ISA Firewall Service Process (wspsrv.exe) high CPU utilization issue

1. Introduction   When dealing with ISA high CPU utilization where wspsrve.exe is the one consuming more resources, the first impression is that ISA is the culprit for that. There are some scenarios where this statement is true, such as this one that I documented last year. But there are other scenarios where this is…


Random authentication prompts while accessing internet through ISA Server followed by ISA Server becoming unresponsive

Introduction Consider a scenario where users behind ISA Server (internal network) start to receive random prompts for authentication while trying to access internet using ISA Server as proxy. The authentication prompt persists even after entering the credentials. To resolve the issue it is necessary to restart Firewall Service. Although you probably heard or read about…


Windows Update fails for some workstations behind TMG when using WPAD

Introduction This post is about a recent scenario where TMG Administrator was receiving complains that some workstations that were using TMG as proxy were failing to run Windows Update. The interesting part of this issue was that only some workstations were having such problem and only if they were using “Automatic Detection” settings (which use…


“No network adapters could be identified” error when choosing a network template in TMG

Introduction Some of our customers have experienced the problem described below when doing the initial network configuration of a fresh TMG installation. I wanted to share here the cause and solution to this issue. Consider the following scenario You have installed Forefront TMG 2010, but when running the Getting Started wizard, you get the error…


Unable to join to TMG EMS Array with error: 0xC0040431

Introduction Consider a scenario where TMG Admin reinstalled TMG Enterprise Edition after a hardware failure and decided to rejoin the array member to the EMS. However, when TMG Admin tried to rejoin it the following error occurred: Troubleshooting The first basic step in this type of scenario is to review the event view, since it…


Understanding Performance Impact of Fast Trickling Option on TMG 2010

Introduction When the EMP feature is enabled, TMG will accumulate data downloaded by the client and scan all the content for malware before transferring it to the client. Accumulating the entire file and scanning it, may take a significant time. During this period of time, the client doesn’t receive any data and as a result…


TMG is Unable to Listen on Port 80 (no IIS was not installed)

Introduction Consider the scenario where a TMG 2010 Server is installed as Hyper-V guest on a Windows 2008 Server. You publish a website on port 80 or enable HTTP to HTTPS redirection on a Web Listener for an existing SSL publishing rule. When you try to access the published website you get an error: 10060…


Expect the unexpected… Failed Connection 995 and 64 with SSL Traffic

When speaking with customers, we hear a lot of questions around “unexpected” errors like “Failed Connection Error 995 Operation Aborted” and “Failed Connection Error 64 Net name Deleted” in the ISA/TMG logs. The main concern here is always if these errors are real errors and how to prevent them. These errors occur most of the…