| Event Id | 14147 |
| Source | SOCKS Filter |
| Description | ISA Server detected routes through adapter %1 that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: %2. |
| Event Information | According to Microsoft Cause: Every subnet connected to the ISA Server computer must be contained in a single network. The conflicting route is crossing the network element boundaries. For each IP address range defined for a network, there should be a corresponding entry in the routing table for the network adapter belonging to that network. Otherwise, ISA Server spoofing detection will consider that packets sent to that IP address range are spoofed and the packet will be dropped. This event may occur momentarily if you recently created a remote site network or configured Network Load Balancing. If you recently did either of these, then see if the event reoccurs. Resolution: Verify that there are correct routes for IP address ranges that are missing from the routing table. If you recently created a remote site network, or recently configured Network Load Balancing, check if the event reoccurs. If it does not, you may safely ignore this message. |
| Reference Links | Event Id:14147 Source Id:SOCKS Filter |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.