Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Internal firewall client computers and SecureNAT client computers cannot connect to external servers


View products that this article applies to.

Notice

↑ Back to the top


Symptoms

Internal firewall client computers and secure network address translation (SecureNAT) client computers cannot connect to external servers through a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004.

This behavior occurs when the Maximum Transmission Unit (MTU) size for the Internet connection is less than 1500 bytes on the computer that is running ISA Server 2004. For example, you experience this problem when the computer that is running ISA Server 2004 computer uses a DSL connection instead of an Ethernet connection.

A network trace on the external interface of the computer that is running ISA Server 2004 may show that this computer is not using the correct TCP maximum segment size (MSS) value for the TCP connection. You may find that this computer always uses an MSS value of 1460 and not the correct MSS value for the TCP connection. When this occurs, the TCP packets are dropped by external routers.

↑ Back to the top


Cause

This behavior occurs because of a problem with the MTU checking process in ISA Server 2004.

↑ Back to the top


Resolution

How to obtain the hotfix

This issue is fixed in the ISA Server 2004 Hotfix Package dated May 31, 2006. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
919621� Description of the ISA Server 2004 hotfix package: May 31, 2006
After you apply the hotfix that is mentioned in Microsoft Knowledge Base article 919621, run the Microsoft Visual Basic script that is described in this section. To do this, follow these steps.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
  1. Click Start, point to Programs, point to Accessories, and then click Notepad.
  2. Paste the following code into a new Notepad document, and then save by using a file name that has a .vbs file name extension. An example of a file name that has a .vbs file name extension is AddReadMTUregistry.vbs.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    '
    ' Copyright (c) Microsoft Corporation. All rights reserved.
    ' THIS CODE IS MADE AVAILABLE AS IS, WITHOUT WARRANTY OF ANY KIND. THE ENTIRE
    ' RISK OF THE USE OR THE RESULTS FROM THE USE OF THIS CODE REMAINS WITH THE
    ' USER. USE AND REDISTRIBUTION OF THIS CODE, WITH OR WITHOUT MODIFICATION, IS
    ' HEREBY PERMITTED.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    ' This script adds a new VendorParametersSets under the array root.
    ' Used to added new parameters that are needed for hotfixes or service packs.
    ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
    
    Sub AddReadMTUregistry()
    
        ' Create the root obect.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
    
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
    
        ' Get references to the array object
        ' and the network rules collection.
        Set array = root.GetContainingArray
        Set VendorSets = array.VendorParametersSets
    
        On Error Resume Next
        Set VendorSet = VendorSets.Item( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
    
        If Err.Number <> 0 Then
            Err.Clear
    
            ' Add the item
            Set VendorSet = VendorSets.Add( "{143F5698-103B-12D4-FF34-1F34767DEabc}" )
            CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
    
        Else
            WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value("AllowVLANandNLB")
        End If
    
        if VendorSet.Value("ReadInterfaceMTU") <> true Then
    
            Err.Clear
            VendorSet.Value("ReadInterfaceMTU") = true
    
            If Err.Number <> 0 Then
                CheckError
            Else
                VendorSets.Save false, true
                CheckError
    
                If Err.Number = 0 Then
                    WScript.Echo "Done with ReadInterfaceMTU, saved!"
                End If
            End If
        Else
            WScript.Echo "Done with ReadInterfaceMTU, no change!"
        End If
    
    End Sub
    
    Sub CheckError()
    
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
    
    End Sub
    
    AddReadMTUregistry
    
    
  3. Run the script. To do this, double-click the .vbs file that you created.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB919620, kbprb, kbqfe

↑ Back to the top

Article Info
Article ID : 919620
Revision : 4
Created on : 12/4/2007
Published on : 12/4/2007
Exists online : False
Views : 345