seconds) = file size / download speed * 1.2

For example, to determine the appropriate time-out value to download a 200-megabyte (MB) file at 1 megabits per second (Mbps), use the following equation:

 200*8 / 1 * 1.2 = 1920 seconds

You must calculate the value to use individually.

Note The idle connection time-out setting helps free unused resources so that resource-related issues do not occur. Therefore, we recommend that you do not increase the time-out setting unnecessarily. If you use a time-out setting that is less than the default 120 seconds, you can also create unexpected issues.

To change the time-out setting, follow these steps.

Note You must install the KB923330 hotfix package before you can follow these steps.  Click Start, point to All Programs, point to Accessories, and then click Notepad.  Copy and paste the following code into a new Notepad document. Then, save the code to the ISA Server 2004 computer. To do this, use a file name that has a .vbs extension such as SetSocksIdleTimeout.vbs. 

 ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED. 

 ' This script sets the idle connection time-out value for the SOCKS filter. ' The value is in seconds. 

Sub SetSocksIdleTimeout

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim Extensions ' An FPCExtensions object Dim ApplicationFilters ' An FPCApplicationFilters object Dim ApplicationFilter ' An FPCApplicationFilter object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object Set array = root.GetContainingArray

On Error Resume Next

Set Extensions = array.Extensions CheckError

Set ApplicationFilters = Extensions.ApplicationFilters CheckError

Set ApplicationFilter = ApplicationFilters.Item(&quot;{25765C04-C80B-494C-914E-286297DB8C8E}&quot;)

Set VendorSets = ApplicationFilter.VendorParametersSets Set VendorSet = VendorSets.Item( &quot;{25765C04-C80B-494C-914E-286297DB8C8E}&quot; )

VendorSet.Value(&quot;SessionIdleTimeoutSeconds&quot;) = 120 ' value in seconds to be set to desired value

ApplicationFilter.Save false, true

WScript.Echo &quot;Done...&quot;

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

SetSocksIdleTimeout

  This script uses the default time-out value of 120 seconds. Change the time-out value to the setting that you want, and then save the script. Double-click the .vbs file to run the script.</ol>

After you run this script, the new time-out value is applied to new SOCKS connections that are made through ISA Server 2004.

To change back to the default time-out value, change the value back to 120 seconds in the script, save the change, and then run the script again.

<div class="workaround_section">

WORKAROUND
To work around this problem, configure the FTP program to send &quot;keep-alive&quot; commands on the FTP control channel.

For information about whether the FTP program that you use supports this feature, see the documentation for the FTP program.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbqfe kbprb KB923322

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.