none
Error Code 10060: Connection Timeout in TMG 2010 RRS feed

  • Question

  • Hi ,

    here when I access some websites TMG generate a one of Error with Error Code 10060: Connection Timeout . Below I'm mentioned the my Network Adapters IP Configurations.


    Ethernet adapter WAN:
       IPv4 Address. . . . . . . . . . . : 192.168.25.17(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1        WAN Router IP
       DNS Servers . . . . . . . . . . . : 203.189.78.164       these are ISP's DNS
                                                     203.189.78.172       these are ISP's DNS
     
    Ethernet adapter LAN:
       IPv4 Address. . . . . . . . . . . : 10.2.1.10(Preferred)
       Subnet Mask . . . . . . . . . . .: 255.0.0.0
       Default Gateway . . . . . . . . .:
       DNS Servers . . . . . . . . . . . : 10.1.2.4
                                                     10.2.1.1

    Can you update me on this ?


    Regards, COMDINI
    Saturday, August 20, 2011 1:22 PM

Answers

  • Hi Codmini,

    This error means that the server tried establishing a conenction with web server but the session request timed out.

    1. Most likely, if you collect a NetMon trace, you shoudl see un-answered SYNs or un-answered requests by your TMG. Please check if its so and try to work out your network faliure, to see which network hop is failing. You can also try to increase the TCP timeout value. You can refer to:

      http://support.microsoft.com/kb/158474 and
      http://support.microsoft.com/kb/170359 for that.

    2. Is it forward proxy or reverse proxy (web publishing)?

    3. Is the TMG server accessible for any other TCP based service at the time of the issue?

    4. Also, it NOT AT ALL good to have internal+external DNS on your edge servers, except a few rare situations. To correct it, remove the external DNS IP (203.189.78.164 and 203.189.78.172) and make sure your internal DNS (10.1.2.4 and  10.2.1.1)are able to resolve external names, using forwarders or root hints. This is because your ISP DNS does not contain DNS info of your itnernal doman. If the TMG uses your ISP DNS for internal name resolution, its gonna fail. Whereas if you use internal DNS with root hints/forwarders, it can resolve internal+external name with no expected failures.

      DNS resolution DOES NOT depened ONLY on the DNS IPs defined on the individual NIC. It depends on the Binding order and DNS Server IPs defined on other NICs also, collectively. DNS Queries are sent in this order:

      http://technet.microsoft.com/en-us/library/Bb457118.f24zs12_big(en-us,TechNet.10).jpg

      Refer to this article for more information:

      Configuring DNS Servers for ISA Server 2004
      http://technet.microsoft.com/en-us/library/cc302590.aspx#MultiHomedISAServerComputers


    Regards, Amit Saxena. Keep Walking!
    Saturday, August 20, 2011 10:27 PM

All replies

  • Hi,

    remove the DNS Server entries from the WAN adapter and create a DNS forwarder on your internal DNS Server (10.1.2.4/10.2.1.1) to resolve Internet DNS names


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Saturday, August 20, 2011 3:40 PM
  • Hi Marc ,

    did you mean Internet DNS names for ISP's DNS  as i mentioned in above ?


    Regards, COMDINI
    Saturday, August 20, 2011 4:59 PM
  • Hi Codmini,

    This error means that the server tried establishing a conenction with web server but the session request timed out.

    1. Most likely, if you collect a NetMon trace, you shoudl see un-answered SYNs or un-answered requests by your TMG. Please check if its so and try to work out your network faliure, to see which network hop is failing. You can also try to increase the TCP timeout value. You can refer to:

      http://support.microsoft.com/kb/158474 and
      http://support.microsoft.com/kb/170359 for that.

    2. Is it forward proxy or reverse proxy (web publishing)?

    3. Is the TMG server accessible for any other TCP based service at the time of the issue?

    4. Also, it NOT AT ALL good to have internal+external DNS on your edge servers, except a few rare situations. To correct it, remove the external DNS IP (203.189.78.164 and 203.189.78.172) and make sure your internal DNS (10.1.2.4 and  10.2.1.1)are able to resolve external names, using forwarders or root hints. This is because your ISP DNS does not contain DNS info of your itnernal doman. If the TMG uses your ISP DNS for internal name resolution, its gonna fail. Whereas if you use internal DNS with root hints/forwarders, it can resolve internal+external name with no expected failures.

      DNS resolution DOES NOT depened ONLY on the DNS IPs defined on the individual NIC. It depends on the Binding order and DNS Server IPs defined on other NICs also, collectively. DNS Queries are sent in this order:

      http://technet.microsoft.com/en-us/library/Bb457118.f24zs12_big(en-us,TechNet.10).jpg

      Refer to this article for more information:

      Configuring DNS Servers for ISA Server 2004
      http://technet.microsoft.com/en-us/library/cc302590.aspx#MultiHomedISAServerComputers


    Regards, Amit Saxena. Keep Walking!
    Saturday, August 20, 2011 10:27 PM
  • No, for resolving all DNS names as google.com, you have to contact a "public" DNS server (exemple : your ISP or google). This DNS names resolution should be performed by your Domain Controllers (or DNS servers -> 10.1.2.4/10.2.1.1) with your forwarders configuration on DNS settings.

    Ethernet adapter WAN:
       IPv4 Address. . . . . . . . . . . : 192.168.25.17(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.25.1        WAN Router IP
       DNS Servers . . . . . . . . . . . : 
      
    Ethernet adapter LAN: 
       IPv4 Address. . . . . . . . . . . : 10.2.1.10(Preferred)
       Subnet Mask . . . . . . . . . . .: 255.0.0.0
       Default Gateway . . . . . . . . .:
       DNS Servers . . . . . . . . . . . : 10.1.2.4
                                                     10.2.1.1

    And you have to add your DNS IPs of your ISP in your DNS settings -> forwarders. See picture below.
    So in your case ->203.189.78.164/203.189.78.172





    • Proposed as answer by Reserwar Sunday, August 21, 2011 10:59 AM
    Saturday, August 20, 2011 10:33 PM
  • Hi again,

     

    What's new about this thread?

     

    Kind Regards.


    MCITP : Server Administrator | VMware : VTSP 4 / Desktop VTSA 4 | NetApp : DataOntap 7/8 Accreditation

    → Thanks for voting this post as answer if it helps

    Wednesday, August 24, 2011 9:35 PM