Microsoft KB Archive/288396

= ISA Server Event 14120 Is Logged and Packet Filter Cannot Be Created =

Article ID: 288396

Article Last Modified on 1/15/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-



This article was previously published under Q288396



SYMPTOMS
The following error is logged in Event Viewer because there is a conflict with the Local Address Table (LAT) in Internet Security and Acceleration (ISA) Server 2000 and the routing table:

Event Type: Error

Event Source: Microsoft Web Proxy

Event Category: None

Event ID: 14120

Date: 4/18/2001

Time: 2:08:35 PM

User: N/A

Computer: computer name

Description:

The ISA Server services cannot create a packet filter 24.25.66.26. This event occurs when there is a conflict between the LAT configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.

Data:

0000: 41 01 00 c0

The data area also translates to error &quot;0xc000141&quot;, or &quot;(dec): 3072 321&quot;. If the LAT does not have a conflict with the local routing table (for example, if you set the LAT correctly to only include the IP addresses of all internal interfaces) you may see this event error under the following circumstances:
 * You have configured ISA Web publishing to an internal Web server, or to the local IIS server on the ISA server.
 * An internal client requests the Web site using a fully qualified domain name (FQDN) that resolves to the external IP address of ISA.
 * ISA has both NICs in the same segment and outbound packets go out through the same NIC where the client's request arrived (because that is where the default gateway is configured).



CAUSE
This behavior occurs because when the ISA Web service listens on the external IP address on behalf of the Web server, and the internal client tries to access that service, Web proxy tries to create a packet filter for that address because the proxy views that the address as external (which it is). The packet filter driver fails to create the filter because the address is not reachable through the external interface; instead, the address is reachable through the loopback interface. The result is the event log entry.



RESOLUTION
Although you can ignore this event, you can also resolve this behavior. To do so, on the DNS server that is being used for internal name resolution, create a host record (A record) for the fully qualified domain name that is used by internal users and that resolves to the internal IP address or the IP address of the Web server on which the Web site is hosted.

Keywords: kbenv kberrmsg kbprb KB288396

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.