Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG 2010 suddenly stopped working

June 3, 2014, 3:58 am
$
0
0

Hello,

We recently had a power cut and the servers went down.  We have had this before and bringing them up in the correct order normally resolves any issues.

We have the following config

SBS2011 hosting all email and file storage

Server 2008 R2 purely as a TMG single nic configuration (this is in the DMZ on the router)

Server 2008 R2 purely as a web server

The TMG seems to be the issue here and I cannot find/understand where the issue is.  I have 2 web forwarders using a listener on port 80, they work without issue.

I have published OWA and Outlook Anywhere and it is with these and any email functionality externally.

If I test the OWA rule it connects and verifies OK and if I go directly to the SBS2011 server /OWA I get the outlook web view.  Even testing with the remote web workspace works as long as I go directly to the SBS2011.

If I try externally there is a 404 error displayed, no attempt at the authentication, there is also a failure for any attempt to request any synchronisation of mail.

I have tried using the logging in TMC but it doesn't show any attempts, that I can see, to access the OWA.

This has all been working fine for 2 years and has suddenly stopped.

I have been looking online but there is nothing that is related to my issue.

TMG is at the latest service pack SP2.

Any help/guidance appreciated.

Thanks

Marc

Search

Can't use Cisco vpn client to connect through TMG 2010

June 4, 2014, 11:45 am
$
0
0

We have problem with TMG and CISCO VPN Client version 5. I do not see any error in TMG server but the client does not want to connect

Thanks

How do I determine if I am using SSLv2?

June 4, 2014, 12:26 pm
$
0
0

We had an external penetration test for our TMG server. It detected that the TMG allowed the use of SSLv2. I believe this is a pretty common occurence with the TMG based on this site:

http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html

Before I go through the exercise of disabling SSLv2, I would like to know if I have any clients using SSLv2 against any of our hosted sites. If I knew which devices and rules they were hitting, it would give me something I could test after disabling SSLv2 to make sure those devices still work with higher encryption.

Thank you.

Connecting to Office365 (Outlook, Lync client etc) via on premise TMG web proxy

June 5, 2014, 2:00 am
$
0
0

Hi

I am looking for the best way for creating a rule on TMG for bypassing our on-premise TMG proxy server for any Office 365 URL's or IP's. Since migrating users to Office 365 many are complaining about Outlook clients being slow/unresponsive. Lync client taking a long time to sign in, OWA taking a long time to log in etc.

According to MS there is a very long list of Office365 IP ranges and URL's that are recommended not to be accessed via a proxy.

http://onlinehelp.microsoft.com/office365-enterprises/hh373144.aspx

List of Lync URL's that need to bypass TMG

http://support.microsoft.com/kb/2409256

We have looked at adding these to the proxy exception list on the browser for each user but even if it is pushed out via Group Policy it doesn't seem practical. Can this list of URL's and IP's be added as a bypass rule on the TMG servers themselves?

Appreciate any advice on this....

Grove08

Successor for TMG and ISA Server

June 5, 2014, 6:17 am
$
0
0

Hi all,

I am planning to buy Forefront TMG 2010. But from the online websites, it is saying that Microsoft has stopped selling Forefront TMG and also by April 2015 will stop support.

Is there any other solution which I can buy/procure for my organization and implement. It would be really helpfull if someone could guide me in this.

Thanks in advance.

Regards,

Thomas Panicker

Google Remote Desktop - Forefront TMG

June 5, 2014, 8:41 am
$
0
0

Hello!

I am wondering if anyone knows how to configure Forefront TMG to be able to use Google Remote Protocol from outside of our network. If i connect form tablet to PC  both inside same network it works, but if pc is behinf forefornt and tablet is connected to some other network (my home,...) i can not connect to my PC.

Does anyone use Chrome Remote Desktop and knows that?

Limit Web Access For Some Users At Certain Times

June 5, 2014, 10:53 am
$
0
0
We need to limit internet access (HTTP and HTTPS) for some users except at certain times of the day. We created a web access rule to deny access only for those users. The problem is that access is denied for ALL users whenever the rule is enabled, so the rule is working, but it isn't limited to the specified users. It doesn't seem to matter how the scheduling option is configured. Any suggestions would be appreciated.

TMG 2010 Problem

June 7, 2014, 7:08 am
$
0
0

HI

i have tmg 2010 in my network and i have a problem with it

my tmg has 2 interfaces Internal and External

when i set the dns on Internal interface clients have problem to load some of Internet URLs and when i set the dns on External clients does not have any problem

so many of documents emphasize that for best performance do not set the dns on external and set it on internal

can anybody help to fix this????

thanks for helping

alfONso

Search

TMG 2010 SP2 Alternate EMS Console displays Error Configuration Status for the TMG Servers but they are correctly Synchronized.

May 22, 2014, 2:20 pm
$
0
0

Hi, I'm having an issue in my TMG Alternate EMS console. I currently have 3 TMG Servers in an Array, and a primary and alternate EMS Servers.

From every other TMG Management Console you can connect to both EMS Servers and the Configuration Status Show Synced, Updating, Not Synced, etc. but on the TMG Console of the Alternate EMS Server it only shows Error "Forefront TMG Management cannot establish a connection with the Forefront TMG Computers" and this is shown on the 3 server status.

I also tried connecting from this console to the primary EMS server and the same error is displayed. So I'm pretty sure it is only a problem with this console. From the primary EMS or any TMG node I connect to the alternate EMS and everything shows Synced.

I've tried repairing the TMG installation from the DVD but it didn't work, what's left is to reinstall the whole TMG EMS again, but I was hoping not to go there, have anyone experienced this before?

I have all the TMG servers updated with latest update roll up.

Any ideas are appreciated, if not, then I'll guess I'll try reinstalling the TMG.

Thanks.

 

Eduardo Rojas

How to craete a Private proxy server

June 9, 2014, 5:28 am
$
0
0

I've Windows Server 2008 R2 Web as well as R2 Standard.

I just only want to share my server's internet so if any of my employee tries to access anything over internet it should got via my dedicated server ip address. I don't want to use VPN as it might share things other then the internet. I want to create particular credentials for each of my employees

Thanks

I have a problem with the reporting services

May 21, 2014, 6:30 am
$
0
0
I had a problem with my OS and I had to remove the SQL instance ISARS. Then I installed a new instance and renamed it ISARS. The problem is that I Can't make it the reporting server for the TMG as it was. And now I'm receiving this error Constantly

Reporting Services configuration failure
SQL Server Reporting Services could not be configured for Forefront TMG. Restarting the Microsoft Forefront TMG Job Scheduler service may resolve this issue. Reporting Services error information: Unable to connect to the remote server

The failure is due to error: This operation returned because the timeout period expired.


Finally i would ask for how to get TMG generating reports when the log option is SQL database instead of log files (The Default Option).

Thanks

tmg as transparent proxy and 2 nic's: routing problem

June 10, 2014, 6:47 am
$
0
0
Good morning,
I have routing problem with two nic's on TMG.


mobility wifi
subnet -------MOB ROUTER----TMG-----LAN router----FW----INTERNET
10.176.212.0


I want to use TMG as transparent web proxy without authentication to access to some internal resources (without NAT) and to internet (with NAT).
Since there is a router between TMG and mobility subnet there is a static route on TMG configuration for mobility subnet.
About Windows configuration (on the host where TMG runs) I configured the gateway only on nic facing to LAN/INTERNET.
The problem is that some packets (and not ALL but only SOME) sent to mobility devices are sent back from TMG to LAN router and then:
- if the packet is internal (without NAT) it reach the TTL=0, between LAN router and TMG, and expires
- if the packet is external (natted) the tmg replaces the natted ip with the original, send it to LAN router, the lan router send again it back to TMG and then the TMG discardes it because there is no SYN state with this ip in his stateful table.

I have no idea on how to solve it.
Thanks
Fabio

Block TOR from TMG

June 10, 2014, 8:33 am
$
0
0
I would like to block the TOR network on our TMG 2010.   Is there away to do this?   Thank you

Redirect incoming petitions

June 10, 2014, 10:09 am
$
0
0

This is my first question in this forum so I'll try to explain myself in the best way possible (this is not my languaje). Im not sure if this is the category in wich I had to put this question but... here I come.

Here's my situation:

I have a website with a domain "mydomain.gov.do" and is up and running great. I have my web server published on the TMG and all settings applied. But now I have to move from "mydomain.gov.do" to "mydomain.gob.do".

Problems:

1.- I have my webmail services under "mydomain.gov.do"... How do I change everything without losing it all.

2.- what are the things I need to do in the TMG to make it happen.

3.- At first, I can't change everything to "mydomain.gob.do" because I need to make some paperwork inside the office, so I need to redirect all incoming petitions to "mydomain.gob.do" to "mydomain.gov.do" while I make the paperwork.

Too messy?

TMG firewall service & RRAS service issue

June 10, 2014, 10:49 am
$
0
0

Hi,

I have single TMG 2010 in our network. Exchange 2010 is behind the TMG. OWA & Activesync are published through TMG. sometimes OWA/Activesync devices are unable to connect to the server. however internal PCs can access internet. and email send/receive is ok. when i restart firewall service then owa/activesync devices are able to make connection with server. after 7-8 hours this problem re-occur.

same is the case with VPN clients. i setup TMG as VPN server. dhcp pool is defined. sometime vpn clients are able to connect with TMG but no access to internal network. however internal clients can access internet through TMG. when i restart firewall service then vpn clients can access internal network.

Is there routing and remote access service issue? event viewer tells traffic deny due to number of concurrent connections per minute. these connections are from internal and external both networks. is there any issue with syn attack? if this then how to mitigate, although i have set tcp connections limit to 160 etc.

please give solutions.


Search

Error Code:1000 WSPSRV.exe not running

May 8, 2014, 9:40 pm
$
0
0
Log Name:      Application
Source:        Application Error
Date:          5/9/2014 8:52:02 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      MalirCourt
Description:
Faulting application name: wspsrv.exe, version: 7.0.9193.500, time stamp: 0x4e75ffd3
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000052f86
Faulting process id: 0x12f0
Faulting application start time: 0x01cf6b3a087291cd
Faulting application path: C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 47373020-d72d-11e3-9b6b-000a5e5387ca
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-05-09T03:52:02.000000000Z" />
    <EventRecordID>31641</EventRecordID>
    <Channel>Application</Channel>
    <Computer>MalirCourt</Computer>
    <Security />
  </System>
  <EventData>
    <Data>wspsrv.exe</Data>
    <Data>7.0.9193.500</Data>
    <Data>4e75ffd3</Data>
    <Data>ntdll.dll</Data>
    <Data>6.1.7601.18247</Data>
    <Data>521eaf24</Data>
    <Data>c0000005</Data>
    <Data>0000000000052f86</Data>
    <Data>12f0</Data>
    <Data>01cf6b3a087291cd</Data>
    <Data>C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe</Data>
    <Data>C:\Windows\SYSTEM32\ntdll.dll</Data>
    <Data>47373020-d72d-11e3-9b6b-000a5e5387ca</Data>
  </EventData>
</Event>

electrifying

How to configure two private IP in two NIC card in ISA server

June 10, 2014, 2:57 am
$
0
0

Is it possible to configure two private IP in two NIC card in isa server, is internet will work or not

Example: one NIC card assigned with 10.10.10.1 and another one assigned with 192.168.1.1

Please suggest me.

VNC not working in All Authenticated mode of User

May 29, 2014, 2:34 am
$
0
0

Hello,

I have TMG installed in my environment through which user access filtered internet. A rule in which i have enabled URL filtration is in Authenticated mode of user and proxy address is also added in all internet explorer of user. when ever user try to VNC a computer it says "connection timed out" and when i add " all user" instead of Authenticated mode in TMG rule. its is able to connect.

NIS Signature Updates

October 30, 2013, 2:05 am
$
0
0

Hello,

I recognized in the NIS section of the TMG, that the last signature Update for the Network Inspection System was provided on 27th of November 2012 (Version 17.36). Anyhow the Update section tells me the signatures are up to date.

Is there a reason that no new NIS signatures are provided by Microsoft?

blank reports in tmg 2010

June 12, 2014, 9:20 am
$
0
0

hello

i did all the upgrade (service packs and rollups) for the TMG , my version is  7.0.9193.601  so i would like to know why do reports are blank?

win 2008 R2

MSSQL  2008

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>