Forefront TMG 2010 Firewall Service-based member of a Forefront TMG array stops responding when another Forefront TMG Firewall Service-based member is stopped

Article translations Article translations
Article ID: 2445979 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • Two members of a Microsoft Forefront Threat Management Gateway (TMG) array host Forefront TMG 2010 Firewall Service.
  • You stop one member of the Forefront TMG array.
In this scenario, the other member stops responding to requests. Additionally, the FWX_E_IS_BUSY error is logged in the Firewall log.

CAUSE

This issue occurs because a continuous loop that creates new connections is formed between the Forefront TMG Firewall Service (fweng) driver and an instance of Forefront TMG Firewall Service. Therefore, the FWX_E_IS_BUSY error is logged in the Firewall log after a while, and the instance of Forefront TMG Firewall Service stops responding.

This loop occurs when a connection for a data pump is routed to the same local address that initiated the data pump.

Notes
  • When this issue occurs, Web publishing fails, and then an instance of the 500 internal server error occurs. Also, flood mitigation quotas are reached, and then some alerts are raised.
  • The communication between the two instances of Forefront TMG Firewall Service uses remote procedure calls (RPC). This RPC traffic is the traffic that initiates the continuous loop that creates new connections.
  • The Windows dead gateway detection mechanism of Forefront TMG Firewall Service routes the data pump traffic to the same local address.

RESOLUTION

Update information

To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2433623 Software Update 2 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2445979 - Last Review: November 16, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
Keywords: 
kbqfe kbfix kbexpertiseinter kbsurveynew KB2445979

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com