Microsoft KB Archive/937451

= A Web client may receive incorrect responses from a Web site that is published in ISA Server 2006 when multiple Web clients access the published Web site =

Article ID: 937451

Article Last Modified on 8/23/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

-



SYMPTOMS
Consider the following scenario:
 * In Microsoft Internet Security and Acceleration (ISA) Server 2006, you publish a Web site that is secured by the Secure Socket Layer (SSL) protocol.
 * Neither the Web publishing rule nor the Web listener requires authentication.
 * Multiple Web clients access the published Web site. Each client access the Web site in a separate TCP session or in a separate SSL session.

In this scenario, the Web clients may receive incorrect responses from the Web site.



CAUSE
ISA Server 2006 performs connection pooling for the published Web site if ISA Server 2006 does not require authentication. This behavior may cause issues if the Web server assumes that requests originate from the same Web client. The Web server may assume that this is the case when requests are sent on the same TCP connection or on the same SSL connection.



RESOLUTION
To resolve this problem, follow these steps:  Apply hotfix package 938517. For more information about this hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:

938517 Description of the Internet Security and Acceleration Server 2006 hotfix package that is dated June 5, 2007

  Copy the following script into a Notepad file. Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_NAME = &quot;EnableHotfix937451&quot; Const SE_VPS_VALUE = true

Sub SetValue

' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_NAME) End If

if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

SetValue  Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, save the file by using the following name:

EnableKB937451.vbs

 Start a command prompt, move to the location where you saved the EnableKB937451.vbs file, and then run the following command:

cscript EnableKB937451.vbs



Note After you run this script, ISA Server 2006 uses a separate connection for each external client. ISA Server 2006 uses a separate connection only for clients that use the HTTPS protocol. This hotfix does not apply to HTTP connections



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.



WORKAROUND
To work around this problem, follow these steps:
 * 1) Click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
 * 2) In the console tree, expand Microsoft Internet Security and Acceleration Server 2006.
 * 3) If you are running ISA Server 2006 Enterprise Edition, expand Arrays, and then expand the node that corresponds to the array. If you are running ISA Server 2006 Standard Edition, expand the node that corresponds to the server.
 * 4) Click Firewall Policy.
 * 5) In the details pane, right-click the Web publishing rule, and then click Properties.
 * 6) On the To tab, click Requests appear to come from the original client, and then click OK.
 * 7) Click Apply.

Keywords: kbtshoot kbexpertiseinter kbprb KB937451

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.