Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

HTTP Header Rule ISA 2004

November 21, 2013, 2:30 am
$
0
0

i need to setup a rule to allow YouTube education to work. I need to do the following but am unsure how to get this to work

Add new HTTP header rule
Please modify your hardware filter or proxy server settings so that all outgoing traffic to youtube.com contains the following customised HTTP header. The ID to use in the HTTP header configuration, written below, is unique to your school's network only. If your school is blocked at the district level, this HTTP header is then unique to the district network.

thanks


Search

Allow NCSI traffic through Forefront

June 30, 2011, 8:58 am
$
0
0

Hi,

I have recently installed ForeFront TMG 2010.

I am very familar with ISA 2000-2006, and TMG in general.

WIndows vista and later clients indicate network and Internet Connectivity status with the NCSI icon in the system tray.  I can't seem to get this to work with TMG in the loop.  I have added a non-authenticated rule allowing access to the NCSI site (http://www.msftncsi.com/ncsi.txt) and, I can confirm that I can browse to here and see the text file, but I cant get NCSI on client machines to see the Internet - they all display "No Internet connection" (despite having access to the Internet :-) ). 

What do I need to do to fix this?

 

Thanks

Publish Internal Website with embedded Flash object

November 21, 2013, 7:25 pm
$
0
0

Hi all,

I have searched around for this, but cannot find a solution. Apologies if this has been asked previously, my search terms did not return anything useful.

We have some third party monitoring software that runs on an internal server.
It uses its own web server to publish a web interface on localhost:80
The site does not use SSL (and is not designed to be able to, unfortunately)

I have created an internal DNS alias to allow users to enter a single hostname which redirects to that site.
This all works fine internally, and users can log on without issues.

What I am looking to do is publish that site externally so we can access the monitoring from home if something goes wrong.
The site uses an embedded Adobe Flash object on the site, and I think that is what is causing problems when publishing the site.

My ideal solution would be:
An external user loads site - https://monitoring.domain.com
The ISA Server then prompts the user to authenticate using our Active Directory login.
Once authenticated, the user is then forwarded to the internal site - http://monitoring
We would like https on the external site to secure the AD authentication.

The issue is that the site uses Adobe Flash to display the internal site's login prompt.

I have been able to publish the site (currently without SSL, just to prove to myself that it is publishing correctly)
The site loads, but I get a white box where the login box should be, and then a message appears saying cannot connect to server.

The manufacturers of the software claim that we need open port 'x' on the ISA Server to allow the Flash feed traffic through.

My experience with ISA is limited to publishing websites, and I don't know how to open specific ports for only a specific site.

Sorry for the long-winded question, I was just trying to provide all the info I could

So, could anyone explain to me the process for publishing an internal HTTP site to an external https site using AD authentication as well as opening a port for this site only?

We are using ISA Server 2006

Unable to access youtube videos and Whatsapp on IPAD and android phone behind ISA TMG server.

November 22, 2013, 1:53 am
$
0
0

Hi,

I'm not able to access youtube videos and Whatsapp on IPAD and android phone behind ISAForefront  TMG server.

Please help us to create access rule on ISA TMG server to allow youtube videos and Whatsapp on IPAD and android phone .

Thanks in advance.

Viral.

Viral Rathod Blog : http://viralr.wordpress.com

Creating Rule to allow whatsapp on Forefront TMG

November 22, 2013, 2:59 am
$
0
0

How to create rule on ISA TMG to allow Android apps to access whatsapp and others apps available on Android phone.

Viral Rathod Blog : http://viralr.wordpress.com

Route VLANs through TMG

November 22, 2013, 4:49 am
$
0
0

Hi

What is the best way to route VLANs through TMG?

We are a school and are provided with a range of IP addresses by the local authority. The range we are provided with is 10.165.0.1-10.165.x.x. We have configured multiple VLANs to use 172.16.x.x on our HP switches to allow for future growth. Our current gateway is set to our core switch with an address of 10.165.0.2 and we would then like to point this core switch to our TMG server and then out to the internet. Can TMG be configured with an external and internal NIC on the 10.165.x.x range?

Is this actually possible and what would be the best way around this?

Thanks in advance.

Shane

Network Error (gateway_error)

November 22, 2013, 11:56 am
$
0
0

Hi

I am trying to publish a website through TMG. I get the below error, does anyone know how to resolve this?

<big>Network Error (gateway_error)</big> 

An error occurred attempting to communicate with an HTTP or SOCKS gateway.
The gateway may be temporarily unavailable, or there could be a network problem.

For assistance, contact your network support team.

Thanks

Shane

How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking

February 27, 2013, 7:41 pm
$
0
0
How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN  on my Internal CAS Server. However as the OWA page is published through Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first instance when it is opened from TMG.
Search

creating services configuration

February 13, 2012, 12:40 am
$
0
0

Hello,

We scheduled a maintenance moment to upgrade both our TMG and UAG servers to TMG SP2.

TMG SP2 arrived via Windows Update, so after snapshotting the VM I allowed Windows Update to install it.

After one and a half hour of waiting, the update still didn't budge. I killed the install, which led to an unusable TMG.

I reset the snapshot, downloaded the manual install and ran it from an elevated command prompt.

After 5 minutes, after most of the installation seemed complete, the bar got stuck at "creating services configuration" and didn't budge for a few hours.

I reverted to the snapshot again and tried with the administrator account which was originally used to install and configure TMG, but to no avail.

No errors are logged, the logfiles seem to indicate all is well.

I am looking for ways to get this done. Setting up a new machine just to get SP2 working seems like overkill in this situation.

Does anyone have any advice?

Yours truly,

Willem Goethals

Captive Portal For TMG

November 24, 2013, 7:30 am
$
0
0
any help to configure captive portal for tmg

TMG only gives 7 day reports, even when changing the periods.

November 13, 2013, 6:23 am
$
0
0

Hi,

I am having a problem with TMG2010, when I generate a User Activity and/or Site Activity report and change the report period to last 24 hours, last 30 days or last day, it still and only gives last 7 days.

Any idea why this could be happening?

Your help is much appreciated.

Thanks 

Applying SharePoint Theme - Error Code: 500 Internal Server Error

November 15, 2013, 4:02 am
$
0
0

Hi 

I have Published SharePoint through TMG 2010, every thing is working fine except for when i try and apply a theme ( on any Site)

the following web page error is instantly displayed

Technical Information (for support personnel)

  • Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

looking at the TMG logs the following is reported

Failed Connection Attempt HHTMG01 11/15/2013 11:50:38 AM 
Log type: Web Proxy (Reverse) 
Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.  
Rule: LIVE - External Sharpoint Access 
Source: External (IP ADDRESS) 
Destination: Local Host (Sharepoint server IP: 443) 
Request: GET http://remote****/_layouts/themeweb.aspx 
Filter information: Req ID: 0a7ef5c8; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes 
Protocol: https 
User: domain\farm account 
 Additional information 
Client agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x4000000 (Response includes the WWW-AUTHENTICATE header.)
Processing time: 16 MIME type 

any ideas?

Microsoft Outlook cause an error

November 15, 2013, 9:42 pm
$
0
0

Good day,

           I am using TMG 2010 with latest updates and rollups. I created a role for pop3, POP3S, SMTP, and SMTP3S from internal to external to all users. The policy was working fine but after few months I received the following errors,

Denied Connection SQ-TMG-2K8 11/16/2013 8:37:51 AM

Log type: Firewall service

Status: The policy rules do not allow the user request. 

Source: Internal (192.168.160.49:137)

Destination: Local Host (192.168.160.255:137)

Protocol: NetBios Name Service

 Additional information

Number of bytes sent: 0 Number of bytes received: 0

Processing time: 0ms Original Client IP: 192.168.160.49

Denied Connection SQ-TMG-2K8 11/16/2013 8:37:53 AM

Log type: Firewall service

Status: The policy rules do not allow the user request. 

Source: Internal (192.168.160.49:137)

Destination: Local Host (192.168.160.255:137)

Protocol: NetBios Name Service

 Additional information

Number of bytes sent: 0 Number of bytes received: 0

Processing time: 0ms Original Client IP: 192.168.160.49

Regards,

TMG reporter

November 18, 2013, 3:43 am
$
0
0

When I create report, I see the following information.

09:07:47
  09:27:16   
00:00:00
     myvideo.az
      757 MB

User was in internet 20 minutes and watched the video 750 Mb. But  As you see the browsing time is 00:00:00. Can you explane this?

Thank you in advance


TMG and UDP ports

November 19, 2013, 12:47 pm
$
0
0

Hi guys,

we are working with our SIP providers to set up VOIP through the TMG server. The requirements are to allow UDP ports 10k-60k from the SIP IP address to our internal VOIP server (trixbox). 

intially they had asked not to Limit 10k-60k instead allow all UDP ports be forwarded to the internal VOIP server. so i created the rule and put in the UDP port rangeof 0-65535, send receive.

Enabled the Rule, and as soon as the tmg server updated the configs, wspsrv.exe started consuming all memory.

Internet access died and had to reboot the server manually so that i could disable the Rule.

Next the SIP provider asked us to enable 10k-60k and not maximum UDP range. which i did, also provided 24GB memory to the server and see what happens. memory consumption increased from 15% to 22% and stopped there. Server seemed to be stable, but again internet access started to fail for users. Issues came up such as DNS error, connections randomly dropped.

we have again disabled the rule, and now building another machine so that i can test the same configs on another server and not affect production server.

any one has similar issues? any suggestions/solutions?

I see the issue 1 above where opening all UDP ports has been highlighted here.

http://social.technet.microsoft.com/Forums/forefront/en-US/79742f33-eca2-4507-95da-617fd9a5fcc2/wspsrvexe-taking-all-memory-and-crashes?forum=FTMGNext

Search

Connection to VPN Server through a firewall

November 10, 2013, 7:13 am
$
0
0

Hello,

I did establish a VPN connection to our corporate remote network, but i still have a problem.

When i connect through my home dsl connection, it connects without problems

But when i try to connect from office, where the network is protected by a firewall, i stuck in the verification of username/password as if the firewall is blocking some port used by VPN authentication which ends with message error 619

Here is what im talking about:

Tr. Verifying username and password

And here is the topology that im talking about:

I don't know if i have to update my access list in the router to allow VPN response authentication to enter or not..

Thanks in advance!

Regards!

Lotfi BOUCHERIT


VPN

November 7, 2013, 7:34 am
$
0
0

Hello,

I would like to know its possible to tell from which exact machine a VPN connection was initiated from and if its possible to only allow VPN from specific machines either by name or MAC address.

Thanks in advance

Meshack

Link translation in JSON data returned by an Ajax call through TMG

November 25, 2013, 9:31 am
$
0
0

Hi,

I am in a SP2010 context, behind ForeFront TMG to handle external access.

I have an Ajax call to a WebMethod in my code behind on Server1, which returns an URL to a second web service hosted on another server (Server2). All link translation rules are set, and if I hardcode the needed URL, say in a<a href="internal_name_of_server2"/>, it is successfully rewrited into the public-faced URL of Server2. But within the JSON data argument of the Ajax callback, the URL is returned as is, and I find myself with hyperlinks to the Server2 qualified name, even when accessing my SharePoint site from the outside.

The point is, the Ajax call is enforced to encode data with the gzip algorithm (as far as I can see in firebug, and I can't find any way to set it back to "none"...) and I'm asking myself if, maybe, TMG is unable to perform link translation rules within gzip-compressed data packets ? Is it a setting that I can set in my TMG server ?

Thx.

Seeing Usernames in Bandwidth Splitter

November 25, 2013, 8:51 pm
$
0
0

Hi guys,

We have TMG and Bandwidth Splitter in installed in the same PC. We would like to ask how can we get to see the Usernames of people not the name of their devices, on our network when in Monitoring under Bandwidth Splitter without using Proxy on their devices?

What firewall replaces ISA

May 1, 2012, 6:20 am
$
0
0
Sorry this is a simple question but what firewall did Microsoft replace ISA with, there are many different options in the ForeFront line. Thanks. 
Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>