Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation

The Microsoft Firewall service in ISA Server 2006 stops responding to client requests after you publish a Web server by using NTLM authentication delegation

View products that this article applies to.

Symptoms

Consider the following scenario:
  • You publish a Web server in Microsoft Internet Security and Acceleration (ISA) Server 2006.
  • You configure NTLM authentication delegation in the Web-publishing rule.
In this scenario, the Microsoft Firewall service stops responding to client requests.

Additionally, the following event is logged in the System log:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 1 time(s).

And the following events are logged in the Application log:

Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14057
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
The Firewall service stopped because an application filter module C:\Program Files\Microsoft ISA Server\w3filter.dll generated an exception code C0000005 in address 6473AC0B when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.

Event Type: Error
Event Source: Microsoft ISA Server 2006
Event Category: None
Event ID: 1000
Date: Date
Time: Time
User: N/A
Computer: ServerName
Description:
Faulting application wspsrv.exe, 5.0.5720.100, 44a3a98a, w3filter.dll, 5.0.5720.100, 44a3a962, 0, 0004ac0b.

↑ Back to the top

Cause

This issue occurs because the Microsoft Firewall service incorrectly handles incomplete NTLM authentication responses that are received from the published Web server. This behavior is especially likely to occur when the published Web server tries to break the connection to ISA Server.

↑ Back to the top

Resolution

To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:
950140 Description of the ISA Server 2006 hotfix package: March 9, 2008

↑ Back to the top

Workaround

To work around this problem, change the authentication delegation type in the Web-publishing rule. For example, you can use Basic authentication or Kerberos authentication.

Note You must change the authentication type on the published Web server according to the authentication delegation type.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top

Keywords: KB950139, kbexpertiseinter, kbqfe

↑ Back to the top

Article Info
Article ID : 950139
Revision : 4
Created on : 3/15/2008
Published on : 3/15/2008
Exists online : False
Views : 320