Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

Forefront TMG dropping connections

July 30, 2013, 2:09 am
$
0
0

I have a strange and intermittent problem. I use Forefront TMG 2010 to publish Exchange 2010 (using separate rules for webmail, Active Sync, and Outlook anywhere + autodiscover. Normally this works correctly but we have instances where traffic is being dropped by TMG, but at the very same time, traffic from other networks into the same TMG are working correctly.

So I get a complaint from one user located somewhere that whenever he tries to reach the webmail URL he gets " internet explorer cannot display the page", whilst at the very same time, I am able to access OWA from my home, when using my phone and even from the office. Now if troubleshooting the issue, and using TMG's log I can see that from the IP address at which the complaining users is at, packets are being dropped with messages similar to :

0x80074e21 FWX_E_ABORTIVE_SHUTDOWN

Whilst at the very same time, people from other locations have no problems whatsoever to reach the very same published website. The only fix is to restart the Microsoft Forefront firewall, after the recycle of this service connectivity is restored for the complaining user.

Search

SQL Reporting services publishing through ISA

February 14, 2014, 7:55 am
$
0
0

Hello colleagues.

I have SQL 2012 Reporting Services. Into internal network when I in internet explorer go to https://reports2.domain.ru/reports - all fine. I publishing reports2.domain.ru to External via ISA 2006. Sharepoint don't used.

From Internet I go to https://reports2.domain.ru/reports, in ISA authentication window I input my login and password andsee an error: "Error code: 500 Internal Server Error. The target principal name is incorrect."

I see similar questions on technet, but I don't find solve of my problem.

Please somebody help me!!

HTTP/1.1 301 Moved Permanently requests not making back to internal clients when accessing certain external websites.

February 17, 2014, 11:19 am
$
0
0

It appears that whenever internal clients attempt to access websites that employ 301 redirects those sites fail with either a Error Code 64 or 10060 time out. It came to my attention based on site used for teaching russian where they listen to audio files in the form of mp3s from a George Washington University site. I can get all the way to the listing of various audio tracks but when I click on the link to the mp3's I get an error code 64 from TMG. I can access these same files from an outside connection via a secondary ISP. The site is here: http://www2.gwu.edu/~slavic/golosa/audio/audio2-4e.htm

Once on that page you can click on the audio file listings by number.

I found a previous thread from 2012 about this here: http://social.technet.microsoft.com/Forums/forefront/en-US/34fe6e69-d960-4df4-a0d8-857d038c10f2/http-301-permanent-redirects-do-not-forwarded-to-internal-clients?forum=Forefrontedgegeneral

One of the answers was that the site was sending poorly formed response headers which was why it was failing. That answer pointed to trying to access http://microsoft.com from behind TMG and how that worked. I can't access http://microsoft.com from behind my TMG either. It gives me a 10060 timeout message but from outside our network I get the 301 redirect fine and microsoft.com comes up properly

Any help would be greatly appreciated.

-Ryan

Trouble with SignalR implementation in TMG environment

February 18, 2014, 1:27 am
$
0
0

I'm trying to run a Silverlight-application, which makes calls to a nested webapplication in which I have implemented Microsoft's SignalR Hub. The Silverlight-application has a SignalR Client, which tries to connect with the Hub over https at startup.

In the webapplication that hosts the Silerlight-XAP-file, a request is made to the SignalR hub to negotiate the transport protocol. This request fails, a 302 status code is the response and ForeFront Manager shows that FBA-Cookie exists="no"
The request being made is to the route URL .../HubWeb/signalr/negotiate?..... 

A request to any other file in this same "HubWeb" webapplication responds with 200 and the FBA-Cookie does exist.
Also the call to /Hub/signalr/hubs shows the Javascript-file the SignalR-hub renders, as expected.

What could the reason for this particular request to fail and lose it's FBA-Cookie?

If any more info could help, I'd be glad to supply it.


Thanks in advance for your advice

live web tv streaming issue on TMG Server 2010

February 18, 2014, 2:57 am
$
0
0
i have TMG Server 2010 and allowed all outbound to External butI have no issue accessing to most of the streaming website such as youtube, i have issue only Live TV websit exemple.http://live.geo.tv/live.aspx  are not working. help. Thanks.

Anwar Shah

Error details: 64 - The specified network name is no longer available.

October 16, 2013, 12:12 am
$
0
0

Dear All,

i have a tmg server 2010 sp2 used to publish our lync server serveries,suddenly it stopped working .

if  run  test rule i received the following error 

Time reported by the Microsoft Forefront TMG Firewall Service: 0.010 seconds

Testing https://lync.xxxxxxxx:4443/

Category: Connectivity error Error details: 64 - The specified network name is no longer available.

Action: Go to http://go.microsoft.com/fwlink/?LinkId=115965

also from logging 

Failed Connection Attempt

Log type:Web Proxy (Reverse)

Status: 64 The specified network name is no longer available.

Source: Local Host (Connectivity Test) (x.x.x.x:10322)

Destination:x.x.x.x:4443

Request:GET https://lync.x.x.x.:4443/

Filter information:

Protocol:http



I tried to install new windows   but same error.

im not sure if this issue from the tmg or the front end server .I checked the event viewer and log  but there are  not errors.


TMG Web listener - Custom Authentication

February 13, 2014, 11:46 pm
$
0
0

We are using TMG as a reverse proxy. We want to use custom authentication (out of band SMS or email) to authenticate users. We intend to achieve this by directing the user to a custom web app which handles authentication.

From what I understand TMG supports authentication integration with AD, SecurID etc. Does it also support authentication from a custom web application. What are the possible ways this can be achieved?

Applying Updates and Service Packs

February 18, 2014, 4:02 am
$
0
0

Hello Everyone,

I've installed TMG 2010 RTM(Version: 7.0.7734.100 ), the problem is that have downloaded all updates and service packs from this site but none of them goes through. what could be the problem.

Meshack


Search

VPN Tunnel and DNS forwarder problems

February 18, 2014, 3:01 am
$
0
0

Hello, 

i am having odd behavior that i haven't experienced before.

we are using windows server 2012 as a  domain server, and 2003 with ISA 2006 for VPN tunnel to remote site

under dns preferences i have created a forwarders for remote site dns 

however looks like traffic send to vpn dns goes somewhere else

if i assign a random machine with only a remote vpn site dns, it works 

Also if i flush dns machine connected to our isa gateway is still able to resolve external ip addresses, like google etc...

Thanks for any hints to resolve this issue.

Better reporting in TMG

February 16, 2014, 9:46 pm
$
0
0

Hi Guys,

I have to have reports of users' internet usage for 1 year in TMG. TMG's reporting system just keep reports for 3 months. is there any way to extend this period of time?

Thanks and regards,

Bahman Abbasi

How to create rule for single IP for Single Site.

February 5, 2014, 3:02 am
$
0
0

Hi All,

We need to create a Rule with Following requirement in ISA 2006.

Allow a single or two sites for a single IP and everything should be block, I tried following method with little success.

Create Deny rule with the following condition. 
Type:- Deny, Protocol:- all outbound, Source:- User's Computer IP , Destination:- External . But Added the URL Set and domain set to be allowed on the exception tab; Users:- All users (Don not have AD).

With above rule everything gets blocked and allowed site is opening with less option. Like the login window is not coming but site is opening, it is not displaying some images etc..

Any help is much appreciated.

Thanks

Mukesh Bisht

About TMG

February 18, 2014, 12:50 pm
$
0
0

TMG 2010

are SurfCop work with TMG 2010
 or not
if work please Tell me how 
and What's the Ver. work

TMG Site to Site VPN

September 19, 2012, 7:22 pm
$
0
0

So I have a site to site VPN connected between a router and the TMG 2010 server

The problem I am having is that the traffic is not being routed by TMG

When it hits the TMG server it goes no where

From what i can tell all the right routing is in place for the server, TMG automatically created it when i set up the VPN

Any suggestion what could be blocking it?

I am running on Server 2008 r2 enterprise

vpn site

February 18, 2014, 1:08 pm
$
0
0
hello , sir
please help me for the problem tmg
i have two tmg(tmg1-tmg2) and setup vpn site to site 
i can view from tmg1 all users in tmg2 and 
i can view from tmg2 all users in tmg1 but
i can't view cilent tmg1 to client tmg2 
notes:
i make role nat in router and tmg internal to tmg1 and make role nat in router and tmg2
i need now view and ping client tmg1 to client tmg2 please find solution .

TMG Management Console Script Error

April 8, 2011, 1:12 am
$
0
0

Hello

I am receiving a script error when I am trying to access the TMG Management Console. I have uploaded a screenshot of the error message here:http://imageupload.org/?d=4D9EC4081

I hope it works :)

OS: 2008 R2 SP1

TMG Standard 2010 SP1

Virtual server on Citrix XenServer 5.6

Search

getting error while launching online virtual lab for hands on exchange 2010

February 18, 2014, 1:43 pm
$
0
0

Hi,

I am trying to launch the virtual lab for hands on on exchange 2010 from below link:

https://vlabs.holsystems.com/vlabs/techneteng=VLabs&auth=none&src=microsoft.holsystems.com&altadd=true&labid=9830

however, I am getting below error while downloading holLaunchPadOnline.

ERROR DETAILS
Following errors were detected during this operation.
* [19-02-2014 03:05:58] System.Deployment.Application.InvalidDeploymentException (Zone)
- Deployment and application do not have matching security zones.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.DownloadManager.DownloadApplicationManifest(AssemblyManifest deploymentManifest, String targetDir, Uri deploymentUri, IDownloadNotification notification, DownloadOptions options, Uri& appSourceUri, String& appManifestPath)
at System.Deployment.Application.DownloadManager.DownloadApplicationManifest(AssemblyManifest deploymentManifest, String targetDir, Uri deploymentUri, Uri& appSourceUri, String& appManifestPath)
at System.Deployment.Application.ApplicationActivator.DownloadApplication(SubscriptionState subState, ActivationDescription actDesc, Int64 transactionId, TempDirectory& downloadTemp)
at System.Deployment.Application.ApplicationActivator.InstallApplication(SubscriptionState& subState, ActivationDescription actDesc)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)

Can anybody check and suggest what can be the issue. Is there anything I am missing as a prerequites?

Thanks.

Strange Issue...

February 15, 2014, 3:38 pm
$
0
0

Hi Folks;

I could use a hand with a strange issue I've encountered.

Recently we built a new TMG 2010 VM from scratch (Edge w/2 WAN NICS & 1 LAN). This all works well.

The problem I'm having is with adding another network. In the past, we used TMG 2010 with a separate NIC that went to an open wireless access point. So we created a new network for that and restricted it's access to the WAN only (Internet). This served to separate all traffic from that access point from the internal network. So we had this working well before and it was secure (at least, with respect to the internal network).

Now, this is not working with the new TMG install :(

We created the virtual NIC on the TMG virtual machine, we then created a new network in TMG, as well as a NAT rule to the External network (the WAN). Problem is, it doesn't work.

But the real issue that's preventing me from troubleshooting and repairing this issue is that the TMG 2010 real-time logs show NO results for this new network. If I go on that network and start creating traffic I see NOTHING in the logs on TMG. I've even opened up the logs to show everything and still see nothing from that network. 

Nothing has changed on the configuration of the access point and the TMG 2010 NIC that's it's pointing to has the same addressing as with the previous TMG 2010 install. It should work, at least to the extent that I see results in the TMG logs.

What have I forgotten? If I can get to the point where I see traffic in the logs I can create rules as required etc but without log information.....

We stopped receiving event about lockout users after we installed rollup 4 for tmg with sp2

December 6, 2013, 2:29 am
$
0
0

We have implemented Account Lockout Feature in TMG 2010 (http://www.ntsystems.it/post/ActiveSync-ForeFront-TMG-and-AccountLockoutThreshold.aspx). We configured alert definition to send alert when problem occure. After we installed rollup 4 we stopped receiving  event about this probloem ("The limit of consecutive logon failures has been reached...."). How can we resolve this problem? We have implented a script which send this information automatically to user with problem. This is very important for us.

Event description:

Source: Microsoft Forefront TMG Web 
Event ID: 32581
Level: Error
Text: limit for consecutive logon failures has been reached. Additional logon attempts by domain.local\user.name will be automatically rejected for the next 300 seconds


Subnet change and now limited VPN

February 18, 2014, 3:53 pm
$
0
0

I had the subnet for our internal network at 255.255.255.0 and now we are moving to 255.255.254.0

The old range we used was 192.168.1.1 - 192.168.1.254

The new range is 192.168.0.1-192.168.1.254

I updated the internal network on Forefront and now the 192.168.0.x computers can get on the internet no problem. When I connect into the VPN and get a 192.168.1.x address I can connect to any other computer on 192.168.1.x but nothing on 192.168.0.x

If I give myself an ip of 192.168.0.x then I can see 192.168.0.x computers but no 192.168.1.x

Does anyone know what I am missing?

Thanks so much

Threat Management Gateway will not finish installing SP2 RU3 update

February 6, 2014, 12:39 pm
$
0
0

I have now tried on 2 different occasions to update our TMG 2010 Enterprise SP2 standalone server setup from SP2 to SP2 RU3

This update gets right up to what seems like the last step of its upgrade, the status reads "creating the services configuration…" and sits there for ages. I waited for over an hour and kept checking the task manager to see if there was any activity and there was next to nothing.

I need to be able to update our server to this update as it applies a fix to an issue where we are unable to establish PPTP VPN connections to external servers.http://support.microsoft.com/kb/2780562

Has anybody else seen this type of issue? the second time I tried this update I have run the msp installation from a administrative command prompt window to see if that was the issue the first time around but it didn't help.

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>