The registry funkicity? No - that's separate (and odd). ------------------------------------------------------- Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! ------------------------------------------------------- -----Original Message----- From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Thursday, January 19, 2006 07:45 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Live log query question http://www.ISAserver.org Not yet but once on-site today if there is no change after adding the PMTU registry that will be the next step. BTW, I assume this has nothing to do with the other problem I sent, correct? John T eServices For You > -----Original Message----- > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 7:00 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Live log query question > > http://www.ISAserver.org > > No worries, although it does make problem description a bit unusual. > For instance, HTTP is pretty much dependent on TCP since it has no > inherent traffic management built in. > > Whether the app uses HTTP or merely uses port 80 is significant. > Can you get a capture of a session? > > -------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > -------------------------------------------- > -----Original Message----- > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Thursday, January 19, 2006 12:28 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Live log query question > > http://www.ISAserver.org > > My terminology as it relates the network protocol stack has always > been weak and in need of study. > > The app is using TCP as opposed to UDP, and per the destination server > configuration (meaning dictated by the 3rd party) is configured to use > port 80, although I do not know specifically if in the app it is coded > to use port 80 or configured to use the HTTP protocol. > > Made the change to the EnablePMTUDiscover after making sure 896060 was > installed. > > I will see what happens Thursday. > > John T > eServices For You > > > > -----Original Message----- > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > Sent: Wednesday, January 18, 2006 4:34 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Live log query question > > > > http://www.ISAserver.org > > > > Er.. > > "..winsock app using TCP over HTTP.." is essentially meaningless. > > Do you mean an "HTTP-abusive app"? > > Unlike ISA, the sonicwall (i.e., "wall of noise") isn't inspecting > anything beyond L3 in > > the traffic (if that). > > It's possible that ISA is rejecting part of the traffic, but you > haven't > sent any log data > > to that effect (have you looked?). > > > > Verify: > > > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDisc > ov > ery > > == 0x1 (or missing altogether) > > ..if you have to change (or delete) it, you'll need to reboot the > > ISA > server. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > Sent: Wednesday, January 18, 2006 15:13 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Live log query question > > > > http://www.ISAserver.org > > > > No, no alert on connection limit, which is what I was wondering. > > > > More information: > > > > This is a winsock app using TCP over HTTP > > > > App formats query for each part and sends request. (Initiated > connection > > line) > > Request is received, packets are accepted and verified and > > information > is > reviewed. If > > all there and correct, the app then "closes" the connection by > > issuing > a > closesocket > > command which is defined as "Private Declare Function > > api_closesocket > Lib > > "ws2_32.dll" Alias "closesocket" (ByVal s As Long) As Long" and then > cycles to go to > > the next part number. > > > > What I did was have the user only do 5 part numbers. I watched in > > live > query and saw > > 5 Initiated connection each about 1 second apart. He then said it > finished > and he > > closed that window since it was only a test. However, the live query > did > not show the > > Closed connection until 42 seconds after the first Initiated > connection > and until 60 > > seconds after the 4 subsequent initiated connections. > > > > Another user that is behind a Sonicwall TELE3 was able to complete a > query > of 75 part > > numbers with no problem. > > > > So, if the destination server was some how keeping the individual > connections open, I > > should have seen an alert about exceeding number of connections in > ISA, > correct? But > > I did not. > > > > Correction now is that yes I had him do another test and this time > > he > got > to around > > the 27th part number and then froze. At that point, yes there was an > error > about > > exceeding the number of connections. Before he was not getting that > far. > > > > So, ISA is seeing the connection as open until apparently a time out. > So > either the > > destination is keeping it open or it is not getting or accepting the > client close > > connection command. > > > > John T > > eServices For You > > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Wednesday, January 18, 2006 2:14 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Live log query question > > > > > > http://www.ISAserver.org > > > > > > Take a look in your alerts; do you see recent connection limits > > > for that > > client? > > > > > > > > > ------------------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > ------------------------------------------------------- > > > > > > > > > -----Original Message----- > > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > > Sent: Wednesday, January 18, 2006 14:08 > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] Live log query question > > > > > > http://www.ISAserver.org > > > > > > I am working on a problem for a client. > > > > > > ISA 2004 Standard. > > > Windows Server 2003 Standard. > > > Logging to log files. > > > > > > Program: > > > Makes a XML request to a server on the Internet over HTTP. The > request > > > is > > for stock > > > and price on a part number. > > > > > > If the user configures it for a couple lines of part numbers, > > > there > is > > > no > > problem. > > > > > > A user is trying to run a batch of say 25 part numbers. > > > > > > The request is sent for part 1 and a response is received. A > > > request is > > then made for > > > part 2 and a response is received. > > > > > > What is happening is after several part request and received, it > will > > freeze on a > > > request. > > > > > > View the live query, I see a line for each connection and under > > > action, it > > says Initiated > > > connection. As soon as the program freezes, I start seeing on each > > > line > > for the > > > connection under action Closed connection. > > > > > > Is this a restriction/configuration on ISA some where that it is > maybe > > limiting the > > > number of connection strings from the client IP, or is it more > likely > > > a > > restrict the > > > destination server has? > > > > > > John T > > > eServices For You > > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > jim@xxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org Discussion List > as: > > > johnlist@xxxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > All mail to and from this domain is GFI-scanned. > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > johnlist@xxxxxxxxxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > All mail to and from this domain is GFI-scanned. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > johnlist@xxxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.