• Internet Explorer 6 using proxy settings
  • ISA 2004/2006 with ClearTunnel 1.2 or later


When IE tries to make an HTTPS connection to a web server that does not respond, ClearTunnel's design triggers a browser bug. All future connection attempts stall or "spin" without actually sending any traffic to ISA. This includes http connections. Closing and re-opening IE restores its operation.

More information

In order to proxy connections, ClearTunnel must respond to the browser in place of the real server. By the time ClearTunnel finds out the real server is not available, the browser has already entered SSL mode. When ClearTunnel then closes the connection to the browser, IE6 experiences a bug and cannot open future connections even though all its old ones have closed gracefully.


IE7 does not experience this behavior. If possible, upgrade your client systems.


ClearTunnel can be instructed to perform an extra "test" connection to each SSL site before responding to the browser. If this test fails then the bug can be avoided by sending an error to the browser before it enters SSL mode.

To enable the workaround:

  • Create a text file on the ISA server, giving it a .js extension instead of txt
  • Enter the following code in the file with Notepad:

    var root = new ActiveXObject("FPC.Root") var settingsSet = root.GetContainingArray().Extensions.WebFilters.Item("{0E5B37CA-4805-4e9d-BD18-369BBE5F3714}").VendorParametersSets.Item("{975CD532-A802-4d2b-9DFF-DF9DEB9FBFA9}") settingsSet.Value("PreConnectCheck") = "true" settingsSet.Save(false, true) WScript.echo("Done.") 
  • Save the file

  • In Explorer, double-click the .js file to execute the code
  • The script should pop up a small dialog saying "Done." if the change was saved successfully.

To disable the workaround, follow the above steps, but substitute the line:

settingsSet.Value("PreConnectCheck") = "true" 

with the line:

settingsSet.Value("PreConnectCheck") = "false"