«

I am developing a .NET 2.0 WinForms client application which communicates
with a Windows 2003 Server (actually SBS 2003, running ISA Server 2004) via
Web Services calls. The client application works fine within our firewall.
But when I access the server from outside the firewall, I get rare and
intermittent failures on the Web Services calls to the server.

I wrapped the Web Services calls in try/catch and watched the exceptions.
The Exception type is System.Net.WebException. The Exception.Message value
for most of the failing calls contains "HTTP 403". On a very rare instance,
I saw a different error involving "Error Code 10061" which looks
suspiciously like an ISA server error.

The full text of each of these errors is appended below.

What are possible causes of intermittent failures like this?

Would anyone with ISA expertise be able to assess whether ISA settings could
be at fault, and if so what settings should I modify?

Thanks, Bruce

------ This exception happens most often -------------------

Exception: [The request failed with HTTP status 403: Forbidden ( The server
denied the specified Uniform Resource Locator (URL). Contact the server
administrator. ).]

------- This exception happens rarely ----------------------

Client found response content type of 'text/html', but expected 'text/xml'.
The request failed with the error message:

--

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>

<STYLE id=L_10061r_1>A:link {

FONT: 8pt/11pt verdana; COLOR: #ff0000

}

A:visited {

FONT: 8pt/11pt verdana; COLOR: #4e4e4e

}

</STYLE>



<META content=NOINDEX name=ROBOTS>

<META http-equiv=Content-Type content="text-html; charset=UTF-8">



<META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>

<BODY bgColor=#ffffff>

<TABLE cellSpacing=5 cellPadding=3 width=410>

<TBODY>

<TR>

<TD vAlign=center align=left width=360>

<H1 id=L_10061r_2 style="FONT: 13pt/15pt verdana; COLOR: #000000"><ID
id=L_10061r_3><!--Problem-->The page cannot be displayed

</ID></H1></TD></TR>

<TR>

<TD width=400 colSpan=2><FONT id=L_10061r_4

style="FONT: 8pt/11pt verdana; COLOR: #000000"><ID
id=L_10061r_5><B>Explanation: </B>The Web server refused the connection,
possibly because a service on the upstream server is
inactive.</ID></FONT></TD></TR>

<TR>

<TD width=400 colSpan=2><FONT id=L_10061r_6

style="FONT: 8pt/11pt verdana; COLOR: #000000">

<HR color=#c0c0c0 noShade>



<P id=L_10061r_7><B>Try the following:</B></P>

<UL>

<LI id=L_10061r_8><B>Refresh page:</B> Search for the page again by
clicking the Refresh button. The timeout may have occurred due to Internet
congestion.

<LI id=L_10061r_9><B>Check spelling:</B> Check that you typed the Web page
address correctly. The address may have been mistyped.

<LI id=L_10061r_10><B>Access from a link:</B> If there is a link to the page
you are looking for, try accessing the page from that link.

<LI id=L_10061r_11><B>Contact website:</B> You may want to contact the
website administrator to make sure the Web page still exists. You can do
this by using the e-mail address or phone number listed on the website home
page.



</UL>

<HR color=#c0c0c0 noShade>



<P id=L_10061r_12>Technical Information (for support personnel)</P>

<UL>

<LI id=L_10061r_13>Error Code 10061: Connection refused

<LI id=L_10061r_14>Background: When the gateway or proxy server contacted
the upstream (Web) server, the connection was refused. This usually results
from trying to connect to a service that is inactive on the upstream server.



</UL></FONT></TD></TR></TBODY></TABLE></BODY></HTML>





--.

Somebody else who had this problem reported it as a router (hardware) problem:

http://www.smallbizserver.net/Forum/...c/Default.aspx

But I doubt that post because it sure looks like other people also have
faced this problem -
http://forums.isaserver.org/m_200200...htm#2002009681 and
the problem is always created when there is ISA 2004 around.

So I suspect it is some ISA setting that you are looking for and suggest
posting this in the ISA forums.

Regards,
Pandurang
--
blog: www.thinkingMS.com/pandurang


"Bruce" wrote:

> I am developing a .NET 2.0 WinForms client application which communicates
> with a Windows 2003 Server (actually SBS 2003, running ISA Server 2004) via
> Web Services calls. The client application works fine within our firewall.
> But when I access the server from outside the firewall, I get rare and
> intermittent failures on the Web Services calls to the server.
>
> I wrapped the Web Services calls in try/catch and watched the exceptions.
> The Exception type is System.Net.WebException. The Exception.Message value
> for most of the failing calls contains "HTTP 403". On a very rare instance,
> I saw a different error involving "Error Code 10061" which looks
> suspiciously like an ISA server error.
>
> The full text of each of these errors is appended below.
>
> What are possible causes of intermittent failures like this?
>
> Would anyone with ISA expertise be able to assess whether ISA settings could
> be at fault, and if so what settings should I modify?
>
> Thanks, Bruce
>
> ------ This exception happens most often -------------------
>
> Exception: [The request failed with HTTP status 403: Forbidden ( The server
> denied the specified Uniform Resource Locator (URL). Contact the server
> administrator. ).]
>
> ------- This exception happens rarely ----------------------
>
> Client found response content type of 'text/html', but expected 'text/xml'.
> The request failed with the error message:
>
> --
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>
> <HTML dir=ltr><HEAD><TITLE>The page cannot be displayed</TITLE>
>
> <STYLE id=L_10061r_1>A:link {
>
> FONT: 8pt/11pt verdana; COLOR: #ff0000
>
> }
>
> A:visited {
>
> FONT: 8pt/11pt verdana; COLOR: #4e4e4e
>
> }
>
> </STYLE>
>
>
>
> <META content=NOINDEX name=ROBOTS>
>
> <META http-equiv=Content-Type content="text-html; charset=UTF-8">
>
>
>
> <META content="MSHTML 5.50.4522.1800" name=GENERATOR></HEAD>
>
> <BODY bgColor=#ffffff>
>
> <TABLE cellSpacing=5 cellPadding=3 width=410>
>
> <TBODY>
>
> <TR>
>
> <TD vAlign=center align=left width=360>
>
> <H1 id=L_10061r_2 style="FONT: 13pt/15pt verdana; COLOR: #000000"><ID
> id=L_10061r_3><!--Problem-->The page cannot be displayed
>
> </ID></H1></TD></TR>
>
> <TR>
>
> <TD width=400 colSpan=2><FONT id=L_10061r_4
>
> style="FONT: 8pt/11pt verdana; COLOR: #000000"><ID
> id=L_10061r_5><B>Explanation: </B>The Web server refused the connection,
> possibly because a service on the upstream server is
> inactive.</ID></FONT></TD></TR>
>
> <TR>
>
> <TD width=400 colSpan=2><FONT id=L_10061r_6
>
> style="FONT: 8pt/11pt verdana; COLOR: #000000">
>
> <HR color=#c0c0c0 noShade>
>
>
>
> <P id=L_10061r_7><B>Try the following:</B></P>
>
> <UL>
>
> <LI id=L_10061r_8><B>Refresh page:</B> Search for the page again by
> clicking the Refresh button. The timeout may have occurred due to Internet
> congestion.
>
> <LI id=L_10061r_9><B>Check spelling:</B> Check that you typed the Web page
> address correctly. The address may have been mistyped.
>
> <LI id=L_10061r_10><B>Access from a link:</B> If there is a link to the page
> you are looking for, try accessing the page from that link.
>
> <LI id=L_10061r_11><B>Contact website:</B> You may want to contact the
> website administrator to make sure the Web page still exists. You can do
> this by using the e-mail address or phone number listed on the website home
> page.
>
>
>
> </UL>
>
> <HR color=#c0c0c0 noShade>
>
>
>
> <P id=L_10061r_12>Technical Information (for support personnel)</P>
>
> <UL>
>
> <LI id=L_10061r_13>Error Code 10061: Connection refused
>
> <LI id=L_10061r_14>Background: When the gateway or proxy server contacted
> the upstream (Web) server, the connection was refused. This usually results
> from trying to connect to a service that is inactive on the upstream server.
>
>
>
> </UL></FONT></TD></TR></TBODY></TABLE></BODY></HTML>
>
>
>
>
>
> --.
>
>
>
>

Thanks for Pandurang's input.

Hi Bruce,

As you mentioned, the probem occurs randomly, so I think it is likely
something incorrect with our server-side webservice code or the client-side
webservice proxy.

The error message "403" or the error 10061 are all related to some
connection or access problem to the target the resource. Would you help me
gathe the following information:

1. What's the security configuration(authentication) for the webservice in
the IIS on the server machine?

2. Is there any authentication setting on the ISA server/firewall against
the http channel?

In addition, generally we can use some trace tools to capture the
webservice SOAP message at client-side or server-side(such as tcptrace or
soaptoolkit), this can help us get the underlying message transmitting on
the http layer. Also, on the server machine, you can have a look at the IIS
log to see whether there is any error entries for the problem webservice
from our clients(on the other side of the ISA firewall).

Please feel free to post here if you have anyother finding. Meanwhile, I'll
also discuss this with some ISA engineers to see whether there is anything
we can check on ISA side.


Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may

learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

Steven,



Thanks for follow-up.



As for your questions:

1) For authentication in IIS, I am using whatever is default (I think this
is called anonymous.)

2) As for ISA, the settings are generally "out of the box" defaults, other
that opening a few ports for some applications. There is no authentication
that I know of. I had to open the firewall to allow the web server to serve
HTTP. (I added a "firewall policy" item to "allow", "from anywhere",
"HTTP", "port 80", etc.)



The tools such as tcptrace or soaptoolkit sound interesting. I'll take a
look at those soon. If there is a good URL for this topic, I'd appreciate
that.



There is one important data point that I didn't mention in my first post. I
do not think the application never exhibited this behavior until I upgraded
from ISA from ISA 2000 to ISA 2004 (as a part of SBS SP1) about three months
ago. Because I had been developing/debugging so many other issues during
that time, it took me a long time to narrow down the factors to that
conclusion. This may be a strong indicator that I have a configuration
problem with ISA. .



What do you think?



Thanks, Bruce



"Steven Cheng[MSFT]" <> wrote in message
news:...
> Thanks for Pandurang's input.
>
> Hi Bruce,
>
> As you mentioned, the probem occurs randomly, so I think it is likely
> something incorrect with our server-side webservice code or the
> client-side
> webservice proxy.
>
> The error message "403" or the error 10061 are all related to some
> connection or access problem to the target the resource. Would you help me
> gathe the following information:
>
> 1. What's the security configuration(authentication) for the webservice in
> the IIS on the server machine?
>
> 2. Is there any authentication setting on the ISA server/firewall against
> the http channel?
>
> In addition, generally we can use some trace tools to capture the
> webservice SOAP message at client-side or server-side(such as tcptrace or
> soaptoolkit), this can help us get the underlying message transmitting on
> the http layer. Also, on the server machine, you can have a look at the
> IIS
> log to see whether there is any error entries for the problem webservice
> from our clients(on the other side of the ISA firewall).
>
> Please feel free to post here if you have anyother finding. Meanwhile,
> I'll
> also discuss this with some ISA engineers to see whether there is anything
> we can check on ISA side.
>
>
> Regards,
>
> Steven Cheng
> Microsoft Online Community Support
>
>
> ==================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may
>
> learn and benefit from your issue.
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

Thank you for the response Bruce,

Since your webservice is anonymous access allowed in IIS, I don't think the
problem is related to the server-side security setting. Also, since not
quite familiar with ISA configuration, I've also discussed this with our
ISA engineers, they have confirmed that the two error messages

"403" or the error 10061 are aiming the same problem(just the different
error representation from different transport layer). It seems that
something is incorrectly corrupted of the webservice request. For example,
the url is incorrectly redirected... The ISA guys also suggest we have a
check in the ISA server's log to see whether there is any clues in it.

In addition, as for the trace tools(tcptrace or soap toolkit), you can find
the SOAP toolkit 3.0 from the following address:

http://www.microsoft.com/downloads/d...0DD-CEEC-4088-
9753-86F052EC8450&displaylang=en

What we need is just the "Trace Utility" tool in it, do not care about
other components in it. Also, you can use any other network trace tools as
you like.

Hope this also helps,

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may

learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Bruce,

Have you got any further progress on this issue? As for the ISA server side
setting, you can also post in the ISA specific newsgroups. And I've
discussed with our ISA guys , they can help you have a look at the ISA log
files if necessary. Please feel free to let me know if there's anything
else we can help.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Steven,

Thanks for all your help on this.

You were right about ISA. That was the source of the problem (as well as
the source of my WSDL problem in a later posting.) Yesterday, we got some
help on our ISA 2004 configuration on the server in question, and the
results are encouraging. Since this problem was intermittent, we need to do
more testing before we can be sure that the problem is 100% solved. But I
suspect it is solved.

Thanks,
-- Bruce


"Steven Cheng[MSFT]" <> wrote in message
news:...
> Hi Bruce,
>
> Have you got any further progress on this issue? As for the ISA server
> side
> setting, you can also post in the ISA specific newsgroups. And I've
> discussed with our ISA guys , they can help you have a look at the ISA log
> files if necessary. Please feel free to let me know if there's anything
> else we can help.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Community Support
>
>
> ==================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>

Thanks for your followup Bruce,

This is good news. Hope you'll soon resolve the problem completely.
Meanwhile, if there is any other webservice developing issue we can help,
please feel free to post here.

Regards,

Steven Cheng
Microsoft Online Community Support


==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================


This posting is provided "AS IS" with no warranties, and confers no rights.

I've the same problem, I wonder if you can share us with the final solution
or changes in ISA 2004 settings to solve this problem.
--
Amr Elsheikh


"Steven Cheng[MSFT]" wrote:

> Thanks for your followup Bruce,
>
> This is good news. Hope you'll soon resolve the problem completely.
> Meanwhile, if there is any other webservice developing issue we can help,
> please feel free to post here.
>
> Regards,
>
> Steven Cheng
> Microsoft Online Community Support
>
>
> ==================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> ==================================================
>
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>