Article ID: 927991
Article Last Modified on 1/2/2007
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
- Microsoft Internet Security and Acceleration Server 2006 Standard Edition
For more information about the Microsoft Internet Security and Acceleration (ISA) Server 2004 version of this article, click the following article number to view the article in the Microsoft Knowledge Base:
923322 A large file download fails when an ISA Server 2004 SOCKS client computer uses passive mode FTP
SYMPTOMS
When a Microsoft Internet Security and Acceleration (ISA) Server 2006 FTP client computer downloads a large file by using passive mode FTP, the download fails if it takes longer than 120 seconds.
CAUSE
This problem may occur if the following conditions are true:
- The FTP client computer is configured to use the SOCKS protocol.
- The FTP client computer uses ISA Server 2006 for outgoing passive FTP access.
- The idle connection time-out value in ISA Server 2006 is set to the default value of 120 seconds.
Passive mode FTP uses an outgoing control channel connection and an outgoing data channel connection. The file transmission occurs over the data channel. The FTP control channel times out if the following conditions are true:
- Data is not sent over the control channel during the download operation.
- A passive mode FTP file download takes longer than 120 seconds.
Then, the FTP server stops the file download operation.
RESOLUTION
How to obtain the hotfix
This issue is fixed in the November 22, 2006 Hotfix Package for ISA Server 2006. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
928876 Description of the ISA Server 2006 hotfix package: November 22, 2006
After you install this hotfix, run the following Microsoft Visual Basic script to configure the SOCKS filter idle connection time-out value to an appropriate value.
Note To determine the appropriate time-out value, use the following equation:
File size / download speed * 1.2 = time-out (seconds)
For example, to determine the appropriate time-out value to download a 200-megabyte (MB) file at 1 megabyte per second (Mbps), use the following equation:
(200 * 8) / 1 * 1.2 = 1920 seconds
You must calculate the value individually for use with different file sizes.
Note The idle connection time-out setting helps free unused resources so that resource-related issues do not occur. Therefore, we recommend that you do not increase the time-out setting unnecessarily. If you use a time-out setting that is less than the default 120 seconds, you can also create unexpected issues.
To change the time-out setting, run the following Visual Basic script on the ISA Server 2006 computer. However, you must install the KB928876 hotfix package before you follow these steps:
- Start Notepad.
Copy the following script into the Notepad file. Then, save the file to the ISA Server 2006 computer, and use a file name that has a .vbs extension, such as
SetSocksIdleTimeout.vbs.<Script> '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' ' Copyright (c) Microsoft Corporation. All rights reserved. ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS ' HEREBY PERMITTED. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' This script sets the idle connection time-out value for the SOCKS filter. ' The value is in seconds. '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Sub SetSocksIdleTimeout() ' Create the root object. Dim root ' The FPCLib.FPC root object Set root = CreateObject("FPC.Root") 'Declare the other objects needed. Dim array ' An FPCArray object Dim Extensions ' An FPCExtensions object Dim ApplicationFilters ' An FPCApplicationFilters object Dim ApplicationFilter ' An FPCApplicationFilter object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet ' An FPCVendorParametersSet object ' Get references to the array object Set array = root.GetContainingArray On Error Resume Next Set Extensions = array.Extensions CheckError Set ApplicationFilters = Extensions.ApplicationFilters CheckError Set ApplicationFilter = ApplicationFilters.Item("{25765C04-C80B-494C-914E-286297DB8C8E}") Set VendorSets = ApplicationFilter.VendorParametersSets Set VendorSet = VendorSets.Item( "{25765C04-C80B-494C-914E-286297DB8C8E}" ) VendorSet.Value("SessionIdleTimeoutSeconds") = 120 ' value in seconds to be set to desired value ApplicationFilter.Save false, true WScript.Echo "Done..." End Sub Sub CheckError() If Err.Number <> 0 Then WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description Err.Clear End If End Sub SetSocksIdleTimeout </Script>- This script uses the default time-out value of 120 seconds. Change the time-out value to the setting that you want, and then save the script.
- Double-click the .vbs file to run the script.
After you run this script, the new time-out value is applied to new SOCKS connections that are made through ISA Server 2006.
To change back to the default time-out value, change the value back to 120 seconds in the script, save the change, and then run the script again.
WORKAROUND
To work around this problem, configure the FTP program to send "keep-alive" commands on the FTP control channel.
For information about whether the FTP program that you use supports this feature, see the documentation for the FTP program.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Keywords: kbqfe kbprb KB927991
