Article ID: 319374
Article Last Modified on 9/27/2005
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2000 Standard Edition
- Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
This article was previously published under Q319374
SYMPTOMS
When an Internet Security and Acceleration (ISA) Server-based computer that is Web publishing an SSL Web site receives an invalid SSL packet, the ISA Server Web Proxy service may crash, generate an access violation error message, and may stop providing services.
CAUSE
This problem may occur when all of the following conditions exist:
- SSL packets are sent to an ISA Server-based computer that is Web publishing a Web site that is configured to use SSL bridging.
- A Web Publishing rule exists and is turned on for the SSL Web site.
- An Incoming Web Requests listener exists for the SSL Web site.
- The Enable SSL listeners check box on the Incoming Web Requests tab is checked.
- On the ISA Server-based computer, a server certificate is installed and turned on. The server certificate is turned on in the Incoming Web Requests listener properties by a check mark in the Use a server certificate to authenticate to web clients check box.
RESOLUTION
You must install ISA Server Service Pack 1 (SP1) before you apply the following hotfix.
For additional information about how to obtain the latest ISA Server service pack, click the article number below to view the article in the Microsoft Knowledge Base:
313139 How to Obtain the Latest Internet Security and Acceleration Server 2000 Service Pack
The following file is available for download from the Microsoft Download Center:
Release Date: May 8, 2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. To install the fix, run the self-extracting file. You do not need to restart the ISA Server computer. If the computer is part of an ISA Server array, you do not need to shut the whole array down; you can still install this fix on a one-by-one basis.
The English version of this fix should have the following file attributes or later:
Date Time Version Size File name ----------------------------------------------------- 5-May-2002 11:30 3.0.1200.174 384,272 W3proxy.exe
This fix also applies to the French, German, Spanish, and Japanese versions of ISA Server.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
For additional information about another problem that this hotfix resolves, click the article number below to view the article in the Microsoft Knowledge Base:
321846 Incorrect Canonicalization in Rules Engine
SSL bridging refers to the ability of ISA Server to encrypt or decrypt client requests, and then pass on the request to a destination Web server. For example, in a Web Publishing scenario, ISA Server can process a client SSL request by terminating the SSL connection from a client and then re-opening a new connection (either HTTP or SSL) with a Web server.
Because no listeners are configured in Incoming Web Requests by default, there is no potential for the Web Proxy service to stop responding on a default installation of ISA Server.
Keywords: kbhotfixserver kbqfe atdownload kbbug kbenv kbfix kbqfe KB319374