Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

ISA Server Event 14120 Is Logged and Packet Filter Cannot Be Created


View products that this article applies to.

This article was previously published under Q288396

↑ Back to the top


Symptoms

The following error is logged in Event Viewer because there is a conflict with the Local Address Table (LAT) in Internet Security and Acceleration (ISA) Server 2000 and the routing table:
Event Type: Error
Event Source: Microsoft Web Proxy
Event Category: None
Event ID: 14120
Date: 4/18/2001
Time: 2:08:35 PM
User: N/A
Computer: computer name
Description:

The ISA Server services cannot create a packet filter 24.25.66.26. This event occurs when there is a conflict between the LAT configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.

Data:
0000: 41 01 00 c0
The data area also translates to error "0xc000141", or "(dec): 3072 321". If the LAT does not have a conflict with the local routing table (for example, if you set the LAT correctly to only include the IP addresses of all internal interfaces) you may see this event error under the following circumstances:
  • You have configured ISA Web publishing to an internal Web server, or to the local IIS server on the ISA server.
  • An internal client requests the Web site using a fully qualified domain name (FQDN) that resolves to the external IP address of ISA.
  • ISA has both NICs in the same segment and outbound packets go out through the same NIC where the client's request arrived (because that is where the default gateway is configured).

↑ Back to the top


Cause

This behavior occurs because when the ISA Web service listens on the external IP address on behalf of the Web server, and the internal client tries to access that service, Web proxy tries to create a packet filter for that address because the proxy views that the address as external (which it is). The packet filter driver fails to create the filter because the address is not reachable through the external interface; instead, the address is reachable through the loopback interface. The result is the event log entry.

↑ Back to the top


Resolution

Although you can ignore this event, you can also resolve this behavior. To do so, on the DNS server that is being used for internal name resolution, create a host record (A record) for the fully qualified domain name that is used by internal users and that resolves to the internal IP address or the IP address of the Web server on which the Web site is hosted.

↑ Back to the top


Keywords: KB288396, kbprb, kberrmsg, kbenv

↑ Back to the top

Article Info
Article ID : 288396
Revision : 2
Created on : 1/15/2006
Published on : 1/15/2006
Exists online : False
Views : 490