Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. When clients connect to a Web site that you published by using ISA Server 2006, the Microsoft Firewall service may use 100 percent of the CPU resources

When clients connect to a Web site that you published by using ISA Server 2006, the Microsoft Firewall service may use 100 percent of the CPU resources

View products that this article applies to.

Symptoms

When clients connect to a Web site that you published by using Microsoft Internet Security and Acceleration (ISA) Server 2006, the Microsoft Firewall service (fwsrv) may use 100 percent of the CPU resources.

You may experience this problem if the following conditions are both true:
  • The clients connect to the Web site by using the HTTPS protocol.
  • The Web listener for the Web site publishing rule requires client Secure Sockets Layer (SSL) certificates for authentication.
Note To determine whether the Web listener requires client SSL certificates, follow the steps in the "More Information" section.

↑ Back to the top

Cause

This problem occurs if ISA Server 2006 cannot renegotiate the encryption keys with the client.

On the Authentication Preferences tab of the Advanced Authentication Options dialog box for the Web listener, you can use the SSL client certificate timeout (seconds) check box together with a value to configure when the client certificate times out. By default, this value is set to 300 seconds. When the client certificate times out, ISA Server 2006 tries to renegotiate encryption keys with the client.

↑ Back to the top

Resolution

A hotfix is available for computers that are running ISA Server 2006. To resolve this problem, install the hotfix that is described in the following Microsoft Knowledge Base article:

937186 Description of the ISA Server 2006 hotfix package that is dated May 14, 2007

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More information

How to determine whether the Web listener requires client SSL certificates

  1. Start the ISA Server Management tool, and then locate the appropriate Web site publishing rule.
  2. Right-click the Web site publishing rule, and then click Properties.
  3. Click the Listener tab, verify that the correct listener is displayed, and then click Properties.
  4. Click the Authentication tab, and then click Advanced.
  5. On the Authentication Preferences tab of the Advanced Authentication Options dialog box, determine whether the Require SSL client certificate check box is selected.

↑ Back to the top

Keywords: KB937434, kbprb, kbbug, kbfix, kbtshoot, kbfirewall, kbarchive, kbnosurvey

↑ Back to the top

Article Info
Article ID : 937434
Revision : 2
Created on : 1/16/2015
Published on : 1/16/2015
Exists online : False
Views : 342