Clients accessing WSUS NLB generates multiple Denied Connection actions (Network Steve Forum)

Clients accessing WSUS NLB generates multiple Denied Connection actions

Im having an issue with our tmg cluster after I Implemented a WSUS (multicast) NLB cluster ive noticed that every time a client contacts the WSUS NLB virtual IP 10.0.0.40 the TMG logs are flooded by 15-30 denied connection exceptions. There seems to be no problem from the clients perspective however this is causing the maximum denied connection limit to be reached and ive had to disable flood mitigation.

Its just internal > Internal traffic so I don't think I need a publishing rule ? Can anyone suggest a solution ?

Denied Connection	TMG3 7/6/2013 9:17:59 PM
Log type: Firewall service
Status: An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists.
Rule: None - see Result Code
Source: Internal (10.0.0.31:51643)
Destination: Internal (10.0.0.40:8531)
Protocol:WSUS Server
Additional information Number of bytes sent: Number of bytes received: 0 Processing time: 0msOriginal Client IP: 10.0.0.31

July 6th, 2013 4:26pm

Hi,

Yes, you don't need a publishing rule as it's a local environment, so client should go directly to WSUS without contacting TMG. You should bypass local traffic, you have this option in IE. I think update agent relies on IE settings and exceptions, so you should use it.

Free Windows Admin Tool Kit Click here and download it now

July 7th, 2013 1:51pm

This topic is archived. No further replies will be accepted.