FIX: Threat Management Gateway 2010 incorrectly sends "Keep-Alive" headers when it replies to Windows Media Player WPAD file requests

Applies to: Forefront Threat Management Gateway 2010 EnterpriseForefront Threat Management Gateway 2010 Standard

Symptoms


When Windows Media Player makes a Web Proxy Automatic Discovery (WPAD) request for the WPAD.dat file, it first appends a query string to the request, such as the following:

GET wpad.dat?Type=WMT

This enables a server to send differentiated auto-discovery content to a Media client.

Microsoft Forefront Threat Management Gateway 2010 responds to such requests with a "400 Bad Request" response. Media Player then requests the WPAD.dat file again but without the query string.

When the "400 Bad Request" response is sent, Threat Management Gateway 2010 incorrectly sends Connection: Keep Alive and Proxy-Connection: Keep-Alive headers before it sends a TCP FIN packet to close the TCP connection.

If Media Player then tries to reuse the initial TCP connection for the second request of WPAD.dat because of the presence of the "Keep-Alive" headers, this can cause performance issues because Threat Management Gateway 2010 considers the connection to be closed.

Resolution


To resolve this problem, install Rollup 4  for Forefront Threat Management Gateway 2010 Service Pack 2.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


See the terminology Microsoft uses to describe software updates.