Here’s some info on an interesting support issue I worked the other day. If you happen to run into this one day, maybe this will help you get it resolved.
Issue: Microsoft Forefront Threat Management Gateway (TMG) services do not start. To start the services, Customer had to clear NLB and reconfigure NLB every time issue happened.
Troubleshooting and Resolution
We checked event viewer and found following events:
Microsoft Forefront TMG Control
Failed to configure Network Load Balancing to work with Forefront TMG
The Forefront TMG Control service was stopped gracefully
I asked the customer to check the following registry value on the problem server:
We found that this was missing from the server, so I suggested that we create this value and set it to 2:
HKLM\System\CurrentControlSet\Services\WLBS\Parameters\Global Dword name: EnableTCPNotification Dword Value: 2
After adding the value above we restarted the server. At this point the TMG services started without any problems.
When Integrated NLB is configured on a TMG Array, the TMG control service depends on the proper configuration of NLB. TMG has a handle to NLB via the NLB service and is responsible for configuring NLB. If the TMG control service fails to configure NLB, one of the events that may be generated is event ID 21235. This would typically occur during the initialization of the TMG control service.
In this case, the 21235 event is logged because the TMG service is doing a lookup in NLB's registry area to determine if the TCP Connection Callback is properly set to use an alternate callback. This is required when we are using NLB and if it is not set it will generate this event.
The TCP Connection Callback value is stored at the following location in the registry:
The value is named EnableTCPNotification and it should have the value 2, which is NLB_CONNECTION_CALLBACK_ALTERNATE.
For more information on the TCP connection callback object, it is explained in the following TechNet article under event ID 81:
NLB Connection Tracking and Load Balancing: http://technet.microsoft.com/en-us/library/dd363974(v=ws.10).aspx
Note…Thanks to Escalation Engineer Eric Detoc for discovering the details related to this Event and the associated registry value.
Suraj Singh - Security Support Escalation Engineer, Microsoft CSS Forefront Security Edge Team
Richard Barker - Sr Security Support Escalation Engineer, Microsoft CSS Forefront Security Edge Team
hyves van landleven doet het niet