Export (0) Print
Expand All
2 out of 6 rated this helpful - Rate this topic

Alert definitions

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

The following table summarizes the Forefront TMG predefined alert definitions.

 

Alert and Event definition Description Additional conditions

Access to Configuration Storage server is blocked (not relevant for Forefront TMG in the Essential Business Server scenario.)

As a result of changes made to the configuration, access to the Configuration Storage server is blocked.

Any connection failure

Account Name Resolution Failed (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Configuration Agent is unable to resolve the account specified for administration.

None

Alert action failure

The action associated with this alert cannot complete.

None

Application Filter Not Registered

The application filter is not registered on this server.

None

Array Member Status Verification Failed (not relevant for Forefront TMG in the Essential Business Server scenario.)

Array member status verification failed. VPN tunnels may not be established.

None

Array Member Status Verification Succeeded (not relevant for Forefront TMG in the Essential Business Server scenario.)

Forefront TMG successfully verified the array member's status. VPN tunnels can be established.

None

Array-Level Policy Rule Was Deleted (not relevant for Forefront TMG in the Essential Business Server scenario.)

The enterprise policy does not permit some types of array-level policy rules.

None

Both ISP links are unavailable

Both ISP links are detected to be unavailable.

None

Broken Reference in Cross-Array Configuration (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG Control service detected a reference to a rule element that does not exist in a Web publishing rule defined in an array.

None

CA Certificate Expired

The imported certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers has expired.

None

CA Certificate Expiring Soon

The certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers will expire in less than %1 days.

None

CA Certificate Failed to Sign

Forefront TMG failed to sign a cloned SSL server certificate for a destination server using a certification authority (CA) certificate.

None

CA Certificate Imported Successfully

The certification authority (CA) certificate that will be used to sign cloned SSL server certificates for destination servers was successfully imported.

None

CA Certificate Issuer Not Trusted

The imported certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers is not trusted by the local computer.

None

CA Certificate Not Yet Valid

The imported certification authority (CA) certificate that should be used to sign cloned SSL server certificates for destination servers is not yet valid.

None

Cache Container Initialization Error

The cache container initialization failed, and the container is ignored.

None

Cache Container Recovery Complete

The recovery of a single container is complete.

Any

Cache File Resize Failure

The operation to reduce the size of the cache file failed.

None

Cache Initialization Failure

The Web cache proxy is disabled because of global failure.

None

Cache Permissions Insufficient

When you configure a drive for caching, a cache file (Dir1.cdat), is created in the drive:\urlcache folder. This alert definition indicates that the Network Services account does not have sufficient permissions for the root folder and the urlcache folder on one or more cache drives. Verify that the Network Services account has at least List Folder and Read permissions for the root folder, and it has Read permission for the urlcache folder on all cache drives.

None

Cache Restoration Completed

The cache content restoration is complete.

Any

Cache Write Error

There is a failure in writing content to the cache.

None

Cached Object Discarded

During cache recovery, an object with conflicting information was detected. The object is ignored.

None

Certificate on Forefront TMG about to expire

A certificate on Forefront TMG is nearing its expiration date.

None

Certificate on Forefront TMG invalid

There is a validity problem with a certificate used by Forefront TMG to establish a SSL connection with a client.

None

Code Page Invalid

One or more code pages are invalid, or the applicable conversion tables are not installed.

None

Component load failure

There is a failure to load an extension component.

Any component

Compression by Unsupported Method

A response compressed by an unsupported method (indicated in the HTTP Content-Encoding header) was received. Forefront TMG only supports GZIP compression.

None

Compression Failure

Forefront TMG failed to compress the content of a response.

None

Compression Failure (Allocated Memory Exhausted)

The compression filter cannot handle a response because the memory allocated for compression is in use.

None

Compression Failure (Decompression Failed)

Forefront TMG was unable to decompress the content of a response.

None

Compression Failure (Filter Misconfiguration)

The compression filters are configured incorrectly. Both filters must be in the same state, either enabled or disabled.

None

Concurrent TCP Connections from One IP Address Limit Exceeded

The number of concurrent TCP connections allowed from an IP address is exceeded.

None

Configuration Agent Removed Overlapping Ranges (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG Configuration Agent has removed ranges from the included enterprise network, because they overlap with another array network.

None

Configuration changes cannot be loaded by Forefront TMG services (not relevant for Forefront TMG in the Essential Business Server scenario.)

Forefront TMG fails to load the new configuration. When a new configuration is saved, Forefront TMG will renew its attempt to apply the changes.

None

Configuration Changes Overload (not relevant for Forefront TMG in the Essential Business Server scenario.)

Continuous or excessive changes to the configuration are detected. This may indicate an attack on the Configuration Storage server.

None

Configuration error

An error occurs while reading configuration information.

None

Configuration of SMTP Protection failed

Forefront TMG failed to apply SMTP Protection configuration.

None

Configuration of SMTP Protection reapplied

Unexpected changes found in Exchange Edge configuration. Forefront TMG reapplied SMTP Protection. configuration.

None

Connection Limit Exceeded

A user or an IP address exceeds its connection limit.

None

Connection Limit for a Rule was Exceeded

The number of connections per second allowed for a rule was exceeded.

None

Connectivity Restored

Forefront TMG successfully re-established connectivity to the requested server.

None

Credentials Delegation Failure

Forefront TMG attempts to delegate credentials, but the published Web site rejects the credentials.

None

Credentials Delegation Using Kerberos Constrained Delegation Failure

Forefront TMG fails to delegate credentials when using Kerberos constrained delegation to a published Web site.

None

Cross-Array Link Translation Configuration Inconsistency (not relevant for Forefront TMG in the Essential Business Server scenario.)

Cross-array link translation includes this array. However, link translation is disabled at the array level. Links to this array will not be translated and will be broken.

None

Definition Update Process Stopped

The definition update process was cancelled before it completed.

None

Definition Updates and Telemetry Unavailable Through Local Host Network

Definition updates and telemetric data cannot be sent through the Local Host network because the network is not enabled for Web proxy connections. For instructions, see Enabling a network to receive Web proxy requests.

None

Definition Updates Available

New definition updates are available for the server.

None

Definition Updates Available But Could Not Be Installed

New updates are available but cannot be installed. Check whether the evaluation period has expired. If it has, check that there is a valid license for updates. Check that the Firewall service is running.

None

Definition Updates Checking Failed

The check for updates cannot be completed.

None

Definition Updates Installed

Updates were installed successfully.

None

Definition Updating Failed

An error occurred during definition update checking or downloading.

None

Denied Connections per Minute from One IP Address Limit Exceeded

The number of denied connections per minute allowed from one IP address was exceeded.

Denied connections per minute from one IP address limit exceeded

DHCP Anti-Poisoning Intrusion Detection Disabled

The DHCP anti-poisoning intrusion detection mechanism is disabled.

None

Dial-on-demand failure

There was a failure to create a dial-on-demand connection, because there is no answer or the line is busy.

None

Different MTU sizes of ISP links

The maximum transmission units (MTUs) of the network adapters associated with the ISP links %1 and %2 are equal to %3 and %4, respectively. The smaller MTU will be used for the both links. For best system performance, we recommend that you use network adapters of the same type for both ISP links.

None

Different offload capabilities of ISP links

The offload capabilities of the network adapters associated with the ISP links are not equal and will be disabled. For best system performance, we recommend that you use network adapters of the same type for both ISP links.

None

DNS Intrusion

A host name overflow, length overflow, or zone transfer attack occurs.

All DNS intrusions

DNS Zone Transfer Intrusion

A zone transfer attack occurred.

DNS zone transfer intrusions

Event Log Failure

There was a failure to log the event information to the system event log. This alert is disabled by default.

None

Fail to adjust MTU sizes

Adjustment of the maximum transmission units (MTUs) of the network adapters associated with the ISP links %1 and %2 failed. Ascertain the MTUs of these network adapters manually and set both of them to the smaller MTU.

None

Firewall Communication Failure

There was a failure in communication between the firewall client and the Forefront TMG server.

None

Forefront TMG Cannot Connect to the Configuration Storage server (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Configuration Storage server cannot be contacted. The local configuration was applied.

None

Forefront TMG Computer Restart is Required

Configuration changes will only take affect after restarting the server.

None

Forefront TMG Switched Configuration Storage servers (not relevant for Forefront TMG in the Essential Business Server scenario.)

Forefront TMG switched from one Configuration Storage server to the other due to a change in the configuration, connectivity issues, or Configuration Storage server availability.

Any reason for switching between servers

Forefront TMG VPN tunnel redistribution is recommended (not relevant for Forefront TMG in the Essential Business Server scenario.)

VPN tunnels are not distributed evenly amongst all array members.

None

Free Disk Space Limit Exceeded

The free disk space limit for log storage was exceeded.

Free disk space limit exceeded

FTP Filter Initialization Warning

The FTP filter fails to parse the allowed FTP commands. Verify that the commands are stored in the correct format. Each command should be no more than four characters, and each command should be separated from the previous one with a space character.

None

Global denied packets rate limit

The number of denied TCP and non-TCP packets per second exceeded the allowed limit.

None

Host ID assigned to this server is not valid (not relevant for Forefront TMG in the Essential Business Server scenario.)

This server has the same host ID as another server. This is not a valid configuration. A valid host ID is unique to each server in the array, within the range 2–32. The Firewall service cannot start until the server is assigned a valid host ID.

None

HTTP Requests from One IP Address Limit Exceeded

The number of HTTP requests per minute from one IP address exceeded the specified limit.

HTTP requests from one IP address limit exceeded

HTTPS Inspection Configuration Not Loaded

The HTTPS inspection configuration settings could not be loaded.

None

Intra-Array Configuration Error (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG intra-array configuration is invalid.

None

Intrusion Detected

An intrusion was attempted by an external user.

Any intrusion

Invalid Configuration Settings

Configuration settings cannot be applied.

Any failure

Invalid CRL Found

A client certificate was revoked due to an invalid or missing certificate revocation list (CRL). The CRL may have expired, and Forefront TMG is unable to download a valid CRL. Verify that the CRL download system policy configuration group is enabled and that there is connectivity to the CRL distribution points.

None

Invalid DHCP offer

The DHCP offer IP address is not valid.

None

Invalid dial-on-demand credentials

Invalid dial-on-demand credentials were detected.

None

Invalid network adapter configuration

The network adapter is configured with several IP addresses that belong to several networks. This is an invalid configuration.

None

IP Spoofing

The IP packet source address is not valid.

None

IPsec Configuration Update Failure

IPsec traffic cannot be processed because of a configuration error.

None

IPsec Traffic Blocked

IPsec configuration settings cannot be applied and the traffic is blocked.

None

IPsec Traffic Configuration Recovery

A problem preventing setting of the configuration required for processing incoming IPsec traffic was resolved.

None

ISP link address missing

No IP address configured on a network adapter of the Forefront TMG computer in the External network can be associated with the ISP link.

None

ISP link is active

ISP link is active.

None

ISP link is available

ISP link is detected to be available.

None

ISP link is unavailable

ISP link is detected to be unavailable.

None

LDAP Server Recovered

The connection to the LDAP server is restored.

None

LDAP Server Unavailable

The LDAP server requested did not respond.

None

License Expired

The expiration date of the license required to update malware definitions has passed.

None

License Nearing Expiration

The expiration date of the license required to update malware definitions is approaching.

None

Link Translation Configuration Insecure

The Web listener used in a Web publishing rule specifies an HTTP connection to clients, but the rule is configured with an HTTPS connection to the published server or Web farm. HTTPS links will be translated to HTTP links.

None

Link Translation Configuration Invalid

One or more link translation mappings are invalid. Link translation mappings must be between 4 and 2,057 bytes. Invalid mappings are ignored.

None

Link Translation Redirection Unpublished Site Contains Invalid Character

The URL of a site specified in the list of unpublished sites for link translation redirection contains one or more non-ANSI characters.

None

Link Translation Redirection Unpublished Site Length Invalid

The length of the URL for a site specified in the list of unpublished sites for link translation redirection is invalid.

None

Local NLB Configuration Change (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Microsoft Firewall service identifies changes to the local Network Load Balancing (NLB) configuration or state. Changes to the NLB configuration or state are supported only through the Forefront TMG administrator. Any local changes will be overridden.

None

Log Deletion Failure

Log deletion (attempted in accordance with configuration settings) fails.

None

Log Failure

One of the service logs failed.

Any Forefront TMG service

Log formatting failure

Log records cannot be stored in the designated format.

Any Forefront TMG service

Log Queue Store Usage Ended

Log records in the queue were logged in the correct log format.

None

Log Queue Usage Started

Log records are written to the log queue because the rate of log generation exceeds the rate of log formatting.

None

Log Storage Limits

One or more of the log storage limits is reached.

Any

Logging Resumed

One of the services resumed logging following a previous failure.

Any Forefront TMG service

Low Non-Paged Pool

The size of the free non-paged pool fell below the system-defined minimum.

None

Low Non-Paged Pool Recovered

The size of the free non-paged pool exceeds the system-defined minimum.

None

Malware Inspection Available Disk Space Exceeded

The temporary storage required for malware inspection exceeded the available disk space. Requests that trigger this alert are blocked.

None

Malware Inspection Client Disk Space Limit Exceeded

The disk space limit set per client was exceeded. Requests that trigger this alert are blocked.

Any Client Limit

Malware Inspection Content Download Timed Out

Content passed inspection but the client did not click the Download button on the progress notification page within the allotted time.

None

Malware Inspection Definitions Loaded

Definitions were loaded successfully.

None

Malware Inspection Definitions Not Loaded During Update

Definitions for malware inspection could not be loaded from the new definitions folder.

None

Malware Inspection Definitions Not Loaded When Definitions Folder is Not Defined

Definitions for malware inspection could not be loaded because the current definitions folder is defined.

None

Malware Inspection Definitions Not Loaded When Service Starts

Definitions for malware inspection could not be loaded from the current definitions folder.

None

Malware Inspection Definitions Outdated

Definitions are older than the recommended age. This may be caused by an expired license or a connection problem.

None

Malware Inspection Deletion of Outdated Definitions Failed

The folder containing outdated definitions cannot be deleted. The Malware Inspection Filter will attempt to delete the folder again when the Firewall service restarts.

None

Malware Inspection Detected Attempted Content Theft

A client attempted to retrieve content that it did not originally request.

None

Malware Inspection Disabled Globally

Malware inspection is enabled on at least one rule, but is not enabled globally. For more information, see Configuring global malware inspection settings.

None

Malware Inspection Filter Detected Malware

Malware was detected. The detected content was either removed or blocked.

None

Malware Inspection Progress Notification Template Not Loaded

The template used for client progress notification for specific content types cannot be found.

None

Malware Inspection Storage Limit Exceeded

The amount of disk space allocated for temporary storage of files during the malware inspection process has been exceeded. Requests that trigger this alert are blocked.

None

Malware Inspection Temporary Storage Folder Access Error

The temporary storage folder cannot be accessed or does not exist.

None

Malware Inspection Temporary Storage Folder Created

The temporary storage folder was successfully created.

None

Microsoft Update Currently Not Used

Malware definition updates cannot be applied because the server is not configured to use Microsoft Updates. For more information, see Configuring connectivity to update sites.

None

Misconfigured Alert

An alert definition contains an invalid property.

None

Multiple IP addresses for ISP link

More than one IP address configured on a network adapter of the Forefront TMG computer in the External network can be associated with the ISP link.

None

NAT Address Selection Ambiguity

More than one NAT IP address is specified for a network entity in a network rule.

None

NAT Address Selection Empty

No NAT IP address is specified for a network entity in a network rule.

None

Network configuration changed

A network configuration change that affects Forefront TMG is detected.

Any network configuration change

Adapter enabled

Adapter disabled

IP added or removed

Network connected

Network disconnected

Network addresses modified

Network Inspection System Selected Signature Set Loading Failure

The local array is configured to use a selected signature set instead of the latest signature set retrieved by Forefront TMG, but Network Inspection System will use the latest signature set because the selected signature set could not be loaded.

None

Network Inspection System signature set caused Microsoft Firewall Service failure.

The Firewall service failed to load a network inspection system signature set. In order to protect the system, the Microsoft Firewall Service will not attempt to load this signature set again.

None

Network Inspection System Signature Set Loading Failed

Network Inspection System failed to load the current signature set because the current signature set file is missing or is corrupted.

None

Network Inspection System Signature Set Loading Succeeded

Network Inspection System succeeded to load the current signature set.

None

Network Inspection System Update Required

Network Inspection System installed a new signature set because a required Forefront TMG update has not been installed.

None

NIS Blocked Traffic Matching a Known Signature

The Network Inspection System blocked traffic because it matched the signature.

None

NIS Blocked Traffic with Protocol Anomaly

The Network Inspection System detected a protocol anomaly and blocked the connection. If you determine that the blocked traffic was legitimate, you may want to consider changing the protocol anomaly response to "Allow traffic".

None

NIS Detected Traffic Matching a known Signature

The Network Inspection System detected traffic that matches the signature. The traffic was not blocked because the signature is set to Detect Only mode. Consider configuring this signature to Block mode.

None

NLB Configuration Cannot Be Removed

Network Load Balancing configuration settings cannot be removed.

None

NLB configuration Failure (not relevant for Forefront TMG in the Essential Business Server scenario.)

There is a failure to configure Network Load Balancing to work with Forefront TMG.

None

NLB Configuration Removed Successfully

Network Load Balancing configuration settings removed successfully.

None

NLB Inconsistent Configuration Detected (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing inconsistency is found on some networks. Traffic might not be routed properly.

None

NLB is Draining and Stopping (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing is draining and stopping due to a request by the administrator.

None

NLB Possible Reduced Load Balancing Performance (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing performance may be impaired due to a failure to resolve a Web server name.

None

NLB Shutdown - Firewall Service Not Responding (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is stopped because the Firewall service has stopped responding.

None

NLB Shutdown - Firewall Service Stopped (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is stopped because the Firewall service is stopped.

None

NLB Started (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is started.

None

NLB Stopped - Configuration Failure (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Firewall service fails to apply Network Load Balancing configuration. NLB on the local computer will be disabled.

None

NLB Stopped - Network Adapter Problem (not relevant for Forefront TMG in the Essential Business Server scenario.)

There is no suitable network adapter for Network Load Balancing on some networks. NLB on the local computer will be stopped.

None

NLB Stopped - NLB Integration Is Unavailable (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing integration cannot be configured on this server.

None

NLB Stopped - RRAS Service Not Responding (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is stopped because Routing and Remote Access is not responding.

None

NLB Stopped - VPN Static Address Pool Is Empty ((not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is stopped because the VPN static address pool on this computer is empty.

None

NLB Stopped Manually (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing on the local computer is stopped manually by the administrator.

None

No Available Ports

Network sockets are not created because there are no available ports.

None

No Connectivity

Forefront TMG failed to establish a connection to the requested server.

None

Non-TCP Sessions from One IP Address Limit Exceeded

The number of non-TCP sessions allowed from one IP address is exceeded.

Non-TCP sessions from one IP address limit exceeded

OS component conflict

There is a conflict with one of the operating system components: IP network address translation (NAT) editor, Internet Connection Sharing (ICS), or Routing and Remote Access.

Any operating system component conflict

Oversized UDP packet

Forefront TMG dropped a User Datagram Protocol (UDP) packet because it exceeds the maximum UDP packet size. For more information, see the Forefront TMG COM property: UdpBufferSize.

None

Pending DNS Requests Resource Usage Limit Exceeded

The percentage of threads used for pending DNS requests out of the total number of available threads exceeds the system-defined maximum.

None

Pending DNS Requests Resource Usage Limit Within Limits

The percentage of threads used for pending DNS requests out of the total number of available threads is now below the system-defined maximum, and connections that require DNS name resolution can be accepted.

None

POP Intrusion

A POP buffer overflow is detected.

None

Propagate configuration change failed (not relevant for Forefront TMG in the Essential Business Server scenario.)

A change to the configuration in the central storage cannot be propagated to the Forefront TMG computer.

None

Published server certificate expiration warning

A certificate on a server published by Forefront TMG is nearing its expiration date.

None

Published Web Server Name Not Resolvable

Forefront TMG cannot resolve the name of a published Web server. All requests handled by the Web published rule will be denied.

None

Quarantine Exit Request Discarded

A VPN NAP client requested to exit quarantine using an invalid method. The request was discarded.

None

Quarantined VPN Clients Network Changes

A user was removed from the Quarantined VPN Clients network. This alert is disabled by default.

Quarantined user changed state

RADIUS Server Recovered

The connection to the RADIUS server was restored.

None

RADIUS Server Unavailable

The RADIUS server requested did not respond.

None

Report Job Generation Failure

An error occurred while generating a report job.

None

Report Summary Generation Failure

An error is received while generating a report summary from log files.

None

Reporting Services - Service Initialization Failure

This Forefront TMG server is defined as the active report server, but the following related service could not be started: service %1. This service is necessary for Forefront TMG reporting services. It is recommended that you review previous events for possible causes, and then start the service manually.

None

Reporting Services - Service Shutdown Failure

This server is no longer the acting report server. However, the following related service could not be stopped: service %1. It is recommended that you stop the service manually because it is no longer required. If the service cannot be stopped, review previous events for possible causes.

None

Reporting Services Configuration Failure

An error occurred while configuring SQL Server Reporting Services for Forefront TMG.

None

Resource Allocation Failure

There is a resource allocation failure. For example, the system is out of memory.

None

Revert to Last Known Configuration Failed (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG Configuration Agent is unable to revert to the last known configuration.

None

Revert to Last Known Configuration Succeeded (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG Configuration Agent successfully reverted the configuration.

None

Routing (chaining) failure

Forefront TMG failed to route the request to an upstream server.

None

Routing (chaining) recovery

Forefront TMG resumed routing to an upstream server.

None

RPC Filter - Bind failure

A remote procedure call (RPC) filter cannot use the defined port because it is already in use.

None

RPC Filter - connectivity changed

Connectivity to the publishing RPC service changed.

Any

Server Publishing Failure

The server publishing rule is configured incorrectly.

Incorrect rule configuration

Server publishing is not applicable

The server publishing rule cannot be applied.

Rule cannot be applied

Server Publishing Recovery

The server publishing rule can now be applied.

None

Service Initialization Failure

There is a service initialization failure.

Any Forefront TMG service

Service not responding

A Forefront TMG service terminates or stops functioning unexpectedly.

Any Forefront TMG service

Service Shutdown

A service has stopped gracefully.

Any Forefront TMG service

Service Started

A service started gracefully.

Any Forefront TMG service

SIP calls quota exceeded

SIP calls quota exceeded, new calls will be dropped

None

SIP filter initialization failure

The SIP application filter failed to initialize

None

SIP registration quota exceeded

SIP registration quota exceeded, new registration requests will be dropped

None

Slow Connectivity

Forefront TMG encountered a slow connection to the requested server.

None

SMTP filter encountered an invalid bare CR or LF

Bare carriage return/line feed (CR/LF) may pose a security risk. The connection has been terminated.

Bare CR/LF terminator

SMTP filter encountered an invalid DATA terminator

Some character combinations in DATA may pose a security risk. The connection has been terminated.

Invalid DATA termination

SMTP Filter event

A SMTP command rule is violated.

Any

SOCKS configuration failure

The port specified in SOCKS properties is in use by another protocol.

None

SSL connection failure with published server (name mismatch)

Forefront TMG failed to establish an SSL connection with a published server. There is a name mismatch.

None

SSL connection failure with published server (no trust)

Forefront TMG failed to establish an SSL connection with a published server. There is a domain trust issue.

None

SSL connection failure with published server (server certificate not valid)

Forefront TMG failed to establish an SSL connection with a published server. A server certificate is not valid.

None

SSL connection failure with published server (unknown reason)

Forefront TMG failed to establish an SSL connection with a published server.

None

SYN attack

Forefront TMG detects a SYN attack.

None

TCP connections per Minute from One IP Address Limit Exceeded

The number of TCP connections per minute allowed from one IP address was exceeded.

None

The Configuration Agent Has Restored Its Connection with the Configuration Storage Server (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Configuration Agent restored its connection to the Configuration Storage server. Changes made during the disconnection time were applied to the service.

None

The configuration was reloaded (not relevant for Forefront TMG in the Essential Business Server scenario.)

The configuration reloaded. The Configuration Agent recovered from the error and successfully reloaded the configuration information.

None

The response was rejected because a compressed response was not requested

The response was rejected because a compressed response was not requested. Forefront TMG blocked compressed HTTP responses when it did not request compression.

None

Total log size limit exceeded

The log storage total size limit was exceeded.

None

Traffic Blocked

A configuration failure occurred and all traffic is being blocked by the Firewalls service.

None

Undefined account for intra-array authentication (not relevant for Forefront TMG in the Essential Business Server scenario.)

For intra-array authentication when array members are in a workgroup, the intra-array account must be defined and enabled. Some features, such as VPN, Cache Array Routing Protocol (CARP), and reporting, will not work unless the intra-array account is properly configured.

None

Unregistered event

An unregistered event is raised.

None

Unresolvable remote gateway address on a VPN network

A remote gateway address specified for a VPN site-to-site network cannot be resolved. As a result, a VPN connection cannot be established to the remote network.

None

Unresolvable Server Name

A server name cannot be resolved to an IP address.

None

Update Center - Updates Not Installed

Protection mechanisms did not install updates.

None

Update Center Required Service Not Started

The Update Center cannot obtain updates because the Microsoft c Job Scheduler service is not started.

None

Upload New Configuration to Services Failed (not relevant for Forefront TMG in the Essential Business Server scenario.)

The Forefront TMG Configuration Agent is unable to upload the configuration to the Forefront TMG services.

None

Upstream chaining credentials

The upstream chaining credentials are incorrect.

None

URL Categorization Server Down

URL Categorization Server Down

None

URL Categorization Server Paused

URL Categorization Server Paused

None

URL Categorization Server Up

URL Categorization Server Up

None

VPN Connection Failure

VPN client connection attempt fails.

None

VPN Connection Request Policy Updated

The connection request policy was updated. The new policy may interfere with the NPS (RADIUS) service for other RADIUS clients.

None

Web Farm Servers Unavailable

A Web published rule stopped forwarding requests to a Web farm because there are currently no servers in the Web farm that can accept requests.

None

Web filter cannot process content larger than 4GB

A Web filter cannot process content larger than 4GB. As a result content larger than 4GB will be blocked by the proxy. To enable processing of content larger than 4GB either disable the Web filter, or upgrade to a newer version which can process content larger than 4GB, if one exists.

None

Web Filter Not Registered

The Web filter is not registered on this server.

None

Web Proxy Filter Bind Socket Recovery

A problem preventing the Web Proxy filter from binding its sockets was resolved.

None

WFP Filter Conflict Detected

Windows Filtering Platform (WFP) filters were detected and may cause policy conflicts.

None

WFP Sub-Layer Includes Unexpected Filters

Unexpected filters are registered to the WFP sub-layers. This may indicate a malicious filter provider.

None

Windows NLB Is Not Installed (not relevant for Forefront TMG in the Essential Business Server scenario.)

Network Load Balancing is not installed on this computer. NLB configuration cannot be applied or monitored.

None

Windows User-Based Policy in Workgroup (not relevant for Forefront TMG in the Essential Business Server scenario.)

The applied policy contains one or more policy rules specifying Windows-based user authentication. The Forefront TMG array is in a workgroup. Windows-based user authentication cannot be applied to an array in a workgroup.

None

WMI Service Connection Was Lost (not relevant for Forefront TMG in the Essential Business Server scenario.)

The connection to the Microsoft Windows Management Instrumentation (WMI) service was lost. For NLB to function properly, a continuous connection to the WMI service is required. When the Firewall service is restarted, NLB will restart.

None

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.