Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TMG Server Fills Up and Holds TCP Ports in TIME_WAIT Status Until Ports Are Exhausted

Posted on 2010-11-22
1
Medium Priority
?
1,326 Views
Last Modified: 2013-11-16
We have a two node TMG implementation running SP1. The first node (10.0.1.9) runs like a champ. Node two (10.0.1.10) runs OK but then performance nose-dives eventually leading to a completely non-functional server. We have found through netstat that thousands and thousands of ports on node two are tied up in a TIME_WAIT to the cluster IP address (10.0.1.8) and eventually there are no ports available to serve new connections. We have tried increasing the ports and decreasing the timeout but neither seems to be working. Any ideas? Any questions I can answer to move this along?
0
Comment
Question by:PHFrench
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 2000 total points
ID: 34319412
Run the best practice analyser for tmg againsty both nodes - compare the outputs.
Are both nodes running sp1 and the sp1 update for tmg?
Are you using ftmg with NLB or did you set up NLB then install FTMG? Are you operating with isp load-balancing/failover?

Which addresses are being kept in wait-state - the external NLB or the internal NLB?

What are the default gateway settings for internal systems - a specific ftmg node or the vip address?
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question