Symptoms
When Windows Media Player makes a Web Proxy Automatic Discovery (WPAD) request for the WPAD.dat file, it first appends a query string to the request, such as the following:
GET wpad.dat?Type=WMT
This enables a server to send differentiated auto-discovery content to a Media client.
Microsoft Forefront Threat Management Gateway 2010 responds to such requests with a "400 Bad Request" response. Media Player then requests the WPAD.dat file again but without the query string.
When the "400 Bad Request" response is sent, Threat Management Gateway 2010 incorrectly sends Connection: Keep Alive and Proxy-Connection: Keep-Alive headers before it sends a TCP FIN packet to close the TCP connection.
If Media Player then tries to reuse the initial TCP connection for the second request of WPAD.dat because of the presence of the "Keep-Alive" headers, this can cause performance issues because Threat Management Gateway 2010 considers the connection to be closed.
Resolution
To resolve this problem, install Rollup 4 for Forefront Threat Management Gateway 2010 Service Pack 2.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
See the terminology Microsoft uses to describe software updates.
