The scenario that I’m going to describe here is really interesting and during the time that I worked in this case all the evidences were pointing to the ISA Server as the root cause for the problem. This case was handled last year and it was one of the cases that originated the fix. Although the fix is one year old, I still seem sometimes clients facing the same issue. For this reason I want to clarify the scenario and the solution.
The description above was exactly what was happening in this case. However the scenario was really specific, because the issue just happen if the ISA was doing a Proxy Chain with Symantec Web Security. When the Windows XP SP2 using Internet Explorer 6 client was browsing a HTTPS web site behind the ISA Server 2004 the Internet Explorer crashed with an access violation. If the client bypass the ISA Server and use the Symantec Web Security as Proxy the issue did not happen.
3. Gathering the Data
The ISA Logging did not show up any suspicious error and the network traces pretty much shows the normal traffic:
1. The client requesting the SSL object from a Web server;
2. The “CONNECT Server_name:443 HTTP/1.1” being sent to port 8080 on the ISA Server computer;
3.The ISA Server connecting to the destination Web server on port 443;
4.The TCP connection established and the ISA Server returning the HTTP/1.1 200 connection established.
Fortunately the Internet Explorer was rising an exception (c0000005 – Access Violation) and it was possible to get the dump during the crash. The exception was happening on the module wininet.dll, handling the function HTTP_REQUEST_HANDLE_OBJECT OpenProxyTunnel_Fsm on the client side.
During this scenario ISA Server was not the root cause for the problem, the wininet.dll had a bug that caused the access violation handling SSL tunneling. A hotfix was shipped to fix this issue and can be downloaded on the article 923535 - Internet Explorer 6 crashes when you try to access an HTTPS URL from a computer that is running Windows XP Service Pack 2 in Microsoft Help and Support.