ISA Fixes Post Feature Pack 1
By Scott Jiles
Title: 331062 Running ISA Server on Windows Server 2003
Hotfix:
1200.255Link: http://support.microsoft.com/?id=331062
Files: 11-Feb-2003 23:24 3.0.1200.255 8,976 Bwcpmon.dll
Files: 14-Feb-2003 01:41 3.0.1200.255 30,992 Bwserver.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 60,688 Fltrsnk1.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 85,264 H323fltr.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 5,904 Hfperf.dll
Files: 28-Feb-2003 21:23 3.0.1200.255 34,064 Hotfix_res.dll
Files: 16-Feb-2003 19:47 3.0.1200.255 5,904 Hotfix_utl.dll
Files: 11-Feb-2003 23:22 3.0.1200.255 1,821,968 Msfpccom.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 2,570,000 Msfpcsnp.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 178,448 Mspadmin.exe
Files: 11-Feb-2003 23:23 3.0.1200.255 41,296 Mspfltex.sys
Files: 11-Feb-2003 23:23 3.0.1200.255 101,136 Msphlpr.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 16,656 Mspmon.dll
Files: 05-Feb-2003 21:28 3.0.1200.255 501 Os.map
Files: 11-Feb-2003 23:24 3.0.1200.255 34,064 Socksflt.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 6,416 Socksprf.dll
Files: 11-Feb-2003 23:23 3.0.1200.255 390,928 W3proxy.exe
Files: 11-Feb-2003 23:24 3.0.1200.255 6,928 Wspperf.dll
Files: 11-Feb-2003 23:24 3.0.1200.255 298,768 Wspsrv.exe
Summary: The following updates are required for Internet Security and Acceleration (ISA) Server 2000 to function correctly on computers running Windows Server 2003:
ISA Server Service Pack 1 (SP1)
The ISA Server 2000 Required Updates for Windows Server 2003 package
ISA Server is supported on all versions of Windows Server 2003 except Windows Server 2003, Web Edition.
Title: 331065 MS03-009: A Problem in the ISA Server DNS Intrusion Detection Filter May Cause Denial of Service
Hotfix: 1200.256
Link: http://support.microsoft.com/?id=331065
Files: 9-Mar-2003 11:55 3.0.
1200.256 77,072 Issfltr.dllSummary: A problem may occur on an Internet Security and Acceleration (ISA) Server 2000-based computer during the processing of incoming Domain Name System (DNS) requests that are sent to a published internal DNS server.
A successful attack against the ISA Server-based computer requires a malicious DNS request. An attacker might be able to exploit the vulnerability by sending a specially formed request to an ISA Server-based computer that is publishing a DNS server. This might then result in a denial of service to the published DNS server. If this occurs, all future incoming DNS requests to the ISA Server-based computer are stopped at the firewall, and are not passed to the internal DNS server. All other ISA Server functionality is unaffected.
Title: 331066 MS03-012: Flaw in Winsock Proxy Service Can Cause Denial of Service
Hotfix: 1200.257
Link: http://support.microsoft.com/?id=331066
Files: 20-Mar-2003 14:56 3.0.1200.257 178,448 Mspadmin.exe
Files: 20-Mar-2003 14:55 3.0.1200.257 101,136 Msphlpr.dll
Files: 20-Mar-2003 14:55 3.0.1200.257 391,440 W3proxy.exe
Files: 20-Mar-2003 14:55 3.0.1200.257 298,768 Wspsrv.exe
Summary: Microsoft Proxy Server 2.0 and Microsoft Internet Security and Acceleration (ISA) Server 2000 contain support for Windows Sockets (Winsock) proxy communications. Winsock is an API that handles communications requests for Internet applications in a Microsoft Windows operating system.
The Winsock proxy service works with FTP, Telnet, mail, news, Internet Relay Chat (IRC), and other client applications that are compatible with Winsock. The proxy service makes these applications perform as if they were directly connected to the Internet. The service redirects the necessary communications functions to a computer that is running either Proxy Server 2.0 or ISA Server. This establishes a communication path from the internal application to the Internet.
A flaw in the Winsock proxy service may permit an attacker on the internal network to send a specially crafted packet that results in 100% CPU utilization of the computer that is running either Proxy Server 2.0 or ISA Server, causing the computer to stop responding to internal and external requests.
Title: 816621 FIX: Message Screener Causes Handle Leak in Lsass.exe
Hotfix: 1200.258
Link: http://support.microsoft.com/?id=816621
Files: 23-Mar-2003 18:32 3.0.
1200.258 60,688 Fltrsnk1.dllSummary: You cannot run reports in Internet Security and Acceleration (ISA) Server 2000, and the following event ID message is logged in the event log:
Event Type: Error
Event Source: Microsoft ISA report generator Event
Category: None
Event ID: 21026
Date: 2002-10-13
Time: 00:50:00
Description: The action to create the scheduled report, "Weekly Report", with the specified credentials, failed. The error code in the Data area of the event properties indicates the cause.
Data: 0000: 0d 00 00 00
To get the Win32 error for the status code 13 (0x0d) in the Data field of the event, type the following line at a command prompt:
net helpmsg 13
This command returns the following output:
The data is invalid
Note
This problem occurs only if ISA Server and the ISA Server SMTP Message Screener (Fltrsnk1.dll) are installed and running on the same computer. To verify that the message screener is installed, follow the steps in the "More Information" section of this article.
Title: 331067 FIX: ISA Reports May Contain Negative Numbers in the 'All Others' Row
Hotfix: 1200.259
Link: http://support.microsoft.com/?id=331067
Files: 26-Mar-2003 13:34 3.0.
1200.259 792,848 Sumgen.dllSummary: When you view HTML reports, Internet Security and Acceleration (ISA) Server report may show large negative numbers in the All Others row and percentage numbers that do not add up to 100 percent. The report may also include rows with duplicate key names. This may occur when you view reports that are generated from monthly or yearly summary files. Reports that are generated from daily summary files do not have the problem. The default number of daily summaries saved is 36.
Title: 817829 FIX: Passive Mode FTP May Break with Multiple IP Addresses on External Interfaces
Hotfix: 1200.260
Link: http://support.microsoft.com/?id=817829
Files: 02-Apr-2003 11:52 3.0.
1200.260 19,216 Ftpfltr.dllSummary: Internal SecureNAT and Internet Security and Acceleration Server (ISA) Firewall clients may not open the FTP data connection to an FTP server that is using passive mode FTP (PASV). The FTP server may return one of the following error messages:
426 Connection closed; transfer aborted.
-or-
425 Can't open data connection.
In some circumstances, the FTP client may seem to stop responding (hang) or time out. FTP clients that use active mode FTP (PORT) work without error.
Title: 810561 RemoveAllProxyAuthorization Not Applied to SSL Tunneling (CONNECT)
Hotfix: 1200.261
Link: http://support.microsoft.com/?id=810561
Files: 02-Apr-2003 17:04 3.0.1200.261 178,448 Mspadmin.exe
Files: 02-Apr-2003 17:04 3.0.1200.261 101,136 Msphlpr.dll
Files: 02-Apr-2003 17:03 3.0.1200.261 391,440 W3proxy.exe
Files: 02-Apr-2003 17:04 3.0.1200.261 298,768 Wspsrv.exe
Summary: If Internet Security and Acceleration (ISA) Server 2000 is chained to an upstream Web proxy server, you may receive incomplete HTML pages and random authentication prompts in the Web browser when you connect to secure HTTPS sites.
These symptoms may occur if the downstream ISA Server computer is configured to require Integrated proxy authentication and if the upstream Web proxy server is either configured to allow anonymous access or require proxy authentication (typically Basic proxy authentication). This problem occurs most frequently if you connect to a secure HTTPS site that uses a combination of HTTP and HTTPS links.
Title: 810493 INFO: Update Rollup for ISA Server Services
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=810493
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: Microsoft has released an Update Rollup Package for Microsoft ISA Server 2000 that corrects the problems that are described in the following Microsoft Knowledge Base articles:
810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP Protocols
331068 FIX: ISA Firewall Causes Handle Leak in LSASS
813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions
Title: 810559 FIX: Slow Responses and Failures When You Use Server Publishing UDP
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=810559
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you use Server Publishing UDP Protocols (for example, DNS Query), you may notice a variety of problems:
A lot of performance problems.
You cannot connect to the published DNS server externally.
The server may also stop responding after some days and the only resolution is to restart the computer.
Typically, these problems occur when you use Server Publishing DNS Query protocols where requests to the published DNS server from external sources receive a response only after a long delay, or not at all (the request does not succeed).
Title: 331068 FIX: ISA Firewall Causes Handle Leak in LSASS
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=331068
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: Internet Security and Acceleration (ISA) Server Firewall service may slow down or stop responding to client requests.
This behavior occurs under the following configuration:
The internal clients are running the ISA Server Firewall client.
-and-
The ISA Server has access policies defined that require user authentication. This might be Protocol rules or Site and Content rules that apply to specific users or groups.
Title: 813864 FIX: Site and Content Rules Do Not Filter Based on File Name Extensions
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=813864
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you use
Content Types (HTTP Content) in Site and Content Rules to deny or allow requests for downloading specific files (for example, .exe files), ISA Server does not deny or allow the request if you only have the file name extension (for example, .exe) configured in the appropriate Content Group.This problem occurs only when you serve outgoing HTTP request through ISA Server.
Title: 816828 "Permission Denied" Error Message When You Use Rlogin to Log On to a
Hotfix: 1200.264
Link: http://support.microsoft.com/?id=816828
Files: 28-Apr-2003 22:40 3.0.1200.264 178,448 Mspadmin.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 102,160 Msphlpr.dll
Files: 28-Apr-2003 22:40 3.0.1200.264 391,440 W3proxy.exe
Files: 28-Apr-2003 22:40 3.0.1200.264 299,280 Wspsrv.exe
Summary: When you try to use an rlogin connection through Microsoft Internet Security and Acceleration (ISA) Server 2000 to log on to a server on the Internet (for example, to an AIX400 server), you may receive the following error message:
Permission Denied
Title: 815051 The Firewall Client Does Not Support the ConnectEx and WSARecvMsg APIs
Hotfix: 1200.265
Link: http://support.microsoft.com/?id=815051
Files: 20-Apr-2003 14:12 3.0.
1200.265 97,552 Wspwsp.dllSummary: When you use the Firewall client on either Microsoft Windows XP or Microsoft Windows Server 2003, some Winsock applications may not work through ISA Server 2000. For example, Remote Procedure Call (RPC) applications that are using Winsock may not connect through ISA Server 2000. You do not see this issue with Microsoft Windows 2000 or earlier versions of Microsoft Windows when you are running the Firewall client.
Title: 331069 Hotfix to Permit URL Path Redirection in Web Publishing Rules
Hotfix: 1200.266
Link: http://support.microsoft.com/?id=331069
Files: 08-May-2003 21:24 3.0.1200.266 178,448 Mspadmin.exe
Files: 08-May-2003 21:23 3.0.1200.266 103,184 Msphlpr.dll
Files: 09-May-2003 00:45 1.0 19,572 Pathmappingeditor.hta
Files: 08-May-2003 21:23 3.0.1200.266 391,440 W3proxy.exe
Files: 08-May-2003 21:24 3.0.1200.266 299,280 Wspsrv.exe
Summary: When you use Web Publishing Rules to publish an internal Web site, you cannot redirect the URL path to a different path on the internal Web server.
Title: 818621 No Links to Navigate Up Through Directory Levels in FTP Sites When Accessed Through Internet Explorer
Hotfix: 1200.268
Link: http://support.microsoft.com/?id=818621
Files: 05-13-2003 15:38 3.0.1200.268 178,448 Mspadmin.exe
Files: 05-13-2003 15:38 3.0.1200.268 391,952 W3proxy.exe
Files: 05-13-2003 15:38 3.0.1200.268 299,280 Wspsrv.exe
Files: 05-13-2003 15:38 3.0.1200.268 103,184 Msphlpr.dll
Summary: When you view File Transfer Protocol (FTP) sites in Microsoft Internet Explorer, you may notice that there are no links to navigate up through directory levels to the parent directory in the FTP site.
Title: 821098 FIX: Content Cache Issues on Downstream ISA Server Computer
Hotfix: 1200.269
Link: http://support.microsoft.com/?id=821098
Files: 16-May-2003 09:38 3.0.1200.269 178,448 Mspadmin.exe
Files: 16-May-2003 09:38 3.0.1200.269 103,184 Msphlpr.dll
Files: 16-May-2003 09:37 3.0.1200.269 391,952 W3proxy.exe
Files: 16-May-2003 09:38 3.0.1200.269 299,280 Wspsrv.exe
Summary: This article discusses problems that you may experience when you cache Hypertext Transfer Protocol (HTTP) content on a downstream Internet Security and Acceleration (ISA) Server. In these scenarios, all the following configuration conditions apply:
The downstream ISA Server computer does not request authentication.
The downstream ISA Server computer is chaining to an upstream proxy server and you have not set the connection user in the Routing rule of the downstream server.
The upstream proxy server requests authentication.
Title: 816454 Proxy Service Logs an Event ID 14146 Message After Link Translation
Hotfix: 1200.271
Link: http://support.microsoft.com/?id=816454
Files: 25-May-2003 13:19 3.0.
1200.271 34,064 Lnktrans.dllSummary: After you install Internet Security and Acceleration (ISA) Server 2000 Feature Pack 1 and you turn on the Link Translation filter that is included Feature Pack 1, when you start the Web Proxy service, some link translation rules may not work and the following event ID message may be logged:
Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14146
Description: ISA Server failed to load Web Filter DLL C:\Program Files\Microsoft ISA Server\\LnkTrans.dll. The error code shown in the Data area of the event properties indicates the cause of the failure.
Title: 818136 Web Proxy Service May Crash When It Processes a Redirect Action
Hotfix:
1200.276Link: http://support.microsoft.com/?id=818136
Files: 12-Jun-2003 07:37 3.0.1200.276 178,448 Mspadmin.exe
Files: 12-Jun-2003 07:37 3.0.1200.276 103,184 Msphlpr.dll
Files: 12-Jun-2003 07:36 3.0.1200.276 391,952 W3proxy.exe
Files: 12-Jun-2003 07:37 3.0.1200.276 299,280 Wspsrv.exe
Summary: The Web proxy service (W3proxy.exe) may crash (that is, experience an access violation) when it processes an HTTP redirect action on a site and content rule that denies access
Scott Jiles is an Escalation Engineer with Microsoft PSS.