- You use a Microsoft Forefront Threat Management Gateway (TMG) 2010 array to web publish a website.
- The TMG array is configured to load-balance the traffic by using Network Load Balancing (NLB).
- The To tab on the Web Publishing rule is configured as follows:
- The Requests appear to come from the original client option is selected.
- The This rule applies to this published site field is configured to a fully qualified domain name (FQDN) name, such as mail.contoso.com.
- The Computer name or IP address (required if the internal site name is different or not resolvable) field is configured to the FQDN of the internal server such as mail01.contoso.local.
- TMG resolves the name from the This rule applies to this published site field to the external IP address.
In this scenario, clients may be unable to access the published web server, and it may seem that TMG is failing to establish the TCP connection to the published server. If you capture a network trace from the internal network interface, you may see the following pattern:
The NLB hook rules are created by using only the name in the This rule applies to this published site field and may therefore create the reverse NLB hook rules by using the wrong IP address.
Article ID: 2591269 - Last Review: Oct 31, 2011 - Revision: 1