Microsoft KB Archive/917265

= Error message when client computers that are behind a proxy server access Web sites that are published by using ISA Server 2004: “404 Not Found. The requested item could not be located (12028)” =

Article ID: 917265

Article Last Modified on 1/30/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server Enterprise Edition Service Pack 2

-



SYMPTOMS
Consider the following scenario:
 * You have multiple Web sites that are hosted on a back-end Web server.
 * You publish the Web server by using Microsoft Internet Security and Acceleration (ISA) Server 2004.
 * You use the Requests appear to come from original client option and the Forward the Original host header instead of the actual one [specified above] option to configure the Web publishing rule.

In this scenario, if you access the Web site from a client computer that is behind a proxy server that caches forward connections, you may receive an error message that resembles the following:

404 Not Found. The requested item could not be located (12028)



CAUSE
This problem occurs if the Web publishing ISA Server cannot establish a connection to the Web server.

This problem may occur if external client computer requests that are sent to the ISA Server on the same TCP connection have different host headers. This problem may also occur if the requests are addressed to the same published Web server.

In this scenario, ISA Server closes the connection that is used for the first host header request and opens a new connection to the published Web server when the host header changes. ISA Server opens new connections to the Web server because some Web servers incorrectly handle requests that are sent with different host headers that arrive on the same TCP connection.

If you enable the Requests appear to come from original client option, the same source IP and port is used by the ISA server when establishing the second TCP connection to the published Web server. Then, the Web server may not respond to the second TCP connection try and you may receive the error message that the &quot;Symptoms&quot; section describes.



RESOLUTION
To resolve this problem, do the following as appropriate for your situation:  For ISA Server 2004 Standard Edition that is running on Small Business Server 2003 Premium Edition, install the following hotfix from the Microsoft Download Center:

http://www.microsoft.com/downloads/details.aspx?FamilyId=25BB5F65-4734-4268-B2B1-1606DCEAC06F&displaylang=en

 For ISA Server 2004 Standard Edition that is not running on Small Business Server 2003 and for ISA Server 2004 Enterprise Edition, install the hotfix that is described in Microsoft Knowledge Base article 919621.

919621 Description of the ISA Server 2004 hotfix package: May 31, 2006



• (http://support.microsoft.com/kb/919621/). Note that the info about the script (the sentence starting &quot;After you apply the hotfix, run the Microsoft Visual Basic script...&quot; remains as it is. After you apply the hotfix, run the Microsoft Visual Basic script that is described in this section. To do this, follow these steps.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.  Click Start, point to Programs, point to Accessories, and then click Notepad. Copy and paste the following code into a new Notepad document, and then save it to a file name with a .vbs extension such as .vbs:

 ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED.   ' This script adds a new VendorParametersSets under the array root. ' Used to added new parameters that are needed for hotfixes or service packs.  Sub AddReuseSessionForDifferentHostHeader ' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;) 'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object ' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) If Err.Number <> 0 Then Err.Clear ' Add the item Set VendorSet = VendorSets.Add( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(&quot;ReuseSessionForDifferentHostHeader&quot;) End If   if VendorSet.Value(&quot;ReuseSessionForDifferentHostHeader&quot;) <> true Then Err.Clear VendorSet.Value(&quot;ReuseSessionForDifferentHostHeader&quot;) = true If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError If Err.Number = 0 Then WScript.Echo &quot;Done with ReuseSessionForDifferentHostHeader, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with ReuseSessionForDifferentHostHeader, no change!&quot; End If End Sub Sub CheckError If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If End Sub AddReuseSessionForDifferentHostHeader

 Double-click the .vbs file to run the script.</ol>

<div class="workaround_section">

WORKAROUND
To work around this problem, use the Requests appear to come from the ISA Server computer option instead of Requests appear to come from original client option to configure the Web publishing rule. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Start the ISA Server Management tool.</li> Expand the ISA Server computer node, and then click Firewall Policy.</li> Right-click the Web publishing rule that you want to configure, and then click Properties.</li> Click the To tab, click Requests appear to come from the ISA Server computer, and then click OK.</li> Click Apply to save the changes and update the configuration.

Note This workaround may resolve similar errors that are caused by the published Web server incorrectly routing return TCP traffic to the client computer IP address through the ISA server.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
To disable the reuse of TCP connections when the host header is different, run the following script:

 ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED. 

 ' This script removes a VendorParametersSet value. 

Sub ReuseSessionForDifferentHostHeader

' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

'Declare the other objects needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; )

If Err.Number <> 0 Then Err.Clear

WScript.Echo &quot;VendorParametersSet does not exist.&quot;

Else Err.Clear VendorSet.RemoveValue(&quot;ReuseSessionForDifferentHostHeader&quot;)

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done removing ReuseSessionForDifferentHostHeader, saved!&quot; End If       End If    End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

ReuseSessionForDifferentHostHeader

Typically, you may experience the error that this article describes when the ISA server is unable to contact the published Web server.

This hotfix addresses a very specific scenario. Before you apply this hotfix, check the basic connectivity from the ISA server to the published server. For example, check name resolution, TCP connectivity, and then use one of the suggested workarounds to confirm the problem.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbqfe kbprb KB917265

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.