[isalist] Re: TMG Updates?

From: Jim Harrison <Jim@xxxxxxxxxxxx>
To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
Date: Fri, 20 Jan 2012 01:09:21 +0000

I never suggested that it would fix anything.
I’m suggesting that perhaps you’ve uncovered another SChannel-related bug that 
may be in TMG, SChannel, etc.
It’s impossible to determine without detailed tracing and only CSS can help 
there.

Changing HTTPSi shouldn’t have any effect on your rule sets.
Are you sure there isn’t something else monitoring and adjusting your rules 
(WebSense-like-thingy)?
If you’re script, you can use TMG COM to control HTTPSi.

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Ball, Dan
Sent: Thursday, January 19, 2012 12:17 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: TMG Updates?

Okay, good, I had installed the other patch yesterday.

Looking through the event log shows two Schannel errors within the last hour 
though, so that didn’t solve that.  I’d have to re-enable https inspection to 
test if it fixed the other issue.  Is there a quicker way to enable it other 
than by using the wizard?  When I do that it deletes my web access rule and 
re-creates it.


From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Jim Harrison
Sent: Thursday, January 19, 2012 2:26 PM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?

Yes, but the point is that your current problem “smells similar” to that one 
and may actually indicate a similar (different) bug.


From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Ball, Dan
Sent: Thursday, January 19, 2012 8:55 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: TMG Updates?

Is that included in SP2 Rollup 1?


From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Jim Harrison
Sent: Tuesday, January 17, 2012 4:20 PM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?

Do you also see a corresponding memory increase during this time?
TMG SP1 UP1 included a fix<http://support.microsoft.com/kb/2423384> for a 
similar problem that also caused the TMG server to eventually choke.
You might be seeing a similar problem.
There are monitoring steps you can follow to see if this is the case.

From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Ball, Dan
Sent: Tuesday, January 17, 2012 8:42 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: TMG Updates?

No problem, I’d rather have it working like it is supposed to.

These are the types of errors I am getting on a regular basis:

Log Name:      System
Source:        Schannel
Date:          1/17/2012 11:23:18 AM
Event ID:      36888
Task Category: None
Level:         Error
Keywords:
User:          SYSTEM
Computer:      TMG
Description:
The following fatal alert was generated: 10. The internal error state is 1203.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";>
  <System>
    <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
    <EventID>36888</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2012-01-17T16:23:18.640858800Z" />
    <EventRecordID>49679</EventRecordID>
    <Correlation />
    <Execution ProcessID="580" ThreadID="1380" />
    <Channel>System</Channel>
    <Computer>TMG.MAPSNET.ORG</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="AlertDesc">10</Data>
    <Data Name="ErrorState">1203</Data>
  </EventData>
</Event>

No defined time, most likely related to traffic.  Before I disabled HTTPS 
inspection, they would be every few minutes and eventually the server would 
stop processing traffic.



From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Jim Harrison
Sent: Monday, January 16, 2012 9:20 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?

Not at all.
The TMG SE team releases these because they get more testing than a single HF, 
but slightly less than a full-blown service pack.
Rather than disabling HTTPS inspection completely, you should narrow the 
problem down to the client / site that’s causing the problem.
Can you quantify “numerous SChannel errors”?
What errors did you see?
Can you share some of the details?

From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Ball, Dan
Sent: Monday, January 16, 2012 05:00
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: TMG Updates?

Since this is a hotfix and I don’t see any Schannel fixes listed, shall I 
assume this is not recommended for install unless directed?


From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Jim Harrison
Sent: Saturday, January 14, 2012 10:19 AM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?

TMG Sp2 Rollup1<http://support.microsoft.com/kb/2649961> shipped Jan 11.

From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Steve Moffat
Sent: Wednesday, January 11, 2012 08:43
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?

All the ones you haven’t installed.

From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> 
[mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]>
 On Behalf Of Wayne Turner
Sent: Wednesday, January 11, 2012 12:23 PM
To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx>
Subject: [isalist] Re: TMG Updates?


This Version is the Latest
On Wed, Jan 4, 2012 at 5:34 PM, Ball, Dan 
<DBall@xxxxxxxxxxx<mailto:DBall@xxxxxxxxxxx>> wrote:
I recently switched over to our new TMG server, but am experiencing hangs a 
couple of times a day during heavy use.

Searching on this problem shows that I might be missing some updates, which 
ones do I need?

Currently running version 7.0.9193.500





--
Wayne Turner

Follow-Ups:
- [isalist] Re: TMG Updates?
  - From: Ball, Dan

References:
- [isalist] TMG Updates?
  - From: Ball, Dan
- [isalist] Re: TMG Updates?
  - From: Wayne Turner
- [isalist] Re: TMG Updates?
  - From: Steve Moffat
- [isalist] Re: TMG Updates?
  - From: Jim Harrison
- [isalist] Re: TMG Updates?
  - From: Ball, Dan
- [isalist] Re: TMG Updates?
  - From: Jim Harrison
- [isalist] Re: TMG Updates?
  - From: Ball, Dan
- [isalist] Re: TMG Updates?
  - From: Jim Harrison
- [isalist] Re: TMG Updates?
  - From: Ball, Dan
- [isalist] Re: TMG Updates?
  - From: Jim Harrison
- [isalist] Re: TMG Updates?
  - From: Ball, Dan

[isalist] Re: TMG Updates?

Other related posts: