Problems with Forefront TMG Email Protection
-
Monday, January 11, 2010 2:48 PMHi,
We are having some major problems with Forefront TMG when we are trying to use the FPE (with Forefront Protection for Exchange 2010 and Exchange 2010 Edge Server). We have two Forefront TMG Enterprise servers in an array using NLB, both are running Windows Server 2008 R2 Std x64.
There appear to be two specfic fault that we have as follows:
Firstly when the server has just booted the 'Microsoft Forefront TMG Managed Control' and 'Microsoft Exchange Transport' services sits for around 5 minutes starting and then I get an error under 'MSExchangeTransport' saying:
The worker process with process ID 5152 is not responding and will be forced to shut down.
I then get two further messages in the system log as below:
The Microsoft Forefront TMG Managed Control service hung on starting.
The Microsoft Exchange Transport service hung on starting.
The system then takes corrective actions and attempts to restart the service and everything appears to be OK once this has happened. This then leads me to the next fault:
When we attempt to generate the edge subscription files using the link in the tasks pane we get the error below, which crashes the LSASS service, fails to generate the files and then reboots the server:
Event 5000
Source LsaSrv
The security package Microsoft Unified Security Protocol Provider generated an exception. The exception information is the data.
Event 1000
Source Application Error
Faulting application name: lsass.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc155
Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp: 0x4a5bdfbe
Exception code: 0xc0000005
Fault offset: 0x0000000000015a3c
Faulting process id: 0x214
Faulting application start time: 0x01ca9087f7a7951f
Faulting application path: C:\WINDOWS\system32\lsass.exe
Faulting module path: C:\WINDOWS\system32\msvcrt.dll
Report Id: bd657e5c-febf-11de-a8f2-00237d25b60c
Does anyone have any idea what could cause this?
Thanks,
Richard
All Replies
-
Tuesday, January 12, 2010 3:38 PM
Richard,
You may have a try to delete the following Registry :
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ipv6
-
Tuesday, January 19, 2010 6:41 AMModerator
Hi Richard,
I’d like to confirm whether there is any update about this issue.
Regards.
Nick Gu - MSFT -
Wednesday, January 20, 2010 10:56 AMI am experiencing exactly the same problem, although we only have a single server - not an array.Richard, did you ever find a solution?
-
Thursday, January 21, 2010 2:18 PMI've found the problem/solution with regards to exporting the EdgeSync XML on our server.Our TMG server has two SSL certificates - one from GlobalSign and the other from our CA. Somehow both SSL certificates had become enabled for Exchange SMTP, even though I had only enabled the GlobalSign certificate.I was unable to disable either of the certificates for SMTP using "Enable-ExchangeCertificate -Service None" etcI had to remove and then re import both certificates using the Certificates Snap-in.Regards,Daniel
-
Friday, January 22, 2010 11:39 AMHi Nick,
Sorry about the delay in getting back to you.
I've just taken a look and tried the various recommendations, the IPV6 registry key removal and the export, remove and import of the certs on each node of our array but we are getting the same fault, the services hang and then when the system automatically restarts the services they seem to start OK, however I still get the errors in the event log as above.
Thanks,
Richard- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, January 25, 2010 7:30 AM
- Unmarked As Answer by Rich McCue Monday, January 25, 2010 11:00 AM
- Edited by Rich McCue Wednesday, January 27, 2010 3:51 PM Inaccurate info
-
Tuesday, January 26, 2010 7:19 PMRichard - Are you still having problems exporing the edge subscription files? or is it just the startup failures?
-
Wednesday, January 27, 2010 3:50 PMHi,
I've solved the problem with the edge subscription problems now it's just the startup failures.
Thanks,
Rich -
Monday, March 15, 2010 5:56 PMHi Rich,Was there any resolution to the services no longer starting after reboot? I am having a similar problem and haven't found a solution yet.Thanks
-
Monday, March 15, 2010 7:01 PM
Hi Rich,
Was there any resolution to the services no longer starting after reboot? I am having a similar problem and haven't found a solution yet.Thanks
There are a lot of people with more or less similar problems. Some find changing the startup type to Automatic (Delayed) of the Exchange Transport Service or Forefront TMG Managed Control service or both, a workable solution. This results in very long reboot times unfortunately.
With kind regards / Met vriendelijke groet, Jetze Mellema | http://jetzemellema.blogspot.com/ -
Sunday, July 11, 2010 3:19 PM
Our Forefront TMG server 2010 was running well for a few months. But since I installed SP1 last week, it has stange behaviour. After every restart of the server the error is: "The Microsoft Forefront TMG Managed Control service hung on starting." Startup takes very long. After afew minutes everything seems ok again.
Second problem: Furthermore when I restart my AD server, I lose my VPN connection to the TMG server and after AD server is up and running again, I can not remotely login. The TMG event viewer lists a 5719 netlogon error. And than when I try to connect via VPN I get Remote Access errors 20271 and 20255. When AD server is up and running again, i have to manually restart (or schedule a reboot) TMG server in order to be able to remotely login via VPN again.
TMG server does forms based authentication for Outlook Web App. It does not have licenses for traffic scanning. Only Microsoft software on it. Windows 2008R2 standard UK edition.
What can be wrong Microsoft?
.png){kind=spacer}
