When Windows Media Player makes a Web Proxy Automatic Discovery (WPAD) request for the WPAD.dat file, it first appends a query string to the request, such as the following:
This enables a server to send differentiated auto-discovery content to a Media client.
Microsoft Forefront Threat Management Gateway 2010 responds to such requests with a "400 Bad Request" response. Media Player then requests the WPAD.dat file again but without the query string.
When the "400 Bad Request" response is sent, Threat Management Gateway 2010 incorrectly sends Connection: Keep Alive and Proxy-Connection: Keep-Alive headers before it sends a TCP FIN packet to close the TCP connection.
If Media Player then tries to reuse the initial TCP connection for the second request of WPAD.dat because of the presence of the "Keep-Alive" headers, this can cause performance issues because Threat Management Gateway 2010 considers the connection to be closed.
GET wpad.dat?Type=WMTThis enables a server to send differentiated auto-discovery content to a Media client.
Microsoft Forefront Threat Management Gateway 2010 responds to such requests with a "400 Bad Request" response. Media Player then requests the WPAD.dat file again but without the query string.
When the "400 Bad Request" response is sent, Threat Management Gateway 2010 incorrectly sends Connection: Keep Alive and Proxy-Connection: Keep-Alive headers before it sends a TCP FIN packet to close the TCP connection.
If Media Player then tries to reuse the initial TCP connection for the second request of WPAD.dat because of the presence of the "Keep-Alive" headers, this can cause performance issues because Threat Management Gateway 2010 considers the connection to be closed.