TMG stops passing traffic after windows update RRS feed

  • Question

  • Hello,

    Have a TMGSP2RU3 running on 2008R2SP1 in a VM with dynamic memory on a Hyper-V 2008R2 server and no VMQ's.
    After installing these updates TMG stops passing traffic after an unspecific amount of time, typically an hour or two.

    Uninstalling these updates brings everything back to normal. This installation has worked flawlessly for years.

    Any suggestion what update is causing this? Any recommended action?

    This is a production environment and I have had no time to investigate yet.



    • Edited by dtscaps Wednesday, November 13, 2013 1:08 PM
    Wednesday, November 13, 2013 11:55 AM

All replies

  • Hi,

    Thanks for your post here.

    is there any error information on TMG  when the issue occurs?

    We really need some detailed information.

    Best Regards

    Quan Gu

    Friday, November 15, 2013 1:48 AM
  • Does the Firewall Service crash? Does the TMG Server itself become unresponsive? Can you still RDP to the TMG Server once it is "in state"?

    Tell us more about your environment. How many clients are going through TMG? Is it forward proxy, reverse proxy, both?

    It could be possible that there is a memory leak or you are experiencing port exhaustion. There are no known issues that I am aware of concerning a windows hotfix. You may want to gather some Perfmon Data specifically around the TMG related counters to see how long this takes and if there is a trend.

    Friday, November 15, 2013 3:32 PM
  • Thank you for taking interest in this.

    It’s a small setup with both forward and reverse proxy (exchange) for about 40 clients. In addition it does certificate based VPN through AD and SSTP and hence a domain member. The TMG has 5 synthetic network adapters, mostly with a NAT relationship. BKK is external, HMS is internal and internal clients are also connected to Guest WLAN and SLP. When it stops passing traffic the OS is still responding but all the above mention features do not. My first taught is that the firewall service has stopped but I don't think that is the case. Event logging contains TMG events 21284,31314,15120 but no events about the Firewall service stopping.

    Like I said in the start. This setup is rock solid and has been for years. After installing the updates listed earlier its stops passing traffic.

    I’m including some screen shots from the network setup.

    Please let me know if I can provide more details.

    I am out travelling till early December and cannot do anymore testing till I am physically present.

    • Edited by dtscaps Saturday, November 16, 2013 12:38 PM
    Saturday, November 16, 2013 12:11 PM
  • Saturday, November 16, 2013 12:14 PM
  • Our server is constantly failing, intermitent backouts, VPN not working anymore too.

    Any ideia what to "uninstall" now?

    SOLVED: My operator had some routing loops, so most ICMP test were failling. We discovered enabling a policy in TMG to allow PING traffic and testing with ping and tracert from the outside.

    Saturday, November 16, 2013 12:21 PM
  • The only change I've done to the host OS is diasabling weak ciphers as per embedded graphics:

    Saturday, November 16, 2013 11:00 PM