[isalist] Re: Timeout issue driving me nuts...

  • From: "Tom Rogers" <trogers@xxxxxxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 17 Sep 2008 15:17:52 -0400

Here is an example of what I am getting when we get the timeout
issues...

 

 

Failed Connection Attempt

ISA 9/17/2008 3:14:37 PM

Log type: Web Proxy (Forward)

Status: 10060 A connection attempt failed because the connected party
did not properly respond after a period of time, or established
connection failed because connected host has failed to respond. 

Rule: Limited Outbound Access for all other protocols

Source: Internal (192.168.1.135)

Destination: External (64.15.175.5:443)

Request: login.facebook.com:443

Filter information: Req ID: 0e58c928; Compression: client=No, server=No,
compress rate=0% decompress rate=0%

Protocol: SSL-tunnel

        
User: DOMAIN\trogers

        
 Additional information <javascript:ToggleList('AddInfoNode')> 

1.                  Client agent: Mozilla/4.0 (compatible; MSIE 7.0;
Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; InfoPath.2)

2.      Object source: Internet (Source is the Internet. Object was
added to the cache.)
3.      Cache info: 0x0
4.      Processing time: 0 ms

5.                  MIME type: 

 

 

Tom Rogers
Systems Administrator
Schneider Packaging Equipment

________________________________

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or
entity to whom they are addressed.If you have received this email in
error please notify the system manager.
This message contains confidential information and is intended only for
the individual named. If you are not the
named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete this
e-mail from your system. If you are not the 
intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the 
contents of this information is strictly prohibited. 

P Please consider the environment before printing this email. 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Jim Harrison
Sent: Tuesday, September 16, 2008 11:54 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Timeout issue driving me nuts...

 

These are frequently difficult to troubleshoot, but the good news is
that 99 times out of 10, the problem is external to ISA.

The first thing to note is the IP address ISA reports as failing to
accept a connection; 204.14.234.61.  

-          Is this the correct IP address for the destination site
(nslookup reports "na5-sjl.salesforce.com")?

-          Is this one of many IPs used for that site (I only find one)?

-          What do you find in the ISA logs around this event?

-          What do you find in the ISA event logs around this event?

-          What devices separate your ISA from the Internet (modem,
router, etc.)?

-          Can you get a capture at each point along the chain?

 

I've not found RR tier-1 support to be of much use; they're typically of
the "let's remove and reinstall TCP/IP" troubleshooting class.

If you can get an escalation to their networking team, you may be able
to get concurrent captures during the failure state.

 

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Tom Rogers
Sent: Tuesday, September 16, 2008 7:58 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Timeout issue driving me nuts...

 

I have one ISA server (2006 SP-1) on a W2K3 SP-2 box, and we are having
a random time out error on only one website. (SalesForce.com)

 

The error message is always this...

 

Technical Information (for Support personnel) Error Code: 504 Proxy
Timeout. The connection timed out. (10060) IP Address: 204.14.234..61

Date: 9/16/2008 2:29:24 PM [GMT]

Server: isa.local.NET

Source: proxy 

 

I though I had it figured out, as an employee from Colorado was VPN'ing
in and using SalesForce.com through our internal network instead of his
own ISP, but he is no longer doing that and we still have the timeout
occurring. Salesforce.com's tech support has basically washed their
hands of it and said it is our ISA 2006 server. My Web Proxy timeout is
set to 1800 seconds - that's 30 minutes so it should never have a
timeout issue.

 

We run on RoadRunner's business class service with 7mbps download, 2mbps
upload (theoretical speed).

 

I don't know where to turn from here. Can anyone help me troubleshoot
this issue? We don't have this issue with any other websites through ISA
2006. 

 

Is there a user friendly reader for the ISA web and fw log files? Is
there a tool to see who or what is taking how much bandwidth at a time?

 

TIA,

 

Tom Rogers
Systems Administrator
Schneider Packaging Equipment

________________________________

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or
entity to whom they are addressed.If you have received this email in
error please notify the system manager.
This message contains confidential information and is intended only for
the individual named. If you are not the
named addressee you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately
by e-mail if you have received this e-mail by mistake and delete this
e-mail from your system. If you are not the 
intended recipient you are notified that disclosing, copying,
distributing or taking any action in reliance on the 
contents of this information is strictly prohibited. 

P Please consider the environment before printing this email. 

 

PNG image

Other related posts: