Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

Sudden VPN issue on old ISA 2006 system

September 10, 2014, 7:32 am
$
0
0

Let me first say I am getting ready to retire this server, but still have to keep it going for the next few week.

A little under a month ago all of the sudden my ISA Server 2006 Standard stopped allowing more than 2 VPN connections at a time. It is configured to allow 15, but for some reason as soon as 2 users connect in it stops allowing any more connections and those users who attempt get an 806 error.

This is PPTP VPN connection by the way, so simple, no shared key or certificate to contribute to the issue.

Nothing has changed on this server as far as updates, patches or configuration is concerned, and we did not have any issues prior to this. That is on top of the fact that it does still allow connections, but only 2 at a time.

All of that said, around the time this started happening, though I can't say whether it was before or after, I ran Forest and Domain prep for 2012 so that I could add a 2012r2 server to my network to run as volume license manager for Office.

Could the forest/domain prep have caused this issue, or could it simply be that the old hardware, one of the NICs maybe is failing and is causing issues?

Manning


Search

Publishing Web Site on ISA

September 11, 2014, 11:48 pm
$
0
0

Hi Members,

we have external web site which is allowed only on machine which is our ISA server to access

now i want to publish this web site but issue is that the web site is https based and the owner not provided any certificate which is req to publish https site for troubleshooting purpose we just publish it through http but thats not working can some one help.

ISA 2004 - "Error Code 64: Host not available" when accessing a website.

September 12, 2014, 4:47 am
$
0
0
When our users try to access the website http://my.inex24.com/ they get the following error message:

Network Access Message: The page cannot be displayed

Technical Information (for support personnel)
Error Code 64: Host not available
Background: The gateway or proxy server lost connection to the Web server.
Date: 9/11/2014 10:43:45 AM
Server: InternalISAServer
Source: Remote server

This apparently started happening about two weeks ago. (Needless to say, we did not have any scheduled changes, although we did have an issue with SCCM around that time)
We don't have any compression policies set (in Define HTTP Compression Preferences), this seems to be the most common source of these problems...

The site inex24.com can be accessed fine though.

When viewing the live logs on the ISA Server, I see these connection attempts:

1)
Denied Connection InternalISAServer 11/09/2014 11:43:45 
Log type: Web Proxy (Forward) 
Status: 12209 The ISA Server requires authorization to fulfil the request. Access to the Web Proxy service is denied.  
Rule: CORP 
Source: Internal ( 10.201.28.82:0) 
Destination: External ( 10.201.10.167:8080) 
Request: GET http://my.inex24.com/ 
Filter information: Req ID: 5bbb50a5; Compression:None 
Protocol: http 
User: anonymous 

2)
Failed Connection Attempt InternalISAServer 11/09/2014 11:43:45 
Log type: Web Proxy (Forward) 
Status: 5 Access is denied.  
Rule: CORP 
Source: Internal ( 10.201.28.82:0) 
Destination: External ( 10.201.10.167:8080) 
Request: GET http://my.inex24.com/ 
Filter information: Req ID: 5bbb50a6; Compression:None 
Protocol: http 
User: anonymous 

4)
Failed Connection Attempt InternalISAServer 11/09/2014 11:43:45 
Log type: Web Proxy (Forward) 
Status: 64 The specified network name is no longer available.  
Rule: CORP 
Source: Internal ( 10.201.28.82:0) 
Destination: External ( 195.30.116.8:80) 
Request: GET http://my.inex24.com/ 
Filter information: Req ID: 5bbb50a7; Compression:None 
Protocol: http 
User: Domain\ME 

5)
Failed Connection Attempt InternalISAServer 11/09/2014 11:43:46 
Log type: Web Proxy (Forward) 
Status: 64 The specified network name is no longer available.  
Rule: CORP 
Source: Internal ( 10.201.28.82:0) 
Destination: External ( 195.30.116.8:80) 
Request: GET http://my.inex24.com/favicon.ico 
Filter information: Req ID: 5bbb50a8; Compression:None 
Protocol: http 
User: Domain\ME 

0x80074e24 error, killing PPTP VPN connection

August 10, 2011, 5:47 pm
$
0
0

Hi all

I have encountered an error 0x80074e24 FWX_E_CONNECTION_KILLED when one of our clients tried to connect to our TMG server via VPN, while other clients can connect to VPN without any issue. I then brought my computer, which works flawlessly, to my client's home, and it didn't work. Suspected something to do with my client's end, router setting or ISP??

Here's my setting:

Internet
|
|
Firewall
|
|
TMG Server ----- VMs on TMG Network
|
|
Internal network

Network rules:
VPN connection: VPN Clients to Internal network (NAT)
Internet access: Internal to external network (NAT)
Local host access: local host to all network (route)

Rules & Protocols:
PING: allow ping between local host, VPN clients & local host
PPTP server: allow VPN connection
RDP: to administer TMG Server for administrator
RDP: allow terminal services on VMs
HTTP & HTTPS: allow local host to external network
the default rule

Log:
Successful VPN connection 

disconnected after half a minute:
 

Much appreciated for any advice :)

 

Cheers

Tony

skypr not working

September 14, 2014, 9:03 am
$
0
0
I cant open my account Skype thru the network

Migrate ISA 2006 to TMG (export/import problems)

September 15, 2014, 3:57 am
$
0
0

Hi guys.

We have exported configuration on ISA side.

ISA VERSION IS:

ISA 2006 ENTERPRISE EDITION
Version: 5.0.5720.100

Then We have tried to import this configuration on TMG SIDE.

TMG VERSION IS:

TMG 2010 ENTERPRISE
Forefront Threat Management Gateway

Microsoft Corporation

Version: 7.0.7734.100

Import not working we got error:

ERROR: 0xc004048b

The configuration could not be upgraded. Upgrading an ISA Server Enterprise configurationis only supported on a Forefront TMG Enterprise Management Server.

Now I am a little bit confused/amused about error message that upgradin ISA SERVER EE configuration is only supported on TMG EE. But we have enterprise version?!

Ok we did some googlin and we found also this link:

http://tmgblog.richardhicks.com/2010/03/20/migrating-from-isa-to-tmg/

where guy is saying after you export conf file from ISA, you must manually convert it for TMG to recognize it.

Soo we went downloading:  EE Single Server Conversion Tool for Forefront TMG

and then ran: C:\Program Files (x86)\Microsoft Forefront TMG Tools\EESingleServerConversion\EESingleServerConversion.exe like this: EESingleServerConversion.exe /s "C:\temp\exported.xml" /t "C:\temp\output-for-import.xml"

but we recieve an error: Error: This tool supports files exported from the root node only.

We were even more confused/amused because we dont understand what error message means?

We have copied xml to C:\

we have copied xml to C:\Program Files (x86)\Microsoft Forefront TMG Tools\EESingleServerConversion\,

but we recieve still the same error: "This tool supports files exported from the root node only."

Please help, with best regards,

bostjanc

Migrate from ISA 2006 SP1 Enterprise Edition to TMG

August 21, 2010, 11:29 pm
$
0
0

Hi,

I want to migrate the ISA 2006 SP1 Enterprise Edition to TMG but some of the posts are saying that it is not supported you can not do that? Is there some one who can help me regarding this that is it possible to migrate. I saw technet which only mensions the standard edition support and there is nothing about ISA 2006 enterprise edition even in isaserver.org i read that migration from ISA Enterprise edition is not supported. My ISA server is a standalone server.

Regards,

Salahuddin Khatri

SKHATRI

Spotty Internet and TCP_NOT_SYN_PACKET_DROPPED

August 29, 2014, 11:29 am
$
0
0

I'm receiving a number of errors in the TMG log as:

None - see Result Code0xc0040017FWX_E_TCP_NOT_SYN_PACKET_DROPPED

This comes along with very spotty internet browsing from internal clients. I have a split-dns infrastructure, the DNS server in the DMz is my public DNS. Prior to this error and noticing spotty internet, I made changes to my DNS as I though that was the culprit, but the above issue remains the same. If I reboot the TMG server, the internet browsing is excellent for about 5 - 10 minutes, then falls on it's face. Stopping, refreshing, and multiple clicking on web links eventually gets there, but it's quite annoying.

A post I came across seemed to relate to the VLAN routing. The TMG INT LAN IP address is on the same VLAN as all my internal clients, connected to a cisco 3750G switch. I remember having this same setup years ago when I used ISA 2006. I do not have any ip default-gateway IP set on the switch. Any ideas on if I should make a change or how to resolve this error and internet surfing?

My Configuration:

I have 2 Cisco 3750G core switches in 2 separate rooms. They are connected by trunk port. I have a number of VLAN's as follows:

VLAN10 (Internal LAN) int ip 10.0.10.2

VLAN9 (DMz) int ip 192.168.0.2

VLAN20 (iSCSI) int ip 10.0.20.2

VLAN30 (vMotion) int ip 10.0.30.2

Inter VLAN routing is ok, systems from 1 VLAN can ping systems in another VLAN no problem. The TMG has a 3 NIC setup. DMz IP 192.168.0.9 INT_LAN IP 10.0.10.1 Ext IP x.x.x.x

All of the internal LAN servers and workstaions use the TMG IP as it's gateway. As suggested in a post I read, should I modify the cisco switch to include a default gateway of the TMG IP (10.0.10.1) and configure all of the clients connected to the switch to the VLAN's interface IP of 10.0.10.2? Should I add a static route? Should I add a default-gateway on the configuration of the switch? Any assistance or suggestions would be appreciated. Thanks.

-SK

Search

Site-to-site VPN tunnel and nat address

September 16, 2014, 7:40 am
$
0
0

I have created a site-to-site vpn tunnel with a vendor and it works, but they have requested that we restrict traffic to a single IP Address that represents out internal network. Basically they want all traffic going through the tunnel to look like it originates from one IP address.

I have a single TMG server with three legs, External, Internal, Perimeter. I could accomplish this with a third party nat device by routing all traffic through it before going through TMG, but I was wondering if it could be accomplished natively with TMG.

Manual unlocking an locally locked out account in TMG 2010

September 15, 2014, 1:47 pm
$
0
0

We are planning to implement local lockouts on our reverse proxy server, using the capabilities provided by Threat Management Gateway 2010 SP2 (http://support.microsoft.com/kb/2619987)

When an account is locked out locally by this feature, is there any way to unlock it, or do we have to wait for the lockout period to elapse? I cannot find any information on how to clear it.


You could not be logged onto the ISA Server

September 17, 2014, 1:42 am
$
0
0

Hi All

We have a Sharepoint site that is published to the web using ISA Server 2006 using forms authentication with Windows (Active Directory) set as the Authentication validation method.

All has been working fine for a few years but now out of the blue we are now getting an the error "You could not be logged on to ISA Server. Make sure that you domain name, user name, and password are correct, and then try again." when users try to log into the website if their AD account has the tick for "User must change password at next logon".

I have made sure the ISA is SP1 and applied all subsequent hotfixes but haven't got any further. I have also confirmed that the "Allow users to change their passwords" is ticked within the listener.

Unfortunately this was setup by a company that is no longer able to offer any support to us and we have no internal experience with ISA server so are now struggling with how to procede with fixing this fault.

Can anyone offer any advice on what else I can do with it?

Thanks

What is the Signature in TMG?

September 17, 2014, 8:35 am
$
0
0

Hi all,

I want to know, What is the Signature in TMG? What is the usages? And, How can i use Signature in TMG?

Please tell me by example.

Thank you.

Future is mine! ^_^



POP3 and POP3 Server

September 17, 2014, 8:41 am
$
0
0

Hi all,

What is the different between POP3 and POP3 Server in TMG?

please tell me about this different and usages.

Thanks.

Future is mine! ^_^

TMG - Getting proxy authentication required when trying to access Citrix

September 6, 2014, 8:48 pm
$
0
0

Hi guys, I've setup a new proxy array and most things seem to work fine. I have enabled integrated authentication and set a web access rule to allow HTTP, HTTPS and FTP out to the internet for all "Domain Users". Users can access the internet and I can see the user names under "monitoring" / sessions.

The problem I'm facing is, when users try to access a citrix page, they can log in to the front portal but when they try to launch an application they are prompted for credentials "Proxy authentication required". The message shows the IP address of the array and mentions "NTLM".

To get things working I've added the "All users" to the web access policy which has fixed the problem, of course this is not ideal as security is a little loose now and all sessions under monitoring shows "anonymous" against every connection.

What could be causing the prompt for credentials?

Any advice or suggestions would be much appreciated.

TMG Reporting

September 17, 2014, 12:34 pm
$
0
0

HI,

Please suggest me any best third party reporting software for TMG 2010.

Thanks

Search

No Network Adapters could be identified

December 4, 2009, 2:04 pm
$
0
0
I am trying to install Threat Management Gateway 2010 Enterprise on a Windows 2008 R2 server.  It installs fine, but when I try to run the "Getting Started" wizard, it fails saying "no network adapters could be identified. The wizard cannot continue".  Anyone have any ideas?

Use multiple public IPs addresses

September 18, 2014, 5:53 am
$
0
0

Hello there!

In my environment, I have four public IPs, and I have a TMG Firewall working.

When I publish servers by TMG using one of my IP adresses, it works.

But, when I use anyone else, it isn't work.

I'm new in TMG Server, so I want to know if there is some setting to do to use other public IP adresses to publish servers by TMG.

Thanks in advance.

Lucas Gustavo

How to deny utorrent and hotspot shield in my network

September 19, 2014, 1:32 pm
$
0
0

Hello ,

I have TMG 2010 I want to deny hotspot shield and uTorrent in my network

and block download .exe file .zip using TMG

how to do that ?

thanks

reports nlb tmg

September 19, 2014, 3:10 pm
$
0
0

Welcome,

How to make TMG reports (from reporting services) when one host in NLB array is turned off ?

Error 80074e46 intalling TMG

August 29, 2013, 10:07 am
$
0
0
Hello I have a virtual Windows 2008R2 updated and joined to a Domain. As Domains controllers I have two Windows 2012.

When I try to install the TMG forefront in the windows 2008R2 I have "error installing ADAM \r \n (0x80074e46) .

I can ping the Ip and Name of the Domain Controllers. I can ping too the Domain name.

But if I try this:

nltest /SC_QUERY:DOMAIN.local

I get:

Flag:0
Status 1311 0x51f ERROR_NO_LOGON_SERVERS

And If I try this:

nltest /DSGETDC:DOMAIN.local

I get:

DC: \\SERVER01.DOMAIN.local
Direcction: \\192.168..15.10
DOM name: DOMAIN.local
FOREST name : DOMAIN.local
....

Please I need Urgent help with this.

Thanks
Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>