Performance pb of web service through isa server 2006

[WT]

Hello,

My configuration is isa 2006 server connected to internet in front of a
windows domain, providing internet access, vpn, exchange 2007 publishing
and a web server in DMZ.

Exchange and web server are published to internet using classical
isa listerners.

The web server is a domain member.
Domain network is 192.168.1.0-255, web server is 10.0.0.2.
Each are connected to a different network card on isa (through a Giga switch
with
VLANs on ports),
Domain is on the internal isa network.
Web server is on annother isa network treated as a DMZwith routing enabled
between internal
and it and Web server piblished to the internet (external isa network)
In the isa rules, we have added full access between our domain controllers
and the web server to have domain authentication working, selecting
necessary protocols.

Our web server needs to access a domain server on the internal isa network
using
web services on port 80.
So we have added a rule allowing full HTTP access from Web server to the Web
Services server on port 80.

It works but is extremely slow, in such a way that some requests which were
working without problems, receive a timeout.
This is not a bandwith problem, especially because today, we have no traffic
on this isa server: 2 clients vpns using RDP , exchange with few mails, few
web access. But we want to open internet traffic on it.

I have suppressed the HTTP filter on the HTTP:80 rule with no change.
Solution is not Ok for a real usage of this architecture with dozen of
access/ hour.
Isa is working perfectly for web and exchange but is so slow for 'firewall
through' web service access !!!

How to improve seriously isa performance ?

1) Is it related to the fact that HTTP connection for web service is
using secureNat ?
The process in web server IIS calling the web service is running under
network services and we are calling web service with a valid network
credentials based on a domain admin account (for test).

2) I tried to add another network card on the Web server and to run it with
an internal domain address 192.168.1.x and connect it directly to domain
switch, but this seems to be fooling isa and I have been loosing server
access so I had to rollback this solution.


Any help welcome.
CS

 

[Steven Cheng]

Hi CS,

From your description, you're encountering some slow performance issue with
an ASP.NET web application(in DMZ server) that calling a webservice
appliation inside intranet(behind ISA server), correct?

Regarding on this issue, I've performed some research and here are some
general ideas for you to troubleshoot the problem:

** First, I think you can try eliminate the webservice application specfic
factors. To test it, you can try exposing a helloworld webservice method
and call it fro your ASP.NET web application to see whether the same
performance hit occurs.

** Since you mentioned that the application is using windows
authentication, if possible, you can try temporarly disable
authentication(allow anonymous) for the webservice application to see
whether it is the authentication that cause slow performance.

** For network specific issues, I've found a thread mentioend some DNS
related problem that may cause such poor performance, you can have a look:

http://www.eggheadcafe.com/software/aspnet/31047462/slow-network-performance
.aspx

In addition, if convenient, I think you can use netmon or other network
trace tools to monitor the network between your web app server and
webservice server to see whether there are many unexpected network
communications that cause the performance issue.

If there is any other findings or anything need help, please feel free to
post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[WT]

Thanks Steven.

Hi CS,

From your description, you're encountering some slow performance issue
with
an ASP.NET web application(in DMZ server) that calling a webservice
appliation inside intranet(behind ISA server), correct?

Regarding on this issue, I've performed some research and here are some
general ideas for you to troubleshoot the problem:

** First, I think you can try eliminate the webservice application specfic
factors. To test it, you can try exposing a helloworld webservice method
and call it fro your ASP.NET web application to see whether the same
performance hit occurs.

** Since you mentioned that the application is using windows
authentication, if possible, you can try temporarly disable
authentication(allow anonymous) for the webservice application to see
whether it is the authentication that cause slow performance.

** For network specific issues, I've found a thread mentioend some DNS
related problem that may cause such poor performance, you can have a look:

http://www.eggheadcafe.com/software/aspnet/31047462/slow-network-performance
aspx

In addition, if convenient, I think you can use netmon or other network
trace tools to monitor the network between your web app server and
webservice server to see whether there are many unexpected network
communications that cause the performance issue.

If there is any other findings or anything need help, please feel free to
post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support
Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Steven Cheng]

Thanks for your reply CS,

If you have any further questions or anything else we can help, please feel
free to post here.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

--------------------