Gents, after fighting with the problem for a couple of days. I decided to rebuild the TMG server from scratch. After all done the problem started to happen again!
The operational system (W2K8 R2) is uptodate and the TMG w/ SP2 RU 2 and.
Any tips?
dump transcript:
Version=1
EventType=APPCRASH
EventTime=129947941372917734
ReportType=2
Consent=1
ReportIdentifier=1273f1d9-16ea-11e2-a29d-00155d011e08
IntegratorReportIdentifier=1273f1d8-16ea-11e2-a29d-00155d011e08
Response.type=4
Sig[0].Name=Application Name
Sig[0].Value=wspsrv.exe
Sig[1].Name=Application Version
Sig[1].Value=7.0.9193.540
Sig[2].Name=Application Timestamp
Sig[2].Value=4f7b29e5
Sig[3].Name=Fault Module Name
Sig[3].Value=ntdll.dll
Sig[4].Name=Fault Module Version
Sig[4].Value=6.1.7601.17725
Sig[5].Name=Fault Module Timestamp
Sig[5].Value=4ec4aa8e
Sig[6].Name=Exception Code
Sig[6].Value=c0000005
Sig[7].Name=Exception Offset
Sig[7].Value=0000000000052fc6
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.1.7601.2.1.0.272.7
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1046
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=2b37
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=2b37255b7c798f5cc1afca9527e33f9b
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=5a1d
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=5a1d22f94f7486cd647ea3019af7fb66
UI[2]=C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
UI[3]=Microsoft Firewall Service has stopped working
UI[4]=Windows can check online for a solution to the problem.
UI[5]=Check online for a solution (recommended)
UI[6]=Check for a solution later (recommended)
UI[7]=Close
UI[8]=Microsoft Firewall Service stopped working and was closed
UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
UI[10]=&Close
LoadedModule[0]=C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\system32\kernel32.dll
LoadedModule[3]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[4]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[5]=C:\Windows\system32\msvcrt.dll
LoadedModule[6]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[7]=C:\Windows\system32\RPCRT4.dll
LoadedModule[8]=C:\Windows\system32\ATL.DLL
LoadedModule[9]=C:\Windows\system32\USER32.dll
LoadedModule[10]=C:\Windows\system32\GDI32.dll
LoadedModule[11]=C:\Windows\system32\LPK.dll
LoadedModule[12]=C:\Windows\system32\USP10.dll
LoadedModule[13]=C:\Program Files\Microsoft Forefront Threat Management Gateway\RATLIB.dll
LoadedModule[14]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MSPSEC.dll
LoadedModule[15]=C:\Program Files\Microsoft Forefront Threat Management Gateway\msfpc.DLL
LoadedModule[16]=C:\Program Files\Microsoft Forefront Threat Management Gateway\msfpcui.DLL
LoadedModule[17]=C:\Program Files\Microsoft Forefront Threat Management Gateway\msfpcstg.DLL
LoadedModule[18]=C:\Windows\system32\ole32.dll
LoadedModule[19]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[20]=C:\Windows\system32\ACTIVEDS.dll
LoadedModule[21]=C:\Windows\system32\adsldpc.dll
LoadedModule[22]=C:\Windows\system32\WLDAP32.dll
LoadedModule[23]=C:\Windows\system32\NTDSAPI.dll
LoadedModule[24]=C:\Windows\system32\WS2_32.dll
LoadedModule[25]=C:\Windows\system32\NSI.dll
LoadedModule[26]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MSPAPI.dll
LoadedModule[27]=C:\Program Files\Microsoft Forefront Threat Management Gateway\WSPAPI.dll
LoadedModule[28]=C:\Program Files\Microsoft Forefront Threat Management Gateway\PREAPI.dll
LoadedModule[29]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MANAGEDAPI.dll
LoadedModule[30]=C:\Program Files\Microsoft Forefront Threat Management Gateway\W3PAPI.dll
LoadedModule[31]=C:\Windows\system32\NETAPI32.dll
LoadedModule[32]=C:\Windows\system32\netutils.dll
LoadedModule[33]=C:\Windows\system32\srvcli.dll
LoadedModule[34]=C:\Windows\system32\wkscli.dll
LoadedModule[35]=C:\Windows\system32\LOGONCLI.DLL
LoadedModule[36]=C:\Windows\system32\DSROLE.DLL
LoadedModule[37]=C:\Windows\system32\WSOCK32.dll
LoadedModule[38]=C:\Windows\system32\urlmon.dll
LoadedModule[39]=C:\Windows\system32\WININET.dll
LoadedModule[40]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[41]=C:\Windows\system32\iertutil.dll
LoadedModule[42]=C:\Windows\system32\CRYPT32.dll
LoadedModule[43]=C:\Windows\system32\MSASN1.dll
LoadedModule[44]=C:\Windows\system32\msi.dll
LoadedModule[45]=C:\Program Files\Microsoft Forefront Threat Management Gateway\msfpccom.DLL
LoadedModule[46]=C:\Windows\system32\IPHLPAPI.DLL
LoadedModule[47]=C:\Windows\system32\WINNSI.DLL
LoadedModule[48]=C:\Windows\system32\SAMCLI.DLL
LoadedModule[49]=C:\Windows\system32\Secur32.dll
LoadedModule[50]=C:\Windows\system32\SSPICLI.DLL
LoadedModule[51]=C:\Windows\system32\DNSAPI.dll
LoadedModule[52]=C:\Windows\system32\WTSAPI32.dll
LoadedModule[53]=C:\Program Files\Microsoft Forefront Threat Management Gateway\sidahlpr.dll
LoadedModule[54]=C:\Windows\system32\PSAPI.DLL
LoadedModule[55]=C:\Windows\system32\VERSION.dll
LoadedModule[56]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MSPHLPR.dll
LoadedModule[57]=C:\Windows\system32\RASAPI32.dll
LoadedModule[58]=C:\Windows\system32\rasman.dll
LoadedModule[59]=C:\Windows\system32\AUTHZ.dll
LoadedModule[60]=C:\Windows\system32\Normaliz.dll
LoadedModule[61]=C:\Program Files\Microsoft Forefront Threat Management Gateway\RpcFltr.DLL
LoadedModule[62]=C:\Program Files\Microsoft Forefront Threat Management Gateway\msfpcregexp.dll
LoadedModule[63]=C:\Windows\system32\MSWSOCK.dll
LoadedModule[64]=C:\Windows\system32\WINHTTP.dll
LoadedModule[65]=C:\Windows\system32\webio.dll
LoadedModule[66]=C:\Windows\system32\IMM32.DLL
LoadedModule[67]=C:\Windows\system32\MSCTF.dll
LoadedModule[68]=C:\Windows\system32\DBGHELP.DLL
LoadedModule[69]=C:\Windows\system32\CRYPTBASE.dll
LoadedModule[70]=C:\Windows\System32\wshtcpip.dll
LoadedModule[71]=C:\Windows\System32\wship6.dll
LoadedModule[72]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MSFPC.SYS
LoadedModule[73]=C:\Windows\system32\dhcpcsvc6.DLL
LoadedModule[74]=C:\Windows\system32\dhcpcsvc.DLL
LoadedModule[75]=C:\Windows\system32\CLBCatQ.DLL
LoadedModule[76]=C:\Program Files\Microsoft Forefront Threat Management Gateway\EmpScan.dll
LoadedModule[77]=C:\Windows\system32\SHELL32.dll
LoadedModule[78]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MpUtil.DLL
LoadedModule[79]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MpHashLib.DLL
LoadedModule[80]=C:\Windows\system32\credssp.dll
LoadedModule[81]=C:\Windows\system32\CRYPTSP.dll
LoadedModule[82]=C:\Windows\system32\rsaenh.dll
LoadedModule[83]=C:\Windows\system32\RpcRtRemote.dll
LoadedModule[84]=C:\Windows\system32\SXS.DLL
LoadedModule[85]=C:\Windows\System32\msxml3.dll
LoadedModule[86]=C:\Program Files\Microsoft Forefront Threat Management Gateway\IPS\GapaEngine_1cdaaf6_d3af2500.dll
LoadedModule[87]=C:\Windows\system32\WINTRUST.dll
LoadedModule[88]=C:\Windows\System32\msxml6.dll
LoadedModule[89]=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
LoadedModule[90]=C:\Windows\system32\profapi.dll
LoadedModule[91]=C:\Windows\system32\xmllite.dll
LoadedModule[92]=C:\Windows\system32\security.dll
LoadedModule[93]=C:\Windows\system32\schannel.dll
LoadedModule[94]=C:\Windows\system32\NLAapi.dll
LoadedModule[95]=C:\Windows\system32\napinsp.dll
LoadedModule[96]=C:\Windows\System32\winrnr.dll
LoadedModule[97]=C:\Program Files\Microsoft Forefront Threat Management Gateway\MPEngine\{9F4AF8CE-0798-48D4-93C2-5663278FFD86}\mpengine.dll
LoadedModule[98]=C:\Windows\system32\imagehlp.dll
LoadedModule[99]=C:\Windows\system32\ncrypt.dll
LoadedModule[100]=C:\Windows\system32\bcrypt.dll
LoadedModule[101]=C:\Windows\system32\bcryptprimitives.dll
LoadedModule[102]=C:\Windows\system32\USERENV.dll
LoadedModule[103]=C:\Windows\system32\GPAPI.dll
FriendlyEventName=Stopped working
ConsentKey=APPCRASH
AppName=Microsoft Firewall Service
AppPath=C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
Event on the event viewer:
Log Name: Application
Source: Application Error
Date: 15/10/2012 14:02:17
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: SERVIDOR
Description:
Faulting application name: wspsrv.exe, version: 7.0.9193.540, time stamp: 0x4f7b29e5
Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e
Exception code: 0xc0000005
Fault offset: 0x0000000000052fc6
Faulting process id: 0x630
Faulting application start time: 0x01cdaaf6d390dbb4
Faulting application path: C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 1273f1d8-16ea-11e2-a29d-00155d011e08
Event Xml:
< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-10-15T17:02:17.000000000Z" />
<EventRecordID>72613</EventRecordID>
<Channel>Application</Channel>
<Computer>SERVIDOR</Computer>
<Security />
</System>
<EventData>
<Data>wspsrv.exe</Data>
<Data>7.0.9193.540</Data>
<Data>4f7b29e5</Data>
<Data>ntdll.dll</Data>
<Data>6.1.7601.17725</Data>
<Data>4ec4aa8e</Data>
<Data>c0000005</Data>
<Data>0000000000052fc6</Data>
<Data>630</Data>
<Data>01cdaaf6d390dbb4</Data>
<Data>C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe</Data>
<Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
<Data>1273f1d8-16ea-11e2-a29d-00155d011e08</Data>
</EventData>
< /Event>