Consider the following scenario:
-
You enable the SSL Inspection feature on a server that has Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1)installed.
-
You configure an HTTPS server that does not support Transport Layer Security (TLS) 1.0.
-
You try to access the server repeatedly by using a client computer that has Forefront TMG 2010 SP1 installed.
In this scenario, all attempts to access the server fail, and the Lsass.exe process leaks memory after every attempt. Additionally, the following event entry is logged for every attempt:
Note To monitor the handle count of the Lsass.exe process, run the Process Explorer program, add a Handles column by selecting the Handle Count option from the Process Performance tab. For this issue, the handle count for the Lsass.exe process increases by 2-4 handles after each failed attempt.
Symptoms
This issue occurs because a handshake fails in TLS 1.0.
Cause
Update information
To resolve this issue, install the software update that is described in the following Microsoft Knowledge Base (KB) article:
2288910 Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Resolution
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Status
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
