The Lsass.exe process leaks memory on a server after a client computer attempts to access the server repeatedly if both computers are running Forefront TMG 2010 SP1

Consider the following scenario:

• You enable the SSL Inspection feature on a server that has Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1)installed.
• You configure an HTTPS server that does not support Transport Layer Security (TLS) 1.0.
• You try to access the server repeatedly by using a client computer that has Forefront TMG 2010 SP1 installed.

In this scenario, all attempts to access the server fail, and the Lsass.exe process leaks memory after every attempt. Additionally, the following event entry is logged for every attempt:

Source: Schannel
Event ID: 36888
User: System
Message: The following fatal alert was generated: 10. The internal error state is 10.

Note To monitor the handle count of the Lsass.exe process, run the Process Explorer program, add a Handles column by selecting the Handle Count option from the Process Performance tab. For this issue, the handle count for the Lsass.exe process increases by 2-4 handles after each failed attempt.

This issue occurs because a handshake fails in TLS 1.0.

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: