In the scenario, existing clients that already have an authentication cookie may be unable to access published resources and may receive the following error message:
1413 Invalid Index.
Note This problem mainly affects Exchange ActiveSync users when their mobile device keeps using the old cookie until the device is restarted or cleared by the server.
Cookie sharing across array members uses a new cookie format, and the authentication cookie that is provided by existing clients is not cleared correctly after the cookie-sharing feature is enabled.
To resolve this problem, install Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.
To work around this problem, change the cookie name that is defined on the web listener. To do this, follow these steps:
Open the Forefront TMG Management console, and then click Firewall Policy.
On the Toolbox tab in the right-side pane, expand Network Objects.
Expand Web Listeners, right-click the listener that was used to publish the problem websites, and then click Properties.
On the Forms tab, click Advanced.
In the Cookie Name field, type a different cookie name such as cadata2.
Note By default, this field is blank, and the default cookie name that is used is cadata.
Click OK, and then click OK again to exit the dialog boxes.
Click Apply to save the changes.
Wait for the changes to synchronize to the Forefront TMG Firewall Service. To do this, click Monitoring, and then click Configuration. Clients should be able to access the published sites when all servers display a status of Synced.
Or, ask the clients to restart their mobile device or to close all instances of their browsers. This clears the old cookie.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminology that Microsoft uses to describe software updates.