Skip to content

Microsoft Forefront TMG no Traffic througput on Citrix XenServer

8. August 2012

If you install Microsoft Forefront TMG you may have the following problem: It doesn’t matter which traffic you allow – no Traffic passes the FTMG. For a working FTMG you need to disable some Windows-Network-Settings.

Open the properties of each Network-Connection and disable the following properties (repeat this for every Network-Connection!).

1. Open the Properties of the Network-Connection
ftmg-xen01

2. Choose “Configure” for the "Network-Card”
ftmg-xen02

3. Open “Advanced”-Tab and “Disable” “Correct TCP/UDP Checksum Value!”
ftmg-xen03

4. Disable “IPv4 Checksum Offload”
ftmg-xen04

5. Disable “Large Receive Offload (IPv4)”
ftmg-xen05

6. Disable “Large Send Offload Version 2 (IPv4)”
ftmg-xen06

7. Disable “TCP Checksum Offload (IPv4)”
ftmg-xen07

8. Disable “UDP Checksum Offload (IPv4)”
ftmg-xen08

After disabling these settings for all Network-Cards you furthermore have to set the following Registry-Settings:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DisableTaskOffload"=dword:00000001
"EnableTCPChimney"=dword:00000000
"EnableRSS"=dword:00000000
"EnableTCPA"=dword:00000000

ftmg-xen09

And finaly a reboot is needed – after this reboot everything should work like expected.

From → General

3 Comments
  1. Dan permalink

    Interesting post, thank you. I had the exact same issue when installing TMG on an W2K8R2 VM on XS6 today, but I found out that ENABLING “Correct TCP/UDP Checksum Value” (which is disabled by default) solved the problem for me. No need to disable the other five TCP/UDP offloading options. Did you try that?

    Regards,
    Dan

    Reply
    • jhmeier permalink

      Hey Dan,

      thanks for the information – I must admit that I didn’t test that. The settings which I showed helped me to solve some other problems with other programs (there are a lot of KB articles about the settings) and thats why I disabeld all of the settings. Maybee in this particular case it would be enough to disable one setting – but I can only recommend to generally disable/correct all of these settings.

      Regards
      Jan Hendrik

      Reply
      • Dan permalink

        Fair enough. After doing some more reading, it appears to me too that there is general consent to disable ALL of the offloading features on the VIF. Plus on the command line. Plus in the registry. Plus on the host :-/

        As for running TMG in XenServer, it looks like there is still an issue with XS tools v6.0 and v6.02 as indicated by David’s post of Jul/18 here: http://forums.citrix.com/thread.jspa?threadID=307070&start=15&tstart=0

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

«
»
%d bloggers like this: