Solved

Forefront TMG Client Connection Failes with Checksum Error

Posted on 2011-03-25
7
144 Views
Last Modified: 2016-02-03
I have a forefront tmg server (dual nic, edge/gateway config).  The TMG server is a member of the domain (single domain environment).  The TMG Client on one of the member servers, a Windows 2008 R2 64bit system, cannot connect to the TMG server.

I am opening the client configuration, and selecting "Manually specified Forefront TMG:" on the "Settings" tab and entering the server name or IP address (tried both) and clicking the "Test Server" button.  The error returned is "Failed to connect to server".

Each time I attempt the connection, the TMG server log shows a DENIED CONNECTION with the following information:

Denied Connection
Log type: Firewall service
Status: A packet was dropped because verification of its TCP checksum failed.  
Rule: None - see Result Code
Source: Internal (10.180.232.213:49342)
Destination: Local Host (10.180.232.214:1745)
Protocol: Forefront TMG Client (TCP)
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.180.232.213

I can ping the TMG server by name and ip address from the client and I can ping the client by name and ip address from the tmg server.

Any and all ideas are very welcome. I hope you can help me.
0
Comment
Question by:eviseinc
  • 3
  • 2
  • 2
7 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 35221011
Look at the error message - a TCP checksum failed verification.
Make sure that server's bios/firmware are fully updated including ALL hardware drivers/nic drivers etc.
Same goes for all OS updates.
0
 

Author Comment

by:eviseinc
ID: 35221957
Identical servers with same OS & software updates.  Same network drivers.

The TMG server is accepting other TMG Client connections.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35222389
What ever you say but 90% of the time it will come back to this.
Only other area is network cable or switch port not setup correctly, assuming you are not using virtualised servers of course.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:eviseinc
ID: 35222439
Sorry, I guess I should have mentioned this originally.  They are cloud systems, identically configured.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 35222458
Then to be frank, you are going to have to take this up with the hosting organisation.
0
 
LVL 1

Expert Comment

by:Bazmic
ID: 35269023
If it is hosting and you have access to the guest os's, it will be tcp checksum and it is a setting in the guest os to change.

The main point is dual two machines on the same virtual host.  which you may not be able to see

Try looking at this article:

http://support.microsoft.com/kb/951037
0
 
LVL 1

Expert Comment

by:Bazmic
ID: 35269045
oops.  meant to say that you would need to restart the firewall service after the change.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FOPE 1 day Quarantine Notifications 4 261
Bypass ISA proxy for Outlook Anywhere 8 348
use IIS Arr as proxy 3 226
Trying to publish Exchange 2010 OWA on TMG 2 73
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now