Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

ForeFront TMG 2010 Error 12302 in SharePoint 2010 upload documento to a folder

$
0
0

Hi all,

    I've a problem when uploading a document to a document library. I've a SharePoint 2010 published with ForeFront TMG as Reverse Proxy with HTTPS. In my SharePoint I've a Document Library with one folder with an accent in it name (I'm from spain), I've Managed Metadata feature enabled in the site too. Then when I click "Add new document" the popup appears, then I select the document and the destination folder, when I push the ok button then an error 500 appears on the screen. This error becomes from Forefront TMG. In Forefront TMG logs I can see a Denied Connection with error code 12302 or 12202. The server denied the specified Uniform Resource Locator (URL).

    I'm not able to find the solution. Any idea?

Thanks!!


Exchange 2003 OWA/Activesync compatibility with TMG 2010?

$
0
0

Hello,

I need to put a ISA or TMG in a DMZ to publish a OWA, Activesync and Outlook anywhere. I have an Exchange Server 2003 and I would like if is compatible with TMG 2010 or I need to install a ISA 2006? Can you help me? I am looking for this information but I don't find anything clear.

Thank you very much,

TMG2010 seems to block random internal IP addresses. A tracert solves this.

$
0
0

All,

we have a very strange issue here. Our environment: We use TMG 2010 (latest SP and update rollups) on Server 2008 R2 (non-domain joined) as a simple firewall without any webproxy settings to protect our internal network against a datacenter network which hosts our SAP server. I disabled any flood mitigation settings and NIS. The network relationship is Route. Sporadically single IP addresses suddenly stops the connection to the SAP hosts. You cannot ping any of the hosts in the datacenter from this single IP address. Doing a tracert to one of the SAP hosts seems to release a kind of blocking state for this síngle IP address and after that everything works fine. We cannot reproduce this behaviour. The described blocking state doesn´t get released by itself, even for days.

I also configured the registry parameter as shown in http://support.microsoft.com/kb/2596065, no success. You cannot see any denied access things in the Logging.

Any kind of input is greatly appreciated.

Thanks

Volker


TMG VLAN Routing

$
0
0

HI

I am new to TMG and would like some advice.

We are having some VLAN's configured in a few weeks time and they would like to use the 172.16.x.x range for all vlans. Our current range of IP addresses is 10.165.0.1-10.165.7.255 which our servers and other devices are configured to use. We are a school so we need to use the 10.165.x.x range but would like to introduce the 172.16.x.x range to allow for expansion. We have been told this is possible and we will need to configure TMG to route between these different subnets.

Could someone advise if this is possible and give some advice on the best way to set TMG up? The server hosting TMG has two nics which we can use between subnets. Does TMG need to be external facing for this to work or can it be just an internal facing machine that routes traffic between internal subnets?

Thank you all in advance

Shane

migrate TMG sql database

$
0
0

I just deployed a forefront TMG server(using it as a reverse proxy for lync).  And noticed that it installed sql server 2008 on the server and created a db and is filling up the drive with sql db and log information.  is there a way to move this DB and log to our production sql infrastructure server?

and how do i clear the logs that this has already taken?

TMG 2010 :: SMTP/POP3

$
0
0
Hello,

I created a rule for mail:
allow
POP3
POP3S
SMTP
SMTPS
Internal -> External for all users

I don't get anything and sending

Help me ple
ase :)

TMG - Cannot change password with Google Chrome

$
0
0

We have an ssl website and are using ForeFront TMG for authentication.  Everything works fine except users cannot change their passwords if they are using Google Chrome.  After they enter their new password, they are directed back to the login screen (with no message).  Assuming that their password was sucessfully changed, they enter their new password, but it is rejected.  In reality the password was not changed.  Since we require new users to change their password on first login, we are getting a lot of emails from Chrome users, and currently our only solution is to ask them to use a different browser.

I have searched the web and found issues between TMG and Chrome, but only 1 post that had the same problem (and no answer was provided)

Any ideas? 

Certificates cannot longer be used in TMG - Incorrect Key Type

$
0
0

After TMG 2010 mysteriously failed to start firewall service I have identified that there are some firewall rules/web listeners possibly corrupted. I have fixed that and proceeded to troubleshoot and I have suspected problems with certificates. So I decided to create certificates from scratch and import them in TMG 2010 (as it has worked for number of years since ISA 2004).

I have followed the pretty much know procedure of requesting certificate from IIS server, installing it at IIS, exporting it with private key and importing it to TMG however I cannot link certificate to listener as TMG says it has Incorrect Key Type.

One thing indeed changed which is that we had reinstalled our PKI (Microsoft Windows 2008 R2). So basically keys that have been issued and imported to TMG (long ago) seem to be working fine. I however, cannot import the new one.

I have searched the Internet a lot but for no avail. The only particular thing I found is that TMG doesn't work well with CNG (version 3) certificates. I have looked into certificates quite well and found only significant difference between working ones and not working ones in the order of properties.

I don't think my CA is issuuing version 3 certificates but I am not 100% sure.

Any ideas how I can verify this or any idea what else could be wrong with the certificate so TMG cannot recognize it?

 

Many thanks.

 

Oggi


site to site VPN ISA 2006

$
0
0

Hello,

I have a site to site VPN connection setup. Both on Windows 2003 SP2 and both ISA 2006. Connections are fine on both end and I can ping from site to the other ONLY from the ISA machines to each other!! However, when i try to use a machine that is on the network to ping a machine in the other site, i get a "denied connection" error on the RECEIVING ISA VPN server log. This happens no matter which way i come from..HQ to remote and remote to HQ. What am i missing?

Access rules are in place

Network objects have been created and set with a "route" relationship...

Thanks,

EDIT: NOTE! I have noticed that while a connection is established one way, i am disconnected from the other... could this be the issue? Looking RRAS my "DoD" connection is connected on one machine, while at the other site it shows as "unreachable". When i try to connect it gives a generic error with no real value. Once the connection from the other side is "disconnected" I can then connect from the other site...

use one tmg as a proxy for another

$
0
0

Hi Everyone

I have been asked to link a TMG in another country to a TMG in the UK to share the UK internet connection. This is for Web Access (ISA) usage.

The idea is the users in the EU country will use the TMG in that country in their native language and have tighter controls but no direct access to the internet, this EU TMG then forward requests to the UK TMG Array which has the single access to the Internet.

I figured it would be a case of adding the UK TMG details in to the EU TMG for access to the internet. Just not quite sure how to go about it.

Any ideas? Many thanks for any advice.

Outlook 2010 cant geting emails through TMG SERVER

$
0
0

Dear All,

I have recently installed TMG server in my network after configuration basic rules outlook was unable to connect , We using SSL 993 PORT and smtp 465 port. Every thing are working fine except email there is no email server in my network.

Please advise or give some steps to allow ssl ports to ge email.

Thanks

kashif

Strange wireless AP problem

$
0
0

Dear all,

I have fftmg 2012 on win2k8 r2 box, edge firewall. Recently, I setup a wireless access point (Dlink DWL-2100AP, IP: 192.168.1.10) and link to local network. Purpose is to let staff using laptop to connect to local network via wifi signal [connection successful, got ip from dhcp(let say 192.168.1.107), able to login to domain and can browse internet). When doing the test, I found out that as long as there is one staff connected to network via wifi signal, there rest of the staff not able to connect anymore. When nobody connects via wifi, I can ping the wireless access point (192.168.1.10). When one staff connected via wifi(got ip from dhcp, let say 192.168.1.107), there is no ping reply from the wireless access point (192.168.1.10). Ping 192.168.1.107, got reply. Besides, I can’t view the configuration page in browser of that wireless access point (192.168.1.10). It seems like after one staff successfully connected to local network via wifi, the access point is merges with it. The wireless access point becomes transparent.



Appreciate for any help. Thanks guys!

TMG Blocks IE9, Allows IE8, Chrome, Firefox

$
0
0

My IE9 users can't post to Craigslist.  IE9 reports 403 error.  The TMG report shows the traffic on port 443 is blocked by the 'Blocked Web Destinations' rule.  However, there is a higher rule to Allow Specific Websites.  This rule works correctly for IE8, Firefox, and Chrome.  Why does it deny IE9?

.


Beware of unmoderated moderators in the Expression Web forums.

NLB event 105 and 106 in TMG Array

$
0
0

Hello,

We have a setup running consisting of 2 TMG 2010 machines in an Array. We use NLB Multicast.

We are hosting about 25 site to site vpns in this setup. Users behind these (site to site) vpns are expiriencing lag in their RDS session from time to time through these VPN's. Also sometimes the sessions are disconnected/reconnected.

I have seen that tcp checksum offloading was enabled on all interfaces, so I disabled this.

What I also notice are NLB event 105 and 106 numerous times in the time window when users are active.

105: NLB cluster []: Timer starvation has been detected. This might be due to a denial of service attack or a very high server load. During this period, some connections might fail. If this problem recurs frequently, analyze the threat and take appropriate measures and/or add more servers to the cluster. An informational event log entry will be logged when the attack has subsided.

106: NLB cluster []: Timer starvation has subsided.

I have found the following post regarding these events: http://sharepointblog.michaelrperry.com/2011/03/nlb-event-id-105-sharepoint-2007-and.html

Here the problems are resolved after disabling tcp checksum offloading on the virtual nics, just as what I have done. However, I still got the same errors.

Has somebody experienced the same issues and errors? I'm getting a bit stuck here and users are still complaining about latency and disconnected sessions.


Mac Outlook 2011 through TMG

$
0
0

Hi,

I have a physical TMG server running SP1 on 2008R2.  I am also  running Exchange 2007 SP3. Exchange has been published through TMG to allow external domain users connected with 3G to access their mail in Outlook.

This has been successful with cell phone, IPad, and Outlook users running Windows to access their mail perfectly.
We have recently added some MacBooks to the mix and for some unknown reason those external users cannot access their mail in Outlook. They are running Mac OS X 10.6 with Outlook 2011. They can only access mail in Safari with OWA.

Are there any ideas as to the MAC discrimination?

 

Tks,

Guy


Outlook 2007 unable to SEND emails but can receive emails with Foreftont TMG

$
0
0

I wish to ask even if i tried to look many many forums and question that have  been asked here it wont solve the problem...
Outlook works good receiving emails but sending emails does not work. I get on forefront TMG loggs an error and it looks like its blocking a specific port.
Does anyone know how to step by step fix this problem?

Thanks


MR

Error while accessing a website via TMG 2010

$
0
0

Hello,

We face the following error while users access a website via TMG 2010 as proxy server.

The details are :-

OS:-Windows server 2008 Standard R2 (Build 7601 SP1), TMG 2010 7.0.9193.5156.The error message is :-

Network Access Message: The page cannot be displayed  Explanation: The request timed out before the page could be retrieved.

Try the following:

Refresh page: Search for the page again by clicking the Refresh button. The timeout may have occurred due to Internet congestion.

Check spelling: Check that you typed the Web page address correctly. The address may have been mistyped.

Contact website: You may want to contact the website administrator to make sure the Web page still exists. You can do this by using the e-mail address or phone number listed on the website home page.

If you are still not able to view the requested page, try contacting your administrator or Helpdesk.

 

 Technical Information (for support personnel)

Error Code 10060: Connection timeout

Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.

Date: 10/24/2012 10:59:52 AM [GMT]

Server:

Source: Firewall

We are able to access the particular website by other connections.

Any help will be greatly appreciated.

Regards

Ajit


Regards, Ajit

i need to enable VPN access to my company in the following scenario

$
0
0

i have a TMG server with three network interface cards, and have a Netgear device to merge two ISPs bandwidth so the internal network is taking ips from the domain sub-net and the second interface card is the external card which is taking IP address from the sub-net of the internal card of Netgear device.

the third NIC name is DMZ and it's taking public ip address and plugged directly to the ISP router.

so what should i do to enable VPN access through the third network interface card.

Thanks,

How can I export and restore from/to TMG 2010 SE configurations and web listeners?

$
0
0

Hi all,

I am running TMG 2010 Standard Edition in Edge mode on a vsphere virtual machine running WIndows 2008 R2 Standard Edition. Sometimes the server's nics become unresponsive and I need to reboot the vm to restore funcionality. I have read on another post that TMG2010 has issues on vms running R2 so I've set up another box with Windows 2008 SE and named the machine with a different netbios name .I have exported from the first TMG vm the two certificates (CA and SSL ) along with the private keys and imported them into the new one. The certificates chain appears correctly if I make a dry run of a new ssl web listener. When I try to import the configuration xml fron the first installation everything works fine: rules are there, ssl web listener shows the correct certificate selection. As I click on Apply I receive ther following  error: 

SSL is enabled for the ssl listener Web Listener. You must specify a certificate to use for SSL authentication. The changes cannot be applied.
The error occurred on object 'ssl listener' of class 'Web Listener' in the scope of array 'proxy1'.

The imported listener needs to be selected and the correct certificate needs to be choosen, at least the first time but the error keeps on preventing me to import the settings.

I have far too many publishing rules so I would avoid recreating them individually.

What do you think is blocking me from importing the settings? Could it be the different netbios name  or the different Ips?

Any help is greatly appreciated.

Cheers,

C.A.

Can I use multiple network cards to support separate https web listeners

$
0
0

I have been trying to setup Exchange 2010 to use OWA via a HTTPs web listener on TMG. Fought certificates for a while until I dummied down my web cert to a 2003 cert (apparently TMG 2010 still doesn't support 2008 certs). Anyway, I would like to avoid changing anything in my current Exchange 2007 OWA setup (it works). I have two TMG servers in a chain - Internal>TMG>DMZ>TMG>Internet. I added a dual-port network card to both servers, configured one port on the external facing TMG to an external IP address and one port to an IP address on the DMZ network and, configured one port on the DMZ facing TMG to a DMZ IP address. I created HTTPS Web Listeners for the two new IP addresses and then created OWA publishing rules to point to the Exchange 2010 server via the External web listener and the DMZ web listener. The OWA publishing rule on the internal TMG indicates it is working but the OWA publishing rule on the external TMG fails with an error indicating that the web listener is using an invalid IP address on this server. Do I need to create an additional "network" for the additional external address? Is using multiple network cards not the best approach?

Thanks in advance

Eric


eburch@lasertel.com

Viewing all 3822 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>