Article ID: 931951
Article Last Modified on 12/4/2007
APPLIES TO
- Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
SYMPTOMS
Hosts that are listed in the client Cache Array Routing Protocol (CARP) exceptions list in Microsoft ISA Server 2004 may resolve to different array member nodes. This may result in unexpected behavior for multi-host Web sites.
For example, users who authenticate to one host through ISA Server A
may then connect to another host through ISA Server B
. In this scenario, ISA clients may be prompted unexpectedly to reenter their credentials.
CAUSE
This problem occurs because the ISA Server 2004 Web Proxy Autodiscovery Protocol (WPAD) script resolves CARP exceptions to specific nodes on a host-by-host basis. If a Web site uses multiple hosts that are in the exceptions list, each host can map to a different node. This could result in the unexpected browsing behavior that is mentioned in the "Symptoms" section.
RESOLUTION
To resolve this problem, use one of the following methods, as appropriate for your situation.
Method 1: Install ISA Server Service Pack 3 for Enterprise Edition
This problem is fixed in ISA Server Service Pack 3 (SP3) for Enterprise Edition. For more information about how to obtain ISA Server Service Pack 3, click the following article number to view the article in the Microsoft Knowledge Base:
891024 How to obtain the latest ISA Server 2004 service pack
Method 2: Install the March 8, 2007 post-SP2 ISA Server 2004 hotfix rollup
This problem is fixed in the ISA Server 2004 hotfix package that is dated March 8, 2007. For more information about the March 8, 2007 post-SP2 ISA Server 2004 hotfix rollup, click the following article number to view the article in the Microsoft Knowledge Base:
933524 Description of the ISA Server 2004 hotfix package that is dated March 8, 2007
The fix in Method 1 and in Method 2 changes the Web Proxy Automatic Discovery (WPAD) script to match the ISA Server 2006 configuration. This change maps all hosts in the exceptions list to a single node for each client. Therefore, different clients may use different nodes for their exceptions. However, all the exceptions for a given client map to the same array member server.
Enable the fix
To enable this fix, you have to run the following Microsoft Visual Basic script after you install the fix.
Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}" Const SE_VPS_NAME = "EnableHotfix931951" Const SE_VPS_VALUE = true Sub SetValue() ' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject("FPC.Root") 'Declare the other objects needed. Dim array ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet ' An FPCVendorParametersSet object ' Get references to the array object ' and the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID ) If Err.Number <> 0 Then Err.Clear ' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo "New VendorSet added... " & VendorSet.Name Else WScript.Echo "Existing VendorSet found... value- " & VendorSet.Value(SE_VPS_NAME) End If if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError If Err.Number = 0 Then WScript.Echo "Done with " & SE_VPS_NAME & ", saved!" End If End If Else WScript.Echo "Done with " & SE_VPS_NAME & ", no change!" End If End Sub Sub CheckError() If Err.Number <> 0 Then WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description Err.Clear End If End Sub SetValue
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Keywords: kbbug kbfix kbprb atdownload kbexpertiseadvanced KB931951