Microsoft KB Archive/318619

From BetaArchive Wiki
Knowledge Base


Uploading files by using an HTTP Post through Proxy Server 2.0 may fail after you install the fixes in Q296458, Q301625 or Q299444

Article ID: 318619

Article Last Modified on 11/16/2005


APPLIES TO

  • Microsoft Proxy Server 2.0 Standard Edition
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0


This article was previously published under Q318619

We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx


SYMPTOMS

Uploading files by using an HTTP Post through Proxy Server 2.0 may fail with some third-party client applications under the following circumstances:

  1. After you install the security patch that is included in the Microsoft Knowledge Base article Q296458.
  2. After you install the package in which this security patch is included:
    1. For Microsoft Windows NT 4.0: Q301625
    2. For Microsoft Windows 2000: Q299444
  3. If you are using NTLM Authentication on Proxy Server (Default Website).

Note These symptoms do not occur if you are using:

  • Internet Security and Acceleration (ISA) Server
  • Basic Authentication on Proxy Server (Default Website)
  • Anonymous Authentication


CAUSE

The security fix Q296458 (for Windows NT 4.0 and for Windows 2000) causes a regression on Internet Information Server (IIS) 4.0 and on Internet Information Services (IIS) 5.0 if you have installed Proxy Server 2.0 and you have configured NTLM Authentication on the default Web site. This problem occurs because some third-party applications (that are configured to use Proxy Server 2.0) send requests to the host name of the destination URL first, and then to the IP address on the same, authenticated, NTLM Proxy connection. When you install the security patch, the TCP connection is closed because the host headers are changed on the same connection. When this occurs, an access denied error (407) is sent from the Proxy server to the third-party client application; however, because the third-party client cannot handle the unexpected re-authentication request, the upload fails.

RESOLUTION

Install the regression hotfix that is included in the following Microsoft Knowledge Base articles:

  • For Internet Information Services 5.0: Q309562
  • For Internet Information Server 4.0: Q308244


REFERENCES

Click the following links to see the Microsoft Knowledge Base articles that are referenced throughout this article:

308244 NTLM password changes may fail after Q299444 and Q301625 applied


309562 Proxy-to-Proxy authentication error after installing IIS patch


296458 IIS disregards host headers when using keep-alives


301625 MS01-044: Patch available for SSI privilege elevation vulnerability


299444 Post-Windows NT 4.0 SP6a Security Rollup Package (SRP)


Keywords: kbfix kbprb KB318619



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/318619&oldid=175392
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki