While working on the configuration of my TMG Server I observed inconsistent behavior and slow system performance. After a quick investigation I noticed a number of log entries after a system reboot in the Event Log.
The entries came from MSSQL$MSFW with Event IDs 17204 and 17207. Additionally I noticed that the Default Log Queue location of TMG (C:\Program Files\Microsoft Threat Management Gateway\Logs) was filled up with more then 650.000 files consuming 14 GBytes of system disk space.
Root Cause
The problem is that for some reason one or more databases had become corrupt and prevented SQL Server from correctly starting up and processing log entries from TMG. Therefore Forefront TMG falls back to its Log Queue.
Since the issue was already going on for some time in my case, I could not establish the root cause that caused the Database files to corrupt in the first place. But I do recall a BSOD from some time ago on the host OS due to a driver issue. That probably caused the issue.
Remove Corrupt Databases
I found a solution on the Microsoft Forums that describes how to remove the corrupt databases from Microsoft SQL Server in order to get SQL Server back in business.
- Start an command prompt and connect to the SQL Server database with the SQL Server Command Line Tool: OSQL -S %TMGComputerName%\msfw -E
- Delete each corrupt database with the following command: DROP DATABASE %DATABSENAME%
- Execute the commands by entering the command GO.
- Restart the SQL Server service for the SQL Server Instance msfw.
- Verify in the Event Log that no new corrupt databases are logged, if so repeat steps 1 to 4 until no events 117204 and 11207 are logged.
Log Queue
Once the SQL Server becomes available, the Log Queue should start processing again and write all queued up entries to the SQL Database. This can be monitored from the Management Console.
In my case it took a couple of hours due to the size.