[500 Points] Timeout Issues on ISA 2004 w/ Surf Control 5.0 & Pix

I have several hundred machines in a AD2000 domain, with an ISA 2004 Firewall w/ Surf Control (3rd Party) for proxy functions in a back to back config with a Pix firewall. I have an internet based application that uses SSL (443) and I'm experiencing Timeout issues (10060). The configuration has been working fine, and this issue just started a week ago. The ISA query log shows SSL transactions that occasionally fail (no authentication) but it's only 1 in 5, but produces a timeout. When I bypass the proxy, by removing the entry in Internet Explore Proxy settings, this resolves the issue.

I have a dual NIC installed with an Outside / Inside configuration. The server only has 1gig of Ram, and is a single processor 1.2Ghz with the latest bios, and drivers.

I have already done the following:
1. DNS is configured correctly
2. Both ISA & Surf Control have recently been re-installed with no resolve
3. Replaced patch cord, used additional port
4. No changes on the router and the routing and tables look fine.
5. Increased the Cache size on the NIC cards per this forum.
6. Turned off http compression, and other filters per this forum.
7. enabled pMTUDiscovery and other registry options per this forum.
8. Increased TCP/IP receive window per this forum
9. Checked that ISA was routing and no NAT enabled

Though all of these have improved matters and decreased the frequency of the timeout issues, I am still receiving them.
In the ISA firewall log (query based) I am seeing a result pertaining to Graceful Shutdown and Failed/Denied transcations

Question: Is it RAM and/or processor related or is this an AD authentication issue?


dlee9Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dlee9Author Commented:
I answered my own question.
For the benefit of those that have had similar issues.. the following website offers all the information you need

http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/client_ssl.mspx?pf=true
Keith AlabasterEnterprise ArchitectCommented:
Sorry Dlee, I've been away all of today with my kids.
If you post a question (its free) in the community section, a moderator will PAQ the question here and refund your points.
Regards
Keith
ISA MCT

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Thank You :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.