The Lsass.exe process leaks memory on a server after a client computer attempts to access the server repeatedly if both computers are running Forefront TMG 2010 SP1

Article translations Article translations
Article ID: 2423384 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • You enable the SSL Inspection feature on a server that has Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1)installed.
  • You configure an HTTPS server that does not support Transport Layer Security (TLS) 1.0.
  • You try to access the server repeatedly by using a client computer that has Forefront TMG 2010 SP1 installed.
In this scenario, all attempts to access the server fail, and the Lsass.exe process leaks memory after every attempt. Additionally, the following event entry is logged for every attempt:


Source: Schannel
Event ID: 36888
User: System
Message: The following fatal alert was generated: 10. The internal error state is 10.



Note To monitor the handle count of the Lsass.exe process, run the Process Explorer program, add a Handles column by selecting the Handle Count option from the Process Performance tab. For this issue, the handle count for the Lsass.exe process increases by 2-4 handles after each failed attempt.

CAUSE

This issue occurs because a handshake fails in TLS 1.0.

RESOLUTION

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2288910  Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2423384 - Last Review: October 1, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
Keywords: 
kbqfe kbfix kbexpertiseinter kbsurveynew KB2423384

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com