Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

User-defined HTTP object not playing ball

August 1, 2014, 5:47 am
$
0
0

We use VMware SRM to replicate VMs to a second site. With a TMG Server at either end of the VPN. SRM management traffic uses HTTP port 80.

I have unstable communication between SRM servers because of TMG web proxy filter. Disabling the proxy filter for HTTP object in TMG and works no problems.

But rather than disable web proxy for HTTP across the board I created a user-defined object copying HTTP (port 80 outbound etc) but bypassing web proxy filter, and using this in the particular rule for the SRM traffic.

Now SRM comms simply do not work at all with the user-defined HTTP object (HTTP 500 error). But as I say work fine with the pre-defined HTTP object and web proxy disabled.

I can however, get the user-defined object working by using the associate standard protocol dropdown and selecting HTTP in there but then this requires the pre-defined object to have web proxy disabled as well! Defeating the purpose!

I do have another application which I am using a user-defined HTTP object bypassing the proxy successfully but SRM is refusing to work with it.

Has anyone else encountered issues with a user-defined HTTP object?? What is different between the pre-defined and just creating a user-defined object and giving it port 80 outbound etc?

I am going to gather info using Wireshark this afternoon to see exactly what is in the HTTP header but will be interested to hear others experience here.

Regards,

Steve


Search

Install SCCM Client on TMG Array with IPSec tunnel

August 26, 2014, 11:21 am
$
0
0

We currently have to standalone TMG arrays that are connected with an IPsec VPN tunnel. We have an SCCM server located in 1 Datacenter behind the array. In that DC, all servers, including the TMG servers, can connect to the SCCM server. In the other datacenter (DC), all servers are able to traverse the tunnel and communicate with the SCCM server.

The only issue is the TMG array at the other end of the tunnel. Neither of the servers can reach any of the servers behind the tunnel. When I look at the logging, it says the adapter is localhost, but the client IP is the public IP of the TMG server. The logging on the other side of the tunnel (DC with SCCM) shows no connection attempts. There are explicit firewall rules to allow the traffic from localhost to the network on the other side of the tunnel.

How do I configure the TMG array to use the IPsec tunnel when communicating with servers on the other side?

hitstudios.net is limiting my downloads

September 28, 2014, 6:29 pm
$
0
0
i called my service provider centurylink who stated i was well under my limit and they have no control over this company what do i do

TMG is free?

December 30, 2013, 6:52 pm
$
0
0

Hi, guys

Is TMG  a free software? i doubt that i have saw the license for TMG on intertnet. if tmg is not a free tool, where should i pay for it? or buy license? i am confused.

Nice day

Timmoon

Replacing/Removing TMG in Sharepoint 2010 Environment

September 29, 2014, 8:22 am
$
0
0

We have a pretty standard set-up.  

Forefront TMG in the DMZ with our Sharepoint 2010 farm in our internal VLAN.
What we call "sharepoint portal" access is handled through a custom form in TMG.

Since we are sunsetting TMG, we can provide claims-based authentication via ADFS2.0 to our Sharepoint, but do not want to expose our Sharepoint 2010 to the outside.

What is a reasonable/cost-effective solution for providing secure pass-through?

How to enable Traffic Filtering in Web Publishing Rule ?

September 30, 2014, 12:15 am
$
0
0

Hello,

I have a Web Publishing Rule and I need to configure the HTTPS Filtering on the Traffic Tab of this rule. Unfortunatly the button to configure it (Filtering) is greyed out and I am not able to do the necessary configuration.

What am I missing ??? Anything elseI need to enable first that I have missed ??

Thanks in advance for help !

Martin


entering wrong password in owa frontend through tmg it shows page can not be displayed

September 30, 2014, 2:11 am
$
0
0

I have Exchange 2010 owa published through TMG and everything works fine, however if i enter an wrong password tmg shows not the normal error page from owa but it shows an page cannot be displayed. In this page it shows the error:

Error Code: 500 Internal Server Error. Logon failure: unknown user name or bad password. (1326)

Which is indeed correct as i typed in a wrong password. Does anyone knows where to look to get the normal login screen back from owa ?

Just to be clear that if i enter an correct username password it works perfectly and the rules test shows all green lights ....

Block access to sharepoint web services via tmg

September 30, 2014, 7:02 am
$
0
0
hi iam trying to block access to sharepoint web services using tmg like in the article here

I have sharepoint published as normal and have put an additional rule
and altered the paths as suggested in the article below.

http://www.paulgrimley.com/2010/03/blocking-access-to-sharepoint-web.html

However I can still access the web services does anyone have any experience doing this?

thanks

jon               
Search

Replacing web listener certificates

September 30, 2014, 7:17 am
$
0
0

Hello,

 I'm using TMG to publish Exchange and 1 other website in a multiple DMZ scenario. I have the following setup:

1. Internal IIS and Exchange server ---> 2. Inner DMZ TMG + Exchange Edge Server---> 3. External TMG

My external TMG in the outer DMZ (3) has a non authenticating web listener configured for 443 traffic and redirects it to the inner TMG, which has a forms based authentication listener. My IIS site, Exchange and both listeners use the same certificate. My certificate provider has given me a month to re-key my SSL certificate due to SHA1 being a weaker cypher. Given that end users will only ever hit the External TMG and not the inner servers, do I need to replace the certificate on all my servers or can I get away with doing it just on the external servers?

IT Support/Everything

TMG Services not starting

September 30, 2014, 9:48 am
$
0
0

Hi!

We have an array of 2 TMG servers in the configuration of multicast NLB + 1 TMG EMS server that contains the configuration of TMG. As a result of changes to the rules, one of the servers no longer apply the changes (synchronization status constantly Updating), reboot the server did not help. It was decided to re-create the cache configuration of the TMG server under this article http://blogs.technet.com/b/isablog/archive/2009/01/26/rebuilding-isa-configuration-cache.asps. Completed actions do not resolve the problem, and as a result the server restarts, service isactrl (Microsoft Forefront TMG Control) and other TMG services depend on it stopped running. Manual start of the isactrl service results in an error. In the event log of the server displays an error event with the code 11004 with the following contents:
Microsoft Forefront TMG Control failed to start. The failure occurred during Security Watchdog notification processing because the system call ApplyAccessControlSettings failed. Use the source location 122.86.7.0.9193.644 to report the failure. The error description is: An attempt was made to reference a token that does not exist.

Maybe there are any recommendations to address the problem or how to make a detailed identification of the problem?  

Thx!

Remove additional logon screens from tmg

October 1, 2014, 9:23 am
$
0
0

We are using tmg as a reverse proxy to publish sharepoint the following querystring gets us to an unwanted logon form

/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=2

How do I remove the logon form associated with this querystring?

thanks

jon

OWA 2013 publish through TMG 2010 logoff URL problem

October 1, 2014, 6:10 am
$
0
0

Hi all,

The problem is the OWA publishing over the Internet via TMG. TMG is not able to Catch the OWA LogOff URL page. So it will instead receive the "Close all your Browser Settings.." and no log out from OWA.

Does anyone get that "Real LogOut" fixed via TMG.

PowerPoint Web App 415 Unsupported Media Type

October 1, 2014, 7:14 am
$
0
0

Hi,

i had successfully deployed and configured external access via TMG to SharePoint 2013 with Office Web Apps 2013. Everything works fine, except PowerPoint Web App, when the farm is accessed externally. User becomes following error message:

Either you´ve lost network connectivity or our server is too busy to handle your request. Please check your network connection and try again later. 

PowerPoint Web App is working fine, when accessing SharePoint form local network or through VPN.

Ive searched TMG Logs and found this 415 ERROR:

 

Allowed Connection
Log type: Web Proxy (Reverse)
Status: 415 Unsupported Media Type
Rule: (SERVER FQDN)
Source: Internal ()
Destination: Local Host ()
Request: POST http://(SERVER FQDN)/p/ppt/view.https.svc/jsonNtlm/GetPresentation
Filter information: Req ID: 0be8d6bf; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=yes
Protocol: https
User: domain\name

Additional information
Client agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40020000 (Response includes the CACHE-CONTROL: PRIVATE header. Response should not be cached.)
Processing time: 16 MIME type:

Thank you for answers! 

Regards


Lubomir

Outlook.com / mail.live.com display issues

October 3, 2014, 3:05 am
$
0
0

 We have an issue with our TMG array where one of the servers doesn't display outlook.com/hotmail/other microsoft bits and bobs correctly. For example, I log into my hotmail, and I get a page that looks like this

Proxy1 error

however the same page accessed through the second server in the array displays fine. The arrays (obviously) share the same config and both are Up-to-Date and synced. 

Things we've tried so far....

Each proxy has an individual NAT to an external IP address - we've changed these and swapped them over, but the errors always happen via PROXY1 - so it wouldn't appear to be any IP blocking on MS part

It does appear to work the first time you login, but after that, you get the incorrectly drawn page

If you change the URL from dub110 to dub109/dub122 then it appears to redirect ok to dub110 and display correctly. Subsequent refreshes give you the junk page. 

Other MS 'live' sites do seem to have wierd issues through PROXY1 - for example the picture is missing off the login.live.com page via PROXY1

So, given that both TMG servers in the array are sharing the same config, what can be happening? No Dashboard alerts, no AD issues, all connection verifiers show ok etc etc.....

Thanks in advance

TMG Android keeps rebooting after I turn on the Wifi

October 3, 2014, 5:37 am
$
0
0

Hi,

I recently purchased a TMG W-78D. It was working fine (for a month) however I noticed the Wifi would screw up in the way that I had to turn it off than on again to find a Wifi. Then my tablet would reboot every so often but it was ok. Now every time I turn on the Wifi it will continually reboot. Some times it will do it straight away over and over again until I turn off the Wifi. Some times it will be fine for a while then start to reboot. I have done a factory reset? What can I do? Can I manually update the system? There is no way on the tablet.

Thank you

Search

How to change intra-array address?

October 15, 2009, 2:07 pm
$
0
0

TMG 2010 RC Standard Edition
Windows 2008 R2

When I installed TMG the internal NIC had the ip address 192.168.188.2. After configuring I changed the address to 192.168.188.1. Now the following error is logged in the event log:

The IP address specified for communication between this Forefront TMG computer (192.168.188.2) and other array members is not bound to a network adapter installed on this computer. The IP address specified for intra-array communication must be bound to a network adapter installed on the computer.

Where can I change the address?
Why is there an intra-array address when the server is not an array member?

Hallis

Web Access Policy for AD Users

October 5, 2014, 12:33 am
$
0
0

Hi Experts,

I have a domain abc.com . This domain has some users.

I have installed Forefront TMG on a separate server that is part of abc.com domain.

I need to apply deny/Allow rules on the AD users and groups in my domain.

Can anybody help in doing that.

Thank You....

TMG Server Firewall Rule

October 5, 2014, 1:20 am
$
0
0
Hi experts,

I am trying to deploy Forefront TMG in a Virtualized Environment.

The software I am using is Oracle VM VirtualBox.

I have made 2 server machines . One is a domain controller and on the
other machine I have installed FTMG 2010. The TMG server is part of the domain.
It has two NICs one for WAN & the other one for LAN
On the tmg server I have made a firewall rule that allows all outbound traffic
to an AD user.

On another Win7 Virtual Machine that is joined to the domain. I logged in as a user
and inthe internet options of IE I configured the proxy settings that points
to my TMG Server. But nothing is showing up even the websnse page.

I just shows 'Internet Explorer cannot show the webpage'.

Can anybody help me where I m mistaking....!!!

Does TMG 2010 Work with Server Name Indication (SNI) Feature of IIS8?

October 6, 2014, 3:15 pm
$
0
0

Hi,

I am trying to publish Microsoft Azure Pack Tenant Websites using SSL 443 for multiple sites with the recent Server Name Indication (SNI) feature. For the life of me I cannot get this working (no denied traffic on TMG).

does TMG 2010 SP2 UR5 support (sorry work with) SNI?

Microsoft Partner

Two NIC and Active Networks problem with TMG 2010

October 6, 2014, 4:19 pm
$
0
0

On a Windows 2008 R2 server joined to the domain and with an Edge template configuration we have the following issue:

The Active Networks (in Nework and Sharing Center) keep changing to a single network. Normally they should be like:

domain network----- LAN

Public----WAN

They get joined and show like

domain.local----LAN/WAN

OR like:

Public network ---- LAN/WAN

We have exhausted troubleshooting, Internet and forum search. Anyone has experienced something like this?

The Dunadan Raptor

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>