Friday, September 21, 2007

ISA woes with Windows 2003 SP2

Ive been having intermittent network connectivity server issues in a number of locations since Windows 2003 SP2 was installed. Specifically on ISA2004 and ISA2006 servers.

It took me some time to realise that the issue was caused by Win2K3SP2, however I seem to be in good company as this service pack has caused huge problems.

Specifically the problems I'd seeing are intermittent VPN Client error 619 for no good reason. If the user tries again many times they will eventually get in. Also I am unable to create an RDP console to the ISA server. This makes life even more frustrating.

From the links below 2 items seem to stand out. Firstly that you need to get your NIC drivers fully up to date. Apparently Win2k3SP2 is trying to make use of advanced NIC features that the original or older drivers don't know about. Secondly you need to remove Receive Side Scaling on any machine where you have 2 network cards such as ISA. You should also disable TaskOffload if you are still getting problems.

There is a good article on the technet blogs here (Dont let the fact its in the SBS forum put you off) and one from the ISA product team blog here

MS Article "You may experience network-related problems after you install Windows Server 2003 SP2 or the Scalable Networking Pack" at

MS KB927695 on Receive Side Scaling is here

Symptoms are as follows:

• When you try to connect to the server by using a VPN connection, you receive the following error message:
Error 800: Unable to establish connection.
• You cannot create a Remote Desktop Protocol (RDP) connection to the server.
• You cannot connect to shares on the server from a computer on the local area network.
• You cannot join a client computer to the domain.
• You cannot connect to Microsoft Exchange Server from a computer that is running Microsoft Outlook.
• You can only connect to Web sites that are hosted on the server or on the Internet by using a secure sockets layer (SSL) connection. In this scenario, you cannot connect to a Web site that does not use SSL encryption.
• You experience slow network performance.
• You cannot create an outgoing FTP connection from the server.
• The DHCP Server service crashes.
• Clients experience slow domain logons.
• Network Address Translation (NAT) clients that are located behind Windows SBS 2003 experience intermittent connection failures.
• You experience intermittent RPC communications failures.
• Clients that are configured as SecureNat clients may be unable to connect to the Internet.
• Some Outlook clients may be unable to connect to Exchange.
• You cannot run the Configure E-mail and Internet Connection Wizard successfully.
• Microsoft Internet Security and Acceleration (ISA) Server blocks RPC communications.
• Clients cannot visit the http://companyweb Web site.
• You cannot browse Internet Information Services (IIS) Virtual Directories.

No comments: