Microsoft KB Archive/945224

= ISA Server 2006 may forward requests to an incorrect Web server when a client computer accesses Web sites that have different public names in the same session =

Article ID: 945224

Article Last Modified on 1/2/2008

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition

-



SYMPTOMS
Consider the following scenario:
 * In Microsoft Internet Security and Acceleration (ISA) Server 2006, you create a Web farm that contains multiple Web servers.
 * You create multiple Web publishing rules to publish multiple public names that use the same Web farm.
 * In the Web publishing rules, the load balance mechanism is set to Cookie based.

In this scenario, ISA Server may forward requests to an incorrect Web server. When a client computer accesses Web sites that have different public names in the same session, ISA Server does not forward the request to the same Web server.

For example, this problem occurs when the client accesses the following Web sites in the same session:
 * http:// . .com/
 * http:// . .com/



CAUSE
This problem occurs when the Web browser does not send a Web Publishing Load Balancing (WPLB) cookie to ISA Server.

By default, a Web browser does not use a cookie from one site in a request that it sends to another site. Before the current fix is enabled, ISA Server will send to the client a Set-Cookie HTTP header that contains the first public name that is specified in the publishing rule. Therefore, the request that is sent to ISA Server for a public name other than the first public name does not contain the WPLB cookie. In this scenario, ISA Server may select a different server from the Web farm to handle the request.



RESOLUTION
To resolve this problem, follow these steps:  Apply the hotfix package that is described in the following Microsoft Knowledge Base article:

945225 Description of the ISA Server 2006 hotfix package: November 18, 2007

 Start Notepad.  Copy and then paste the following text into Notepad.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

'   This code is Copyright (c) 2007 Microsoft Corporation. ' '   All rights reserved. ' '   THIS CODE AND INFORMATION IS PROVIDED &quot;AS IS&quot; WITHOUT WARRANTY OF '    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO '    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A '    PARTICULAR PURPOSE. ' '   IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE '    LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY '   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, '   WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS '   ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE '   OF THIS CODE OR INFORMATION. ' ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_NAME = &quot;CreateDomainCookie&quot; Const SE_VPS_VALUE = true

'Define the constants needed const Error_FileNotFound = &H80070002 Const fpcPolicyWebPublishing = 2

Main(WScript.Arguments)

Sub Main(args)

If(args.Count = 1) Then SetWPLBhttpOnly args(0) Else Usage End If End Sub

Sub SetWPLBhttpOnly(ruleName)

' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

' Declare the other objects needed. Dim isaArray       ' An FPCArray object Dim rule           ' An FPCPolicyRule object

' Obtain a reference to the array object. Set isaArray = root.GetContainingArray

' Obtain a reference to the policy rule specified. On Error Resume Next Set rule = isaArray.ArrayPolicy.PolicyRules.Item(ruleName) If Err.Number = Error_FileNotFound Then WScript.Echo &quot;The policy rule specified could not be found.&quot; Else Err.Clear On Error GoTo 0 If rule.Type = fpcPolicyWebPublishing Then

Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

Set VendorSets = rule.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_NAME) End If

if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

If Err.Number <> 0 Then CheckError End If           End If

rule.Save WScript.Echo &quot;Done!&quot;

Else WScript.Echo &quot;The policy rule specified is not a Web publishing rule.&quot; End If   End If

End Sub

Sub Usage WScript.Echo &quot;Usage:&quot; & VbCrLf _ & &quot; &quot; & WScript.ScriptName & &quot; RuleName&quot; & VbCrLf _ & &quot;&quot; & VbCrLf _ & &quot;   RuleName - Name of the Web publishing rule&quot; WScript.Quit End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub  Save the file as a .vbs file. For example, use the following name to save the file:

CreateDomainCookie.vbs

 Open a command prompt, move to the location in which you saved the CreateDomainCookie.vbs file, and then type the following command:

cscript CreateDomainCookie.vbs

Note Replace the  placeholder with the name of the publishing rule.

After you follow these steps, ISA Server checks the top-level domain from the host header in the request. Then, ISA Server uses this domain as a WPLB cookie domain. For example, if the requested host header is test.xxx.domain.com, the cookie will be &quot;cookie domain: .domain.com.&quot;

Note When ISA Server obtains the top-level domain, ISA Server merely extracts the rightmost two names. For example, if the site name is. . . .com, ISA Server uses. .com as the top-level domain in the WPLB cookie. Therefore, this fix does not help you if your top-level domain resembles &quot; .co.uk&quot; or if you want to use. .com as the top-level domain. In this case, you can use another fix to specify a single top-level domain that can be used in all WPLB cookies. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

940242 ISA Server 2006 forwards requests to an incorrect Web server when a client computer accesses Web sites that have different host names in the same session



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="moreinformation_section">

MORE INFORMATION
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbexpertiseinter kbbug kbfix kbqfe KB945224

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.