ISA Server Event 14120 Is Logged and Packet Filter Cannot Be Created

The following error is logged in Event Viewer because there is a conflict with the Local Address Table (LAT) in Internet Security and Acceleration (ISA) Server 2000 and the routing table: The data area also translates to error "0xc000141", or "(dec): 3072 321". If the LAT does not have a conflict with the local routing table (for example, if you set the LAT correctly to only include the IP addresses of all internal interfaces) you may see this event error under the following circumstances:

• You have configured ISA Web publishing to an internal Web server, or to the local IIS server on the ISA server.
• An internal client requests the Web site using a fully qualified domain name (FQDN) that resolves to the external IP address of ISA.
• ISA has both NICs in the same segment and outbound packets go out through the same NIC where the client's request arrived (because that is where the default gateway is configured).

This behavior occurs because when the ISA Web service listens on the external IP address on behalf of the Web server, and the internal client tries to access that service, Web proxy tries to create a packet filter for that address because the proxy views that the address as external (which it is). The packet filter driver fails to create the filter because the address is not reachable through the external interface; instead, the address is reachable through the loopback interface. The result is the event log entry.

Although you can ignore this event, you can also resolve this behavior. To do so, on the DNS server that is being used for internal name resolution, create a host record (A record) for the fully qualified domain name that is used by internal users and that resolves to the internal IP address or the IP address of the Web server on which the Web site is hosted.