Solved

ISA Sevrer 2000 connection timeout problem with specific web sites

Posted on 2008-10-06
5
2,050 Views
Last Modified: 2013-11-16
Hello all,
I have a strange problem.
i am running ISA server 2000 on a windows server 2000 system and this system is the proxy server for all XP clients.

Recently i moved over 2 a new ISP. Since then (i think..i am not sure if it was after i shifted the ISP) the clients have started receiving an error while browsing some particular sites. All other sites are opening just fine. With these specific sites, i get an error  "10060 - Connection timeout, Internet Security and Acceleration Server |
Background:The gateway could not receive a timely response from the Web site you are trying to access. This might indicate that the network is congested, or that the Web site is experiencing technical difficulties."
I have seen people having the same problem on the forums. however my situation is a bit different
1. we can browse all web sites but only specific web sites throws this problem
2. i get the same error on both IE & Firefox
3. some web sites open but the display is like a bomb has gone off in the middle of the web page!!...all links are scattered, text is scattered and images are displayed like "X" in a box. Even this scattered dispaly takes a lot of time to load
4. i have restarted the server.
5. the server uses an internal DNS. i have flushed the cache of the DNS server and restarted the DNS services.
6. so i decided to blame the ISP. however those guys came with a laptop and connected the internet cable directly to a laptop (bypassing the ISA and internal DNS). and the web sites in question opened in fraction of a second. So the ISP is OKAY!!!
7. the ISA server hard disk showed lot of fragmentation, even defrag did not help. The ISA cache file has been allocated 10 GB of space.
8. i am also able to do an "nslookup" for the domain names in question from the clients
9. some of the web sites which dont open are
rediff.com
moneycontrol.com
indiatimes.com

I have no idea whats going on!!
Any suggestions would be of great help

Thanks
Manoj
0
Comment
Question by:smanoj21
  • 3
5 Comments
 
LVL 2

Expert Comment

by:shhashemi
ID: 22649255
HI,
there must be a problem with :
most possible
1-your cache on isa server is not functioning well ( disable caching an try testing), if you do not hav any external cache server in front of isa server.
2-your dns server is not functioning well,config the dns server to forward request but  not resolving the names (public dns : 4.2.2.1- 4.2.2.2-192.9.9.3), check the dns server connectvity to internet on every made resuest.(isa dasboard > logging  > monitoring)
3-you made a modify on http parameters of one your rules ( right click on internet allow rule > http config), reverse it and
4-you have a content fitering server / device/service (surfcontrol,cyblock,websense,...)installed on/in front of isa server that inspects and modifies the http resquest and is not functioning correctly ( find it in add-ins page on isa server management tool ,using the configuration > add-ins ) disable the add-in,restart the firewall service .
Good Luck
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 22650205
First of all - ISA2000 went out of support over two years ago even with SP2. You really should be on a supported product that has the necessary filters and support for the way Internet sites can now implement things - ISA2000 will struggle with a number of these.

Second, are you using ISA as a proxy only or integrated solution?
I assume you are on ISA2000 SP2?
If you make the request from ISA itself, does it display the same issues as seen from client pc's?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22874002
I think that is what I said
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 22911645
:)  thanks
0
 

Author Comment

by:smanoj21
ID: 23040566
Hi ...so i am back!
Now i have installed a server from scrach with Windows server 2003 R2 Standard and ISA Server 2006 SP1. Still the same problem !!! i have the below information:

The clients receive the error:
Error Code 10060: Connection timeout
Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.

The ISA server logging throws the below info:
 
Failed Connection Attempt IDGURISA01 11/26/2008 2:42:41 PM
Log type: Web Proxy (Forward)
Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
Rule: Internal
Source: Internal (192.168.129.71)
Destination: Internal (79.140.80.26:80)
Request: GET http://gfx8.hotmail.com/mail/13.2.0242.1113/styles/Base/InboxAll.css 
Filter information: Req ID: 06707f4e; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: COOLIDGUR\msukumaran
 
This is really really strange. Some sites are opening just fine but others just wont open due to the above info. I have no clue what to do next...have tried everything. Last thing i can think of is restarting the Domain controller (DNS server) ..lol !

Please help !!
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question