Solved

TMG Server Fills Up and Holds TCP Ports in TIME_WAIT Status Until Ports Are Exhausted

Posted on 2010-11-22
1
1,290 Views
Last Modified: 2013-11-16
We have a two node TMG implementation running SP1. The first node (10.0.1.9) runs like a champ. Node two (10.0.1.10) runs OK but then performance nose-dives eventually leading to a completely non-functional server. We have found through netstat that thousands and thousands of ports on node two are tied up in a TIME_WAIT to the cluster IP address (10.0.1.8) and eventually there are no ports available to serve new connections. We have tried increasing the ports and decreasing the timeout but neither seems to be working. Any ideas? Any questions I can answer to move this along?
0
Comment
Question by:PHFrench
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34319412
Run the best practice analyser for tmg againsty both nodes - compare the outputs.
Are both nodes running sp1 and the sp1 update for tmg?
Are you using ftmg with NLB or did you set up NLB then install FTMG? Are you operating with isp load-balancing/failover?

Which addresses are being kept in wait-state - the external NLB or the internal NLB?

What are the default gateway settings for internal systems - a specific ftmg node or the vip address?
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question