Forefront TMG Client Connection Failes with Checksum Error

I have a forefront tmg server (dual nic, edge/gateway config).  The TMG server is a member of the domain (single domain environment).  The TMG Client on one of the member servers, a Windows 2008 R2 64bit system, cannot connect to the TMG server.

I am opening the client configuration, and selecting "Manually specified Forefront TMG:" on the "Settings" tab and entering the server name or IP address (tried both) and clicking the "Test Server" button.  The error returned is "Failed to connect to server".

Each time I attempt the connection, the TMG server log shows a DENIED CONNECTION with the following information:

Denied Connection
Log type: Firewall service
Status: A packet was dropped because verification of its TCP checksum failed.  
Rule: None - see Result Code
Source: Internal (10.180.232.213:49342)
Destination: Local Host (10.180.232.214:1745)
Protocol: Forefront TMG Client (TCP)
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.180.232.213

I can ping the TMG server by name and ip address from the client and I can ping the client by name and ip address from the tmg server.

Any and all ideas are very welcome. I hope you can help me.
eviseincAsked:
Who is Participating?
 
Keith AlabasterEnterprise ArchitectCommented:
Look at the error message - a TCP checksum failed verification.
Make sure that server's bios/firmware are fully updated including ALL hardware drivers/nic drivers etc.
Same goes for all OS updates.
0
 
eviseincAuthor Commented:
Identical servers with same OS & software updates.  Same network drivers.

The TMG server is accepting other TMG Client connections.
0
 
Keith AlabasterEnterprise ArchitectCommented:
What ever you say but 90% of the time it will come back to this.
Only other area is network cable or switch port not setup correctly, assuming you are not using virtualised servers of course.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
eviseincAuthor Commented:
Sorry, I guess I should have mentioned this originally.  They are cloud systems, identically configured.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Then to be frank, you are going to have to take this up with the hosting organisation.
0
 
BazmicCommented:
If it is hosting and you have access to the guest os's, it will be tcp checksum and it is a setting in the guest os to change.

The main point is dual two machines on the same virtual host.  which you may not be able to see

Try looking at this article:

http://support.microsoft.com/kb/951037
0
 
BazmicCommented:
oops.  meant to say that you would need to restart the firewall service after the change.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.