Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: Server that's running Forefront Threat Management Gateway 2010 stops accepting all new connections and becomes unresponsive


View products that this article applies to.

Symptoms

A server that's running Microsoft Forefront Threat Management Gateway (TMG) 2010 may stop accepting all new connections and become unresponsive. This issue may occur after somewhere between several hours and several days of server uptime.

When this condition occurs, users may be unable to establish a Terminal Services session to the server. User authentication of requests may also be unsuccessful, because the Forefront TMG server may lose its connection to the domain controller.

In this situation, Performance Monitor may display the following:
  • The Backlogged Packets counter in the Forefront TMG Firewall Packet Engine may show a very large increase. This increase can reach a level of more than 1,000 packets in the queue.
  • The Available Worker Threads counter in the Forefront TMG Firewall Service may suddenly decrease to zero.

↑ Back to the top


Cause

This problem occurs because of a race condition between the Forefront Threat Management Gateway Firewall service and local system processes such as the DNS Client service or the Local Security Authority Process (LSASS). Specifically, in a heavy load environment, when all work items that have to be completed are processed, insufficient priority is given to some tasks that should be completed first. This causes the race condition.

↑ Back to the top


Resolution

To resolve this problem, install Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

↑ Back to the top


Note Although this issue was first fixed in Rollup 3  for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2, we have identified additional conditions that could cause this problem.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More Information

This fix prevents the race condition between the Forefront Threat Management Gateway Firewall service and local services that are running on the Forefront TMG server by reserving more worker threads and giving increased priority to more important tasks that are related to local host traffic processing.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: kb, kbnotautohotfix, kbexpertiseinter, kbbug, kbsurveynew, kbqfe, kbfix

↑ Back to the top

Article Info
Article ID : 2700248
Revision : 1
Created on : 1/7/2017
Published on : 7/8/2014
Exists online : False
Views : 409