Quantcast
Viewing all 3822 articles
Browse latest View live

TMG New Web Listener Definition Wizard, "Select Certificate" button locks up TMG

September 8, 2011, 1:33 pm
$
0
0

I have TMG 2010 SP1 with the most recent updates installed and I'm trying to publish OWA. When I go to define a web listener, I get to the point where I select the SSL Certificate, and when either "use a single certificate" or "assign a certificate for each IP" is selected, clicking Select Certificate... locks up the interface completely. I have to kill the interface and start again.

Has anyone else experienced these issues? I've tried reinstalling TMG and reverting back to previous version (TMG 2010 with no SP). I have also tried clearing-out my computer's personal certificates and trying again, thinking it's a corrupt cert.

Any help would be greatly appreciated

Search

Dumb Question - Traceroute through TMG

November 14, 2011, 11:40 pm
$
0
0

Hi Folks;

For a long time now something about my TMG 2010 install has bugged me - whenever I do a traceroute the firewall never shows up in the list - ie;

C:\>tracert ibm.com

Tracing route to ibm.com [129.42.38.1]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2    24 ms    11 ms    28 ms  x.x.x
  3    25 ms    12 ms    10 ms  x.x.x
  4    15 ms    16 ms    26 ms  x.x.x
  5    20 ms    19 ms    36 ms  x.x.x
  6    29 ms    36 ms    31 ms  x.x.x

So, the first hop should be my firewall but it never shows up.

As a guess, I created a rule for ICMP from internal to all networks (and local host) but that didn't fix it.

It's not a big deal but it would be nice if the first hop (the tmg 2010 machine) actually showed up.

This is the log file showing all denied requests from that traceroute machine;

UDP 60133 Firewall   192.168.1.1 0xc0040050 FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESTINED 239.255.255.250
ICMP 2048 Firewall   192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection
ICMP 2048 Firewall   192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection
ICMP 2048 Firewall   192.168.1.1 0xc004005a FWX_E_TCPIP_DROP_IP_HOP_LIMIT_EXCEEDED 129.42.38.1 External 0 PING Denied Connection

isa 2006 standard, going crazy with "Enforce Strict RPC compliance"

July 10, 2014, 4:54 am
$
0
0

Hello,

I am trying to join a W2k8 R2 machine to a domain. If it is in the same network as the domain controller, no problem whatosever. If instead, there is a ISA Server (2006, Standar), issues arise.

Even if I create a rule allowing all the traffic back and forth from the perimeter to the lan, the message still appears.

This is the message:

"Changing primary domain dns name "" failed. The name will remain "newdomain.org" . The specified server cannot perform the requested operation.

The domain controller and the client are both W2k8 R2 64 bits.

Very important:

I can attach a 2008 Windows server as long as it is 32bits, but not a R2 (x64).

Thanks in advance!

Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)



WPAD help - copying from one server to another

August 11, 2014, 1:46 am
$
0
0

Hey guys, I've built a new TMG array as we are migrating away from 2 independent ISA servers.

Currently the WPAD.DAT file resides on the ISA servers. I have copied it and placed it on the new TMG array. The WPAD file is quite large with many entries. The only part of the file I changed is the below:

From

this[0]=new Node("ISAPROX",2843172549,1.000000);

to

this[0]=new Node("TMGPROXNLB",2843172549,1.000000);

I point my workstation to http:\\TMGPROXNLB\wpad.dat and pull the file down. However, when I read the file it has changed substantially. Many of the exceptions are now gone and even the above line I changed is altered. That line now reads:

this[0]=new Node("10.16.16.29",2212218303,1.000000);
this[1]=new Node("10.16.16.28",4161934344,1.000000);

The IPs are the addresses of each TMG node, but how and why are these entries changing? Also, why is the file changing so significantly? The original document has 8 exceptions, however the downloaded file has 4.

Am I not able to copy the WPAD.DAT file??

Appreciate any help/guidance.


Wspsrv high resource utilization

August 11, 2014, 3:42 am
$
0
0

Hi,

I am currently facing a problem with one of the Forefront TMG sever.  The problem is wspsrv services utilize high memory and sometime high CPU 100%. In this situation the internet stop working on the client PCs. What is causing this situation? Please help me out. My scenario is as below.

Senario and configuration.

TMG01 is serving as a standalone array manager.

TMG02 is the array member.

HTTPS inspection is enable (certificate validation only)

ISP redundancy is configured.

Site to site VPN using Routing and Remote Access on the same server.

Help me out plz


TMG Error Code 502 Proxy Error. The directory name is invalid. (267)

December 6, 2012, 3:36 am
$
0
0

Hi,

I am having problem with a website in specific.
Is showing the following error message.
Error Code: 502 Proxy Error. The Directory name is invalid. (267)
Server: TMG.personaldomain.local
Source: web filter

I have found no information in the logs to help identify the problem.
I suspect that may be temporarily unavailable from the website. I enter the site without using the TMG and the same is responding.
The problem is solved when I restart the service "Microsoft Forefront TMG Firewall"
I suspect that may be cached in TMG that the site remains unavailable.

Any idea?

Tks.

MCITP|Enterprise Administrator

•Error Code: 502 Proxy Error. The directory name is invalid. (267)

August 12, 2014, 2:07 am
$
0
0

Hi..my name is Fajar..

I facing same situation getting an error cannot access www.pajak.go.id. I have followed up soulution  to restart firewall services its resolved only one day, once I get back to the office cannot access again.

btw sometimes after the error shown up, I press refresh button and the page getting blank and then refresh again. the error shown up again.

is there any permanent solution to resolved this issue?

Forwarding UDP port for Remote Desktop Gateway

May 27, 2013, 6:19 am
$
0
0

What is the correct way to forward UDP 3391 port for RDG server?

What direction should I choose for UDP port parameters? "Receive" or "Receive Send" or something else?

Search

No internet access on TMG server and VPN client.

July 21, 2014, 11:38 pm
$
0
0

Hi,

I cannot access internet on TMG server and VPN client machine.

All rules are created properly.

I can ping to google.com and browse with public IP from TMG server. No more browsing.

I cannot access internet from VPN client but I can browse with public IP.

fasil cv

Access rule for Google Cloud Printer

March 12, 2014, 12:37 am
$
0
0

I want my user to access google doc, gmail account, google drive, and google cloud printer only but they dont get access to the google website.

i make rule for it and block google search engine.

after testing.

google docx is accessing, gmail account is accessing and google drive is also accessing but i am not able to access google cloud printer. because google cloud printer is not a namespace

so kindly help me out what should i do then what kind of rule i have to make so my user can also access google cloud printer. i dont want my client to access google search engine

electrifying

Authtication done through TMG SDK or Embeded Form

August 13, 2014, 6:16 am
$
0
0

Hi,

We have been using TMG Form login to authenticate our systems.

Now we need to embed the TMG login from in to our web form/page itself. ( Customizing the TMG form is not possible, because our web from/page is from our CMS site, so editors frequently add/change content ).

As I have read from this forum, Embedding TMG Login From in to our from is not possible. Is it still valid ?

If not, Are there any web services running in TMG and that we can call it through the code ( C# ) and get authenticate the user account ?

or else, are there any SDK functionality available to get this done.

We are really struggling with this requirement, because the requester doesn't likes to add link to TMG site and get authenticated through TMG login form, instead they needs to add the login form in to our site form/page itself.

Your advices are highly appreciated.

/TVR


Outlook client behind TMG web proxy unable to connect to remote Exchange server.

August 15, 2014, 10:24 am
$
0
0

We have recently started deploying servers at a second datacenter, and deployed a standalone array of TMG servers as a web proxy. The servers have no access to the internet without going through the TMG array. So far everything is working except Outlook connecting to exchange, which is at another datacenter (behind another forefront TMG array). Outlook is using the default RPC over HTTPS. It's the exact same issue/errors as this thread (http://social.technet.microsoft.com/Forums/forefront/en-US/39a9cf10-7b68-47bf-8c3c-ea9af5f5564c/create-rule-to-allowed-outlook-clients-to-access-an-external-exchange-server?forum=Forefrontedgegeneral), but there was no resolution there.

When setting up the email account, everything works fine. But when you try and start outlook, it fails to open saying it can't connect to exchange. A repair on the connection through control panel -> mail works, but outlook still fails to open.

I have tried the following to get the issue resolve:

1- Created an outbound allow all rule for testing purposes. Nothing is being blocked, but the connection still fails

2- I have tried without the TMG client installed, and with the client installed. Both failed.

3- I have tried multiple times with different profiles on different servers. They all failed the same way.

4- I have looked through this link, but it's for ISA 2004/Outlook 2003, so I can't find any of those settings in TMG 2010 (http://www.isaserver.org/articles-tutorials/articles/2004olpop3smtp.html)

How to Block file Transfer of Team Viewer Via TMG server

August 16, 2014, 6:49 am
$
0
0

Hello,

Can any one guide me how to block Team viewer's file Transfer via TMG server.

Regards,

Shailendra V

Server Administrator

In address bar ip is resolving intead of domain name

August 17, 2014, 10:23 pm
$
0
0

Hi,

We have web chaining configured in TMG for the clients to access internet. The websites are resolving perfectly when Proxy IP is configured in IE on client system.

When we are testing internet access without proxy in IE, the websites are resolving to IP address instead of domain name.

Is there any settings/configuration to be done in TMG to fix this?

TMG Microsoft Firewall Service Process (wspsrv.exe) high CPU. CPU Usage 100%

August 18, 2014, 1:34 am
$
0
0

TMG Microsoft Firewall Service Process (wspsrv.exe) high CPU.

CPU Usage 100%

Please help me.

Thanks

Search

Web Proxy sessions stop working after some time (ISA 2006)

August 18, 2014, 2:45 am
$
0
0

Hi guys,

we have been using ISA 2006 with Web Publishing Rule to provide access for mobile phone to corporate Exchange via ActiveSync for years. The issue occurred roughly one month ago. 

After some period of time (usually it happens once or twice daily) ISA stops to accept connections from the mobile phones. There are no errors on client devices (they don't get new mails). In Sessions tab I see that only SecureNAT sessions from phones remain, but no Web Proxy sessions any more. There are no errors in Event Viewer and I didn't find anything strange in diagnostic logs.

I've created one more Web Publishing Rule with the same Web listener as for ActiveSync rule for OWA. The intersting thing that ISA still allows access to OWA when issue occurs. Looks like the problem with Web Proxy filter.

After OS restart ISA starts working normally. 

I have ISA 2006, sp1, version 5.0.5723.514 installed on VMWare VM with Windows 2003 SE sp2.  

Do you have any ideas?

Problem

September 23, 2010, 2:59 am
$
0
0

Hi,

when i try to open Forefront TMG Managment have an error:

Refresh failed - Error: 0x80070057 - The parameter is incorrect.

How can solve the problem?

 

Raf

Raffaele

Microsoft Forefront Server Protection for Exchange Registration Service does not start automatically

August 19, 2014, 12:29 am
$
0
0

Hello,

I am having an issue when I start my TMG 2010 machine:

(*TMG 2010 + Forefront protection for Exchange + Exchange Edge server role, acting like a SMTP relay and Antispam filter)

The service "Microsoft Forefront Server Protection for Exchange Registration Service"does not start, it is set to "Manual".

I tried to find some information about which services should be started and which should not, but I cannot find such information, not even in Technet (my fault probably).

Thanks in advance.

Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)



Forefront TMG disconnected a non-TCP connection

August 18, 2014, 5:54 am
$
0
0

Hi,

I am getting the following error alerts in  TMG

Forefront TMG disconnected a non-TCP connection from 192.168.0.1 because the connection limit for this IP address was exceeded. Larger custom connection limits should be configured for the IP addresses of chained proxy servers and back-to-back Forefront TMG computers with a NAT relationship. 

This error show two msgs for my both dns servers.

My DNS servers Ip addresses

192.168.0.1

192.168.0.2

Please help me out

Thanks

Doamin Name as access filter

August 18, 2014, 8:48 am
$
0
0

Hi,

i want to create an access rule which allows the connection only to computers coming from a domain XXX.

up until now i used an ip address but now i need to allow a connection from a domain which holds a number of ip addresses.

is it possible ?

Thank you in advanced,

Udi

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>