Microsoft KB Archive/835980

= Name Service Provider Interface connections steadily increase on an Exchange Server computer that you publish in ISA Server 2000 =

Article ID: 835980

Article Last Modified on 8/14/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you use Microsoft Internet Security and Acceleration (ISA) Server 2000 publishing rules to publish a Microsoft Exchange Server computer for RPC access, you may experience all the following symptoms:
 * The Exchange Server computer shows an increasing number of Name Service Provider Interface (NSPI) connections over several days.
 * Connections to the Exchange Server computer decrease when clients disconnect, but not all connections are disconnected.
 * After many days, sufficient connections may accumulate to prevent Exchange Server from permitting additional connections.
 * If you disconnect the ISA Server computer's external interface, connections return to zero.
 * If you disconnect the ISA Server computer from the computer that is running Exchange Server, Exchange Server successfully drops the connections after the time-out value is reached.



CAUSE
This problem occurs if the Exchange Server RPC clients are abnormally disconnected from Exchange Server. Exchange Server determines the connection status for a session by sending &quot;keep-alive&quot; packets to the connected client computer. Exchange Server uses WinSock to send these packets. In this scenario, the ISA Server computer behaves as the client for a connected session. If the RPC client drops its connection to Exchange Server, instead of closing the connection correctly, the connection does not time out on the Exchange Server computer, because ISA Server responds to the keep-alive packets.

Therefore, ISA Server holds the Exchange Server information store port connection open until the information store restarts, or until ISA Server restarts.



Hotfix information
A supported hotfix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Only apply it to systems that are experiencing this specific problem. This hotfix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Internet Security and Acceleration Server 2000 service that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the hotfix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

Note In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

Prerequisites
ISA Server 2000 Service Pack 1 (SP1) must be installed before you install this hotfix. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

313139 How to obtain the latest Internet Security and Acceleration Server 2000 service pack

Restart requirement
You do not have to restart your computer after you apply this hotfix.

Hotfix replacement information
This hotfix does not replace any other hotfixes.

File information
The English version of this hotfix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version            Size    File name --  27-Feb-2004  05:10  3.0.1200.307      178,448  Mspadmin.exe 27-Feb-2004 05:09  3.0.1200.307      103,184  Msphlpr.dll 27-Feb-2004 05:10  3.0.1200.307       54,544  Rpcfltr.dll 27-Feb-2004 05:08  3.0.1200.307      393,488  W3proxy.exe 27-Feb-2004 05:10  3.0.1200.307      300,304  Wspsrv.exe

Hotfix installation information
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To install this hotfix, follow these steps:  On the ISA Server, double-click the hotfix package to extract the hotfix, and then install the hotfix. Start Registry Editor, and then locate the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\PluginRPC

Note You can create the following registry changes by incorporating them into a .reg file. For additional information about how to do this, see step 3.

 To control external socket keep-alive behavior, enter the specified values for each registry entry:

Entry name: InboundExternalKeepAlive

Entry type: REG_DWORD

Entry value: 0x0 to 0xFFFFFFFF (0xFFFFFFFF corresponds to about 1193 hours. After 1193 hours, the TCP/IP &quot;clean-up&quot; process starts.)

Default value: 0x6DDD00 (Decimal 7200000) This value is the operating system default of two hours.

The InboundExternalKeepAlive registry entry represents the time delta in milliseconds before the TCP/IP stack starts its &quot;cleanup&quot; process for that socket. The value of this entry overrides the InboundExternalKeepAliveDefault registry entry value.

Note Configure the InboundExternalKeepAlive registry entry value on the ISA Server computer to equal the InboundExternalKeepAlive registry entry value on the Exchange Server. This configuration simulates keep-alive forwarding and guarantees that the ISA Server computer and the Exchange Server computer have the same load.

Entry name: InboundExternalKeepAliveDefault

Entry type: REG_DWORD

Entry value: 0x0 or 0x1

Default value: 0x0

The default value of 0 instructs the RPC filter to leave the keep-alive interval to the system setting that is specified in the following registry subkey:

The InboundExternalKeepAliveDefault registry entry is ignored if the InboundExternalKeepAlive registry entry exists, and if the InboundExternalKeepAlive registry entry is set to a non-zero value.

Entry name: InboundExternalKeepAliveInterval

Entry type: REG_DWORD

Entry value: 0x0 to 0xFFFFFFFF (0xFFFFFFFF corresponds to about 1193 hours. After 1193 hours, the TCP/IP &quot;clean-up&quot; process starts.)

Default value: 0x1

The InboundExternalKeepAliveInterval registry entry represents the time in milliseconds that the TCP/IP stack uses for the keep-alive retry interval. If this registry entry is not present, the TCP/IP stack uses the value that is specified in the following registry subkey:

Note Configure the InboundExternalKeepAliveInterval registry entry with a value that is greater than the keep-alive interval that you use for the Exchange Server computer. This configuration helps mitigate the effects of potential external network delays. Typically, 20 seconds (200000) is the best value.

If you decide to use the operating system default settings for external sockets, use only the InboundExternalKeepAliveDefault registry entry, and configure this registry entry with a DWORD value of 1. To control internal socket keep-alive behavior, enter the specified values for each registry entry:

Entry name: InboundInternalKeepAlive

Entry type: REG_DWORD

Entry value: 0x0 to 0xFFFFFFFF (0xFFFFFFFF corresponds to about 1193 hours. After 1193 hours, the TCP/IP &quot;clean-up&quot; process starts.)

Default value: 0x6DDD00 (Decimal 7200000) This is the operating system default of two hours.

The InboundInternalKeepAlive registry entry represents the time delta in milliseconds before the TCP/IP stack starts its &quot;cleanup&quot; process for that socket. This entry overrides the InboundExternalKeepAliveDefault registry entry value.

Note Configure the InboundInternalKeepAlive registry entry value on the ISA Server computer to equal the InboundInternalKeepAlive registry entry value on the Exchange Server computer. This configuration simulates keep-alive forwarding and guarantees that ISA Server computer and the Exchange Server computer have the same load.

Entry name: InboundInternalKeepAliveDefault

Entry type: REG_DWORD

Entry value: 0x0 or 0x1

Default value: 0x0

The default value of 0 instructs the RPC filter to leave the keep-alive interval to the system setting that is specified in the following registry subkey:

The InboundExternalKeepAliveDefault registry entry is ignored if the InboundInternalKeepAlive registry entry exists, and if the InboundInternalKeepAlive registry entry is set to a non-zero value.

Entry name: InboundInternalKeepAliveInterval

Entry type: REG_DWORD

Entry value: 0x0 to 0xFFFFFFFF (0xFFFFFFFF corresponds to about 1193 hours until the TCP/IP &quot;clean-up&quot; process starts)

Default value: 0x1

The InboundInternalKeepAliveInterval registry entry represents the time in milliseconds that the TCP/IP stack uses for the keep-alive retry interval. If this registry entry is not present, the TCP/IP stack uses the value that is specified in the following registry subkey:

Note Configure the InboundInternalKeepAliveInterval registry entry with a value that is greater than the keep-alive interval that you use for the Exchange Server computer. This configuration helps to mitigate the effects of potential external network delays. Typically, 20 seconds (200000) is the best value.   If you do not want to modify the registry manually, you can also enter these registry settings by using a .reg file. The following example settings were designed to introduce the least change to the network traffic profile: Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\PluginRPC] &quot;InboundExternalKeepAlive&quot;=dword:006DDD00 &quot;InboundExternalKeepAliveInterval&quot;=dword:00030D40 &quot;InboundInternalKeepAlive&quot;=dword:006DDD00 &quot;InboundInternalKeepAliveInterval&quot;=dword:00002710 To enter these registry settings in Windows, follow these steps: <ol style="list-style-type: lower-alpha;"> Copy the registry settings into Notepad, and then save the file as Keepalive.reg.</li> Double-click the Keepalive.reg file that you saved, and then click Yes when you are prompted to enter this information in the registry.</li> When the registry has been updated successfully, click OK.</li></ol> </li> Stop, and then restart the following ISA Server services to make the registry changes effective:

isactrl

fwsrv

w3proxy

schdn

To do this: <ol style="list-style-type: lower-alpha;"> At a command prompt, type net stop, then press ENTER</li> Type net start, and then press ENTER.</li></ol> </li></ol>

<div class="workaround_section">

WORKAROUND
To work around this problem, restart the ISA Server computer.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section of this article.

<div class="moreinformation_section">

MORE INFORMATION
This hotfix updates the ISA Server Firewall Service and the RPC application filter to use the TCP keep-alive functionality on all the following sockets:
 * Sockets that are created between ISA Server and the external Exchange RPC client.
 * Sockets that are created between ISA Server and the internal Exchange Server computer.
 * Sockets that are created between ISA Server and both the external RPC client and the internal Exchange Server computer.

TCP keep-alive is a mechanism that the Windows TCP/IP stack uses to monitor socket health. The Windows TCP/IP stack sends a single-byte packet on the current socket between the local server and the remote host during periods of inactivity. If the remote host responds to the keep-alive packet on the same socket, the socket is considered “active.&quot; Otherwise, the TCP/IP stack retries the keep-alive communication until the specified time-out period has elapsed. When this time-out period has elapsed, the TCP/IP stack closes the socket.

If the RPC filter tries to use a closed socket after you install this hotfix, the filter receives an error from the TCP/IP stack. The RPC filter then removes that client socket information and initiates a typical socket closure process for this connection to the Exchange Server computer.

Keywords: kbqfe kbhotfixserver kbfirewall kbisaserv2000presp2fix kbfix kbbug KB835980

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.