When a Domain Name System (DNS) server is published by using a server publishing rule in Microsoft Forefront Threat Management Gateway (TMG) 2010, the publishing rule does not work correctly. Therefore, the incoming User Datagram Protocol (UDP) DNS traffic is not forwarded to the published server. This problem occurs randomly.
This issue occurs because a WSAENETRESET error occurs when a recv operation is completed on the publishing socket that faces the Internet. Additionally, Forefront TMG 2010 does not create another recv operation to compensate for the completed operation that contains this error. Therefore, the data pump stops.
WSAENETRESET indicates when the Time to Live (TTL) value is exceeded for a UDP socket.
Under UDP standards, any finished operation that encounters an error does not stop the data pump if the error is not caused by closing the socket.
To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2475183 Software Update 1 rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
For more information about the recv function, visit the following Microsoft webpage:
Introduction to the recv functionFor more information about the kernel-mode data pump, click the following download link to view a Microsoft document: