Symptoms
When the WP_TRAFFIC tracing feature is enabled on a Microsoft Forefront Threat Management Gateway (TMG) 2010 server, the Forefront TMG Firewall service might crash.
In addition, you might receive the following events in the event log:
Log Name: Application
Source: Microsoft Forefront TMG Firewall
Date: <Date>
Event ID: 14057
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: <FQDN>
Description:
The Firewall service stopped because an application filter module C:\Program Files\Microsoft Forefront Threat Management Gateway\w3filter.dll generated an exception code C0000005 in address 0000000071CC0B14 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.
Log Name: Application
Source: Application Error
Date: <Date>
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: <FQDN>
Description:
Faulting application name: wspsrv.exe, version: 7.0.9027.400, time stamp: 0x4c8cade1
Faulting module name: w3filter.dll, version: 7.0.9027.400, time stamp: 0x4c8cae41
Exception code: 0xc0000005
Fault offset: 0x0000000000050b14
Faulting process id: 0x1468
Faulting application start time: 0x01cc59b49d593ba1
Faulting application path: C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
Faulting module path: C:\Program Files\Microsoft Forefront Threat Management Gateway\w3filter.dll
Note This issue does not occur if the WP_TRAFFIC tracing feature is disabled.
Cause
This issue occurs because Forefront TMG Server 2010 tries to get the peer name for the trace line when the peer name is not available.
Resolution
To resolve this issue, install the hotfix that is described in the following Microsoft Knowledge Base (KB) article:
2498770 Description of the TMG Server rollup package
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates