FIX: All servers in a load-balanced web farm may become unavailable in Forefront Threat Management Gateway 2010

Article translations Article translations
Article ID: 2761736 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:
  • You use the Web Publishing Load Balancing (WPLB) functionality in Microsoft Forefront Threat Management Gateway 2010 to publish many web servers.
  • Over time, you may notice some servers display an "Unavailable" status even though the servers are running, and you can connect to them internally.
  • A manual test of the connectivity verifier to check the status of the web farm servers seems to be sent, and a positive response is received.

In this scenario, all servers in the web farm may become unavailable and prevent Forefront Threat Management Gateway (TMG) from servicing clients. Additionally, you may see the "Web Farms Servers Unavailable" message or an event ID 10150 warning message in the Application log that resembles the following:

Forefront TMG stopped forwarding Web requests through the Web publishing rule rule_name to the server farm server_farm_name because all farm servers are either being drain stopped or are out of service.


Note These symptoms may typically be seen when the published web farm servers are restarted as a part of scheduled maintenance.

Cause

This issue may occur because of an internal error that may occur. The internal error prevents the connectivity verifier results from updating correctly. This prevents TMG from detecting that the servers are available again.

Resolution

To resolve this problem, install the hotfix package that is described in the following Microsoft Knowledge Base article:
2735208 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Workaround

To work around this issue, make a change to the TMG configuration. For example, change the description of the array, and apply the changes. This action will re-create the thread that updates the web farm server status from the connectivity verifier results.

Note This workaround is temporary, and the original condition that caused the monitoring thread to fail may occur again.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2761736 - Last Review: January 10, 2013 - Revision: 1.0
Applies to
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 2, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Standard
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
Keywords: 
kbqfe kbfix kbexpertiseinter kbbug kbsurveynew KB2761736

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com