Hi John, Most likely SSL sites, right? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > Sent: Monday, January 23, 2006 12:28 AM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: Live log query question > > http://www.ISAserver.org > > An overdue update. > > I changed the concurrent connection limits for the default to > 50 (it was 40, > although I thought I read it by default should be 160) and > then created a > computer set for the sales department and configured their concurrent > connection limit to 200. That got them to work and surprise, > a couple of > other websites that they were having problems with now worked. > > So, for some reason, the connection in ISA is remaining open > until it times > out after 60 seconds. > > So, a NetMon capture is the next step. However, I am poor at > reading NetMon > captures. > > John T > eServices For You > > > > -----Original Message----- > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > Sent: Thursday, January 19, 2006 7:45 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: Live log query question > > > > http://www.ISAserver.org > > > > Not yet but once on-site today if there is no change after > adding the PMTU > > registry that will be the next step. > > > > BTW, I assume this has nothing to do with the other problem I sent, > correct? > > > > John T > > eServices For You > > > > > > > -----Original Message----- > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > Sent: Thursday, January 19, 2006 7:00 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Live log query question > > > > > > http://www.ISAserver.org > > > > > > No worries, although it does make problem description a > bit unusual. > > > For instance, HTTP is pretty much dependent on TCP since it has no > > > inherent traffic management built in. > > > > > > Whether the app uses HTTP or merely uses port 80 is significant. > > > Can you get a capture of a session? > > > > > > -------------------------------------------- > > > Jim Harrison > > > MCP(NT4, W2K), A+, Network+, PCG > > > http://isaserver.org/Jim_Harrison/ > > > http://isatools.org > > > Read the help / books / articles! > > > -------------------------------------------- > > > -----Original Message----- > > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > > Sent: Thursday, January 19, 2006 12:28 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: Live log query question > > > > > > http://www.ISAserver.org > > > > > > My terminology as it relates the network protocol stack > has always been > > > weak > > > and in need of study. > > > > > > The app is using TCP as opposed to UDP, and per the > destination server > > > configuration (meaning dictated by the 3rd party) is > configured to use > > > port > > > 80, although I do not know specifically if in the app it > is coded to use > > > port 80 or configured to use the HTTP protocol. > > > > > > Made the change to the EnablePMTUDiscover after making > sure 896060 was > > > installed. > > > > > > I will see what happens Thursday. > > > > > > John T > > > eServices For You > > > > > > > > > > -----Original Message----- > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > Sent: Wednesday, January 18, 2006 4:34 PM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: Live log query question > > > > > > > > http://www.ISAserver.org > > > > > > > > Er.. > > > > "..winsock app using TCP over HTTP.." is essentially > meaningless. > > > > Do you mean an "HTTP-abusive app"? > > > > Unlike ISA, the sonicwall (i.e., "wall of noise") isn't > inspecting > > > anything beyond L3 in > > > > the traffic (if that). > > > > It's possible that ISA is rejecting part of the traffic, but you > > > haven't > > > sent any log data > > > > to that effect (have you looked?). > > > > > > > > Verify: > > > > > > > > HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Enable > PMTUDiscov > > > ery > > > > == 0x1 (or missing altogether) > > > > ..if you have to change (or delete) it, you'll need to > reboot the ISA > > > server. > > > > > > > > ------------------------------------------------------- > > > > Jim Harrison > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > http://isaserver.org/Jim_Harrison/ > > > > http://isatools.org > > > > Read the help / books / articles! > > > > ------------------------------------------------------- > > > > > > > > > > > > -----Original Message----- > > > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > > > Sent: Wednesday, January 18, 2006 15:13 > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: Live log query question > > > > > > > > http://www.ISAserver.org > > > > > > > > No, no alert on connection limit, which is what I was wondering. > > > > > > > > More information: > > > > > > > > This is a winsock app using TCP over HTTP > > > > > > > > App formats query for each part and sends request. (Initiated > > > connection > > > > line) > > > > Request is received, packets are accepted and verified > and information > > > is > > > reviewed. If > > > > all there and correct, the app then "closes" the > connection by issuing > > > a > > > closesocket > > > > command which is defined as "Private Declare Function > api_closesocket > > > Lib > > > > "ws2_32.dll" Alias "closesocket" (ByVal s As Long) As > Long" and then > > > cycles to go to > > > > the next part number. > > > > > > > > What I did was have the user only do 5 part numbers. I > watched in live > > > query and saw > > > > 5 Initiated connection each about 1 second apart. He > then said it > > > finished > > > and he > > > > closed that window since it was only a test. However, > the live query > > > did > > > not show the > > > > Closed connection until 42 seconds after the first Initiated > > > connection > > > and until 60 > > > > seconds after the 4 subsequent initiated connections. > > > > > > > > Another user that is behind a Sonicwall TELE3 was able > to complete a > > > query > > > of 75 part > > > > numbers with no problem. > > > > > > > > So, if the destination server was some how keeping the > individual > > > connections open, I > > > > should have seen an alert about exceeding number of > connections in > > > ISA, > > > correct? But > > > > I did not. > > > > > > > > Correction now is that yes I had him do another test > and this time he > > > got > > > to around > > > > the 27th part number and then froze. At that point, yes > there was an > > > error > > > about > > > > exceeding the number of connections. Before he was not > getting that > > > far. > > > > > > > > So, ISA is seeing the connection as open until > apparently a time out. > > > So > > > either the > > > > destination is keeping it open or it is not getting or > accepting the > > > client close > > > > connection command. > > > > > > > > John T > > > > eServices For You > > > > > > > > > > > > > -----Original Message----- > > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] > > > > > Sent: Wednesday, January 18, 2006 2:14 PM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] RE: Live log query question > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > Take a look in your alerts; do you see recent > connection limits for > > > > > that > > > > client? > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > Jim Harrison > > > > > MCP(NT4, W2K), A+, Network+, PCG > > > > > http://isaserver.org/Jim_Harrison/ > > > > > http://isatools.org > > > > > Read the help / books / articles! > > > > > ------------------------------------------------------- > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: John T (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] > > > > > Sent: Wednesday, January 18, 2006 14:08 > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] Live log query question > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > I am working on a problem for a client. > > > > > > > > > > ISA 2004 Standard. > > > > > Windows Server 2003 Standard. > > > > > Logging to log files. > > > > > > > > > > Program: > > > > > Makes a XML request to a server on the Internet over HTTP. The > > > request > > > > > is > > > > for stock > > > > > and price on a part number. > > > > > > > > > > If the user configures it for a couple lines of part > numbers, there > > > is > > > > > no > > > > problem. > > > > > > > > > > A user is trying to run a batch of say 25 part numbers. > > > > > > > > > > The request is sent for part 1 and a response is > received. A request > > > > > is > > > > then made for > > > > > part 2 and a response is received. > > > > > > > > > > What is happening is after several part request and > received, it > > > will > > > > freeze on a > > > > > request. > > > > > > > > > > View the live query, I see a line for each connection > and under > > > > > action, it > > > > says Initiated > > > > > connection. As soon as the program freezes, I start > seeing on each > > > > > line > > > > for the > > > > > connection under action Closed connection. > > > > > > > > > > Is this a restriction/configuration on ISA some where > that it is > > > maybe > > > > limiting the > > > > > number of connection strings from the client IP, or is it more > > > likely > > > > > a > > > > restrict the > > > > > destination server has? > > > > > > > > > > John T > > > > > eServices For You > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > Discussion List > > > as: > > > > jim@xxxxxxxxxxxx > > > > > To unsubscribe visit > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > Discussion List > > > as: > > > > > johnlist@xxxxxxxxxxxxxxxxxxx > > > > > To unsubscribe visit > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > jim@xxxxxxxxxxxx > > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > > johnlist@xxxxxxxxxxxxxxxxxxx > > > > To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > jim@xxxxxxxxxxxx > > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > Discussion List as: > > > johnlist@xxxxxxxxxxxxxxxxxxx > > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > johnlist@xxxxxxxxxxxxxxxxxxx > > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >