Article ID: 2973749 - View products that this article applies to.
HTTP connectivity verifiers in Microsoft Forefront Threat Management Gateway 2010 may return failures for websites that are actually available. Therefore, rules that use Web Publishing Load Balancing (WPLB) may be unavailable, because Threat Management Gateway incorrectly assumes that all servers in the web farm are unavailable.
You may also receive frequent "No Connectivity" messages for the verifiers in question. These messages resemble the following:
The connectivity verifier "Name_of_Verifier" reported an error when trying to connect to https://ip_host/uri. Reason: No connection.
The connectivity verifier "Name_of_Verifier" reported an error when trying to connect to https://ip_host/uri. Reason: The request has timed out.
Event IDs 10050 and 21137 are sometimes another indication of this problem.
You can monitor the status of individual connectivity verifiers in the Threat Management Gateway Microsoft Management Console (MMC) by checking the Result column under Connectivity Verifiers on the Monitoring menu.
This problem may occur if the HTTP connectivity verifier is redirected to a different URL while it's validating the server. Typically, this may occur if one of the following conditions is true:
In this situation, the connectivity verifier URL is updated to the redirected URL and is not refreshed on later requests.
To resolve this problem, install Rollup 5
(http://support.microsoft.com/kb/2954173/ )for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.
To work around this problem, make a change to the Threat Management Gateway configuration. For example, change the description of the array, and then apply these changes. This will reapply the configuration for the connectivity verifiers.
Note This workaround is temporary, and the original condition that caused the connectivity verifier URL to be updated may recur.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Rollup 5 for Forefront Threat Management Gateway 2010 Service Pack 2 adds support to control how the connectivity verifier handles HTTP redirects. By default, the connectivity verifier will no longer follow redirects, and it will query only the URL that is specified in the connectivity verifier configuration.
Note The following script is required only if you want to change the new default behavior.
Learn about the terminology
(http://support.microsoft.com/kb/824684/ )that Microsoft uses to describe software updates.
Article ID: 2973749 - Last Review: June 27, 2014 - Revision: 1.0
Contact us for more help