FIX: Server that's running Forefront Threat Management Gateway 2010 stops accepting all new connections and becomes unresponsive

Symptoms
A server that's running Microsoft Forefront Threat Management Gateway (TMG) 2010 may stop accepting all new connections and become unresponsive. This issue may occur after somewhere between several hours and several days of server uptime.

When this condition occurs, users may be unable to establish a Terminal Services session to the server. User authentication of requests may also be unsuccessful, because the Forefront TMG server may lose its connection to the domain controller.

In this situation, Performance Monitor may display the following:
  • The Backlogged Packets counter in the Forefront TMG Firewall Packet Engine may show a very large increase. This increase can reach a level of more than 1,000 packets in the queue.
  • The Available Worker Threads counter in the Forefront TMG Firewall Service may suddenly decrease to zero.

Cause
This problem occurs because of a race condition between the Forefront Threat Management Gateway Firewall service and local system processes such as the DNS Client service or the Local Security Authority Process (LSASS). Specifically, in a heavy load environment, when all work items that have to be completed are processed, insufficient priority is given to some tasks that should be completed first. This causes the race condition.
Resolution
To resolve this problem, install Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

Note Although this issue was first fixed in Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2, we have identified additional conditions that could cause this problem.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More information
This fix prevents the race condition between the Forefront Threat Management Gateway Firewall service and local services that are running on the Forefront TMG server by reserving more worker threads and giving increased priority to more important tasks that are related to local host traffic processing.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2700248 - Last Review: 07/08/2014 16:33:00 - Revision: 3.0

Microsoft Forefront Threat Management Gateway 2010 Service Pack 2

  • kbexpertiseinter kbbug kbsurveynew kbqfe kbfix KB2700248
Feedback