We have TMG2010 configured with Microsoft Webfiltering service on a Windows 2008 server (physical box). Once in every few days, the server would stop serving the users. Proxy is configured to listen on port 8080.
You can telnet port 8080 from the TMG box itself (to localhost) and that would be successfull. Also, if you point the browser to use the proxy server as localhost on port 8080, internet works, but any clients wouldn't be able to contact the server on port 8080 (strangely, few other ports like an RDP port would work). Reboot the box, it works like a charm. And indeed, it would start responding to telnet requests on port 8080.
Something is wrong with this box, but we are ultimately running out of ideas. We have to do something before the clients start hating us for the unscheduled reboot of server during the business hours.
Something worth a try! But the last time the issue occurred and when I checked the port bindings, it was indeed TMG service (Microsoft Firewall Service) is the person listening on port 8080. Indeed, another test (of using a browser on the TMG server itself pointing the browser to localhost on port 8080) is successful.
I will however give this a go, the next time issue occurs and keep this thread posted.
we're experiencing the same issue. Every now and then TMG stops responding to user requests. Can't find anything in the eventlogs that even looks remotely related. After a reboot the thing works as a charm!
Unfortunately no... The services are currently running from the DR site and the client doesn't want to fail it back to primary site as they don't want a down time in their last days! :-P The Organization is shutting down it's operations completely and I'm afraid if I can find the cause of the problem.
A possible suggestion, try upgrading the NIC drivers and disabling the TCP Chimney. Let me know how it works :)
It doesn't have to be one large global deny rule, as in my case it was many little rules using domain name sets and url sets that overloaded TMG.
when the server becomes overloaded as described in the article it still maintaines its existing connections, so things may "appear" to work normally but web traffic generally stops instantly because they are short and frequent connections.