Im trying to diagnose a problem with our TMG deployment whos topology is edge server, There are 4 networks/subnets

1 Internal TMG (NLB)

2 External TMG no NLB as its just used for NAT

3 EAP WiFi (NLB)

4 VPN (NLB)

The TMG servers are hosted on a clustered HyperV deployment and all tmg servers have 4 NIC's  and ive taken care to match the MAC address to the network and ip they should have so there are no mistakes there.

There is internet and lan access setup already for the internal networks and I already have a network rule to route between networks 1 3 and 4 (source 1,3,4 destination 1,3,4 relationship route) and on the other side (the routers)

But after enabling NLB on networks 3 and 4 I can no longer ping from either the tmg or routers.

Attempting to ping the router for the EAP WiFi network gives

Pinging 10.0.2.1 with 32 bytes of data:
Reply from 10.0.2.3: Destination host unreachable.

where 10.0.2.1 is the access point TMG 1 10.0.2.2, TMG 2 10.0.2.3, TMG 3 10.0.2.4 are the ip address's on the HyperV switch for this network For each TMG server and the NLB IP is 10.0.2.5

Attempting to ping from the access point to any of the addresses above again fails to work even though the access point shows both the Status & Line Protocol being up.

Can anyone suggest what might be the problem ? Like I said the problem started right after I enabled NLB.

ipconfig for TMG servers

Ethernet adapter TMG Internal Network:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.0.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 10.0.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter TMG External Network:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.1.1

Ethernet adapter EAP WiFi Network:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.2.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 10.0.2.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Remote Support Network:

   Connection-specific DNS Suffix  . :
   IPv4 Address. . . . . . . . . . . : 10.0.3.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 10.0.3.5
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Others are the same except with local ip addresses incremented by 1

• Edited by RaymondTh Monday, April 29, 2013 7:36 PM

Found what was causing this... I forgot to enable mac address spoofing for the 3rd and 4th NIC's.

After enabling on both adapters all is working again.

• Edited by RaymondTPreston Tuesday, April 30, 2013 7:07 PM
• Proposed as answer by RaymondTPreston Tuesday, April 30, 2013 7:07 PM
• Marked as answer by Nick Gu - MSFTMicrosoft contingent staff, Moderator Thursday, May 02, 2013 3:45 AM

Hi,

Thank you for sharing the solution.

Regards,

Hi (& sorry for bump!).

- Is your "EAP WiFi" a Wireless Adapter on External Hyper-V Virtual Switch?

(IF Yes) I have a similar setup (w/spoofing allowed) and whenever I enable NLB (bw two VMs), I seem not to be able to get a clear signal (ie. huge amount of Request Timed Out & sporadic 3000ms+ data).