none
SharePoint 2010 behind Forefront Unified Access Gateway 2010 (UAG) getting http 500 error RRS feed

  • Question

  • I want to analyze a website from me with an PowerShell script. But I get every 9 request a http 500 server error. I think it´s a security rule from the UAG, but I´m not sure.

    When I set $pause to 15 seconds or lower I get every 9 request a http 500 error. But when I set $pause to 17 seconds or greater I don´t get any errors.

    Any ideas what can be the problem?

    (UAG SP1 on WS 2008 R2 and SharePoint SP1 on WS 2008 R2)

     

    My code:

    $url = "http://www.my.url"
    $n=100
    $timeout = 20000
    $maxRedirections = 300
    $perDomain = 100
    $pause = 0

    for ($i = 0; $i -le $n; $i++)
    {
        $i 

        try{             
        $cc = New-Object System.Net.CookieContainer     
        $request = [System.Net.WebRequest]::Create($url);
        $request.Timeout = $timeout
        $cc.PerDomainCapacity = $perDomain
        $request.CookieContainer = $cc
        $request.MaximumAutomaticRedirections = $maxRedirections
        $response = $request.GetResponse()

        $response.StatusCode

        $stream = $response.GetResponseStream()
        $stream.Close()
        $stream.Dispose()
        $response.Close()
        }
        catch [System.Net.WebException]{
         Write-Host $_.Exception.ToString()
        }      

        sleep -Milliseconds $pause
    }

    Thursday, October 20, 2011 2:52 PM

Answers

  • Hi LaPhi,

    Yes. This mechanism is activated by default and as far as I know, it can not be disabled.

    The issue related to amount of different cookies arrive on the same connection and in my machine each run of the script fail on different number as it also related to the time between requests.

    Since the script follow the redirect and generate request with the cookie it get, and then on the same connection generate another request without cookie and get a new cookie, this trigger the mechaism as UAG see a lot of requests with different cookies coming from the same connection which should not be normal flow...

     

    Ophir.

    • Marked as answer by LaPhi Wednesday, October 26, 2011 6:09 PM
    Wednesday, October 26, 2011 4:25 PM
    Moderator

All replies

  • Have you checked the TMG logs to see what is being blocked?

    UAG does not have rules "per se" it will most likely be a problem with TMG, Firewall, or something else. More likely than not you are simply requesting pages to quickly and eventually packets are being skipped and TMG throws a fit if it starts receiving stuff it didn't ask for.

    What security method do you use in the environment, Kerberos or NTLM?

    Thanks


    Steve
    Thursday, October 20, 2011 4:14 PM
  • Hi LaPhi,

    The UAG contain built-in mechanism to prevent DoS attack. If it see too many connections coming on the same connection (i.e. from same source-IP and source-Port) without a valid cookie at a short time, it will drop the connection and this will cause error 500.

    If you generate UAG traces, you will see the following in the trace:

    Warning:Found a registered connection from [1.2.3.4:56789] bound to sessionID [10]. requesting suddenly without session cookie, threshold reached connection will now be closed!.

    (I got this using the above script you sent)

    In order to avoid this error, you should either use new connection for each request (not re-use the existing connection) or, as you did, have some pause between requests.

    Hope this helps.

     

    Ophir.

    Tuesday, October 25, 2011 4:35 PM
    Moderator
  • Thank for your answer ophirp. This is very interesting.

    Is this built-in mechanism really per default activated?

    Have you more information about it?

     

    With my script, you getting also every 9 requests an http 500 error?

    Wednesday, October 26, 2011 3:28 PM
  • Hi LaPhi,

    Yes. This mechanism is activated by default and as far as I know, it can not be disabled.

    The issue related to amount of different cookies arrive on the same connection and in my machine each run of the script fail on different number as it also related to the time between requests.

    Since the script follow the redirect and generate request with the cookie it get, and then on the same connection generate another request without cookie and get a new cookie, this trigger the mechaism as UAG see a lot of requests with different cookies coming from the same connection which should not be normal flow...

     

    Ophir.

    • Marked as answer by LaPhi Wednesday, October 26, 2011 6:09 PM
    Wednesday, October 26, 2011 4:25 PM
    Moderator