Symptoms
Consider the following scenario. You use Microsoft Forefront Threat Management Gateway (TMG) 2010 to web publish a server, and you use Forms-based authentication. Then, a user is automatically re-directed to the password change form if his or her password must be changed. In this scenario, if the client browser sends a favicon.ico request between the initial logon and the change password submission, the password change fails, and the user is re-directed back to the logon page.
Cause
The browser sends a favicon.ico request when a website is first accessed. The browser uses this request to obtain custom icons from that website for display.
Windows Internet Explorer 8, Windows Internet Explorer 9, and Google Chrome all retry the favicon.ico request if the initial request fails. If this re-request is made between the initial logon and the password change submission, this re-request clears the TMG authentication cookie and breaks the password change process. To determine whether the client is making a favicon.ico request between the initial logon and the later password change request, check the TMG log files.
Resolution
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
