I never suggested that it would fix anything. I’m suggesting that perhaps you’ve uncovered another SChannel-related bug that may be in TMG, SChannel, etc. It’s impossible to determine without detailed tracing and only CSS can help there. Changing HTTPSi shouldn’t have any effect on your rule sets. Are you sure there isn’t something else monitoring and adjusting your rules (WebSense-like-thingy)? If you’re script, you can use TMG COM to control HTTPSi. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Ball, Dan Sent: Thursday, January 19, 2012 12:17 PM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: TMG Updates? Okay, good, I had installed the other patch yesterday. Looking through the event log shows two Schannel errors within the last hour though, so that didn’t solve that. I’d have to re-enable https inspection to test if it fixed the other issue. Is there a quicker way to enable it other than by using the wizard? When I do that it deletes my web access rule and re-creates it. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Thursday, January 19, 2012 2:26 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? Yes, but the point is that your current problem “smells similar” to that one and may actually indicate a similar (different) bug. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Ball, Dan Sent: Thursday, January 19, 2012 8:55 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: TMG Updates? Is that included in SP2 Rollup 1? From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Tuesday, January 17, 2012 4:20 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? Do you also see a corresponding memory increase during this time? TMG SP1 UP1 included a fix<http://support.microsoft.com/kb/2423384> for a similar problem that also caused the TMG server to eventually choke. You might be seeing a similar problem. There are monitoring steps you can follow to see if this is the case. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Ball, Dan Sent: Tuesday, January 17, 2012 8:42 AM To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: TMG Updates? No problem, I’d rather have it working like it is supposed to. These are the types of errors I am getting on a regular basis: Log Name: System Source: Schannel Date: 1/17/2012 11:23:18 AM Event ID: 36888 Task Category: None Level: Error Keywords: User: SYSTEM Computer: TMG Description: The following fatal alert was generated: 10. The internal error state is 1203. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event";> <System> <Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" /> <EventID>36888</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2012-01-17T16:23:18.640858800Z" /> <EventRecordID>49679</EventRecordID> <Correlation /> <Execution ProcessID="580" ThreadID="1380" /> <Channel>System</Channel> <Computer>TMG.MAPSNET.ORG</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="AlertDesc">10</Data> <Data Name="ErrorState">1203</Data> </EventData> </Event> No defined time, most likely related to traffic. Before I disabled HTTPS inspection, they would be every few minutes and eventually the server would stop processing traffic. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Monday, January 16, 2012 9:20 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? Not at all. The TMG SE team releases these because they get more testing than a single HF, but slightly less than a full-blown service pack. Rather than disabling HTTPS inspection completely, you should narrow the problem down to the client / site that’s causing the problem. Can you quantify “numerous SChannel errors”? What errors did you see? Can you share some of the details? From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Ball, Dan Sent: Monday, January 16, 2012 05:00 To: 'isalist@xxxxxxxxxxxxx' Subject: [isalist] Re: TMG Updates? Since this is a hotfix and I don’t see any Schannel fixes listed, shall I assume this is not recommended for install unless directed? From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Jim Harrison Sent: Saturday, January 14, 2012 10:19 AM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? TMG Sp2 Rollup1<http://support.microsoft.com/kb/2649961> shipped Jan 11. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Steve Moffat Sent: Wednesday, January 11, 2012 08:43 To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? All the ones you haven’t installed. From: isalist-bounce@xxxxxxxxxxxxx<mailto:isalist-bounce@xxxxxxxxxxxxx> [mailto:isalist-bounce@xxxxxxxxxxxxx]<mailto:[mailto:isalist-bounce@xxxxxxxxxxxxx]> On Behalf Of Wayne Turner Sent: Wednesday, January 11, 2012 12:23 PM To: isalist@xxxxxxxxxxxxx<mailto:isalist@xxxxxxxxxxxxx> Subject: [isalist] Re: TMG Updates? This Version is the Latest On Wed, Jan 4, 2012 at 5:34 PM, Ball, Dan <DBall@xxxxxxxxxxx<mailto:DBall@xxxxxxxxxxx>> wrote: I recently switched over to our new TMG server, but am experiencing hangs a couple of times a day during heavy use. Searching on this problem shows that I might be missing some updates, which ones do I need? Currently running version 7.0.9193.500 -- Wayne Turner