• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Routing (chaining) failure

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Routing (chaining) failure Page: [1]
Login
Message << Older Topic   Newer Topic >>
Routing (chaining) failure - 14.Mar.2013 6:32:50 AM   
mahaddon

 

Posts: 19
Joined: 3.Apr.2009
Status: offline
Routing (chaining) failure
Description: Forefront TMG detected a proxy server loop. There may be a problem in the configuration of the Forefront TMG Web chaining policy. Alternatively, in Enterprise Edition, when CARP is enabled and there are intermittent interruptions of intra-array connectivity, array member A may forward a request to array member B according to the CARP algorithm, and array member B may forward the request to array member A in an endless loop.

Hi

We are having problems with our TMG arrays and Iím hitting starting to run out of ideas.

We have a TMG Enterprise Array with 2 physical W2008 TMG servers in it. Itís a backend firewall and each TMG has an internal NIC, an external NIC for the DMZ and an inter array NIC. We donít have any chaining rules except the default chaining rule and we have CARP turned off at the moment.

We started getting hit with this alert and the TMG array started to crash but we found that the Network Team had set up PIM. Basically one of the TMGs would fail and would show as unavailable in TMG Management MMC. It would stop processing connection requests but would still be available to accept connections so users would get connection errors. We got them to disable it and the array settled down.

We had a power down in Feb and these problems started up straight after the server rooms were brought back online and surprise surprise these problems materialised straight away. I removed one of the servers from the array and the remaining server in the array seems to be working fine. The removed TMG is still having problems even though itís no longer in the array.

I have also noticed that we are getting this alert on a single standard VM TMG server which tells me that itís got nothing to do with CARP. Weíre getting dozens if not hundreds of these alerts a day. This box has 2 NICs. An internal NIC and an external NIC on a DMZ. We have several DMZs segregated on the firewall each with different server functionality such as HTTP DMZ or FTP DMZ and these two TMG servers are connected to different DMZ networks. However the physical TMGs could be plugged into the same network switches that the ESX servers are plugged into.

Network Team assure me that PIM hasnít been re-enabled across the network infrastructure but my thinking is that these problems are nothing to do with TMG and are caused by something on our infrastructure. Possibly a badly configured switch. Iím just wondering if this could be caused by something else? Or indeed if this is a TMG issue?

Cheers
Mark
Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Routing (chaining) failure Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts