Przejdź do głównej zawartości
Pomoc techniczna
Zaloguj się
Zaloguj się przy użyciu konta Microsoft
Zaloguj się lub utwórz konto.
Witaj,
Wybierz inne konto.
Masz wiele kont
Wybierz konto, za pomocą którego chcesz się zalogować.
angielski
Przepraszamy, ten artykuł nie jest dostępny w Twoim języku.

Symptoms

Consider the following scenario:

  • You use a Microsoft Forefront Threat Management Gateway (TMG) 2010 array to web publish a website.

  • The TMG array is configured to load-balance the traffic by using Network Load Balancing (NLB).

  • The To tab on the Web Publishing rule is configured as follows:

    • The Requests appear to come from the original client option is selected.

    • The This rule applies to this published site field is configured to a fully qualified domain name (FQDN) name, such as mail.contoso.com.

  • The Computer name or IP address (required if the internal site name is different or not resolvable) field is configured to the FQDN of the internal server such as mail01.contoso.local.

  • TMG resolves the name from the This rule applies to this published site field to the external IP address.


In this scenario, clients may be unable to access the published web server, and it may seem that TMG is failing to establish the TCP connection to the published server. If you capture a network trace from the internal network interface, you may see the following pattern:

SYN
SYN/ACK
SYN
SYN/ACK
SYN
SYN/ACKWhen this occurs, the TMG node drops the SYN/ACK response from the published web server.

Cause

This problem may occur when the TMG server is configured to use both internal and external DNS servers and the To name resolves to the external IP address of TMG. This may cause TMG to build the wrong NLB hook rules and drop the SYN/ACK packets.

The NLB hook rules are created by using only the name in the This rule applies to this published site field and may therefore create the reverse NLB hook rules by using the wrong IP address.

Resolution

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:

2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

After Service Pack 2 is installed, TMG uses the name or IP address in the Computer name or IP address (required if the internal site name is different or not resolvable) field if it is configured. Otherwise, it will fallback to the name or IP address in the This rule applies to this published site field. This will make sure that the NLB hook rules are created correctly.

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Facebook LinkedIn Adres e-mail
ZASUBSKRYBUJ KANAŁY INFORMACYJNE RSS

Potrzebujesz dalszej pomocy?

Chcesz uzyskać więcej opcji?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Czy te informacje były pomocne?

Co wpłynęło na Twoje wrażenia?
Jeśli naciśniesz pozycję „Wyślij”, Twoja opinia zostanie użyta do ulepszania produktów i usług firmy Microsoft. Twój administrator IT będzie mógł gromadzić te dane. Oświadczenie o ochronie prywatności.

Dziękujemy za opinię!

×