The article I suggested has two option:
1. block and log all ICMP traffic from the LAT
2. block and log all traffic from the LAT.

You should implement the change that blocks ICMP.
The single most common cause of fwsrv CPU maxing out is an internal Blaster
/ Welcia / NACHI virus.
Perform a trace on the ISA internal interface; that'll tell you for sure.
--
Jim Harrison [ISASE]
Read the help, books and articles!


This posting is provided "AS IS" with no warranties, and confers no rights.


"Przemo Karlikowski" <***@post.pl> wrote in message news:***@TK2MSFTNGP12.phx.gbl...
The article you mentioned is not a solution. It will block all traffic from
internal network to the isa server and in a result also from the internal
network to the Internet.

I experience this same problem.

I have ISA server patched with all available hotfixes, but not every client.
In some situations it is impossible to patch every client.



Wspsrv.exe consumes 100% processor time on single CPU computers with speed
about 1GHz and about 50-60% on multiprocessor CPU. The conclusion is that
patches released for w2k do not provide sufficient security for computers
and software running on win2000.

Maybe the patch for ISA should be released.



The problem is known since the end of September but still there is no
serious solution offered by Microsoft. It is for me ridicules that the only
thing you "invented" during those two month is suggestion to cut off access
from the internal network to the proxy/firewall, a server that should
provide security for internal network, not to be secured against the
internal network.



Now I just to restart ISA server every day when the traffic is on the
highest level because in that time wspsrv.exe processor consumption reaches
over 80% on 2.6GHz processor and ISA just to drop the Internet connection
and hangs all the network connection and become unavailable to the clients.
http://support.microsoft.com/default.aspx?scid=kb;en-us;283213&Product=ISAS