Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

Incorrect time and 502 error on TMG 2010

April 23, 2013, 3:46 am
$
0
0

Hi,

Background:

2 x TMG Servers 2010 with latest hotfixes and rollups installed on fully patched 2008 R2 OS

both TMG servers are configured with dual NIC's - one internal one external and both nics are configured in an NLB through TMG

Client OS is mix of Windows 7 and Windows 8 with browsers being from IE8 to IE10.

Issue:

We are getting random 502 errors with the error saying Error Code: 502 Proxy Error. The requested resource is in use. (170).

This happens to all users randomly - they could be accessing any site. Hitting refresh on the browser resolves the issue.

It always seems to specify the same TMG server. But one thing I have noticed is on the 502 error page it shows the incorrect time - it's exactly 1 hour out. Yet the time on both TMG servers in the OS is identical.

Thanks in advance.

Denis

Denis Cooper MCITP EA - MCT

Search

TMG falls when network load is high !! help please

October 26, 2014, 3:48 am
$
0
0

hello everybody.

i have install tmg in windows server for use in internet traffic and other thing about to network.

but i have an issue while using tmg. in first, tmg is working good but when network load is high tmg the work falls.

whenever max of users count is 15-20 that's working good but if users number has increased, tmg not working.

please help me, very importance

thanks a lot

Ms TMG and ISA Server is blocking Mobile Apps (Watsapp, Viber, I-Phone E-mail & other Apps), who to allow these apps.

January 13, 2014, 1:23 am
$
0
0

Dear sir,

i am using Ms TMG and ISA Server 2010 Sp2.

so TMG and ISA Server is blocking Mobile Apps (Watsapp, Viber, I-Phone E-mail & other Apps) in our network, so who i can allow these apps. please give me the solution. i am waiting for your reply. Thank you. 

Header including user credentials

October 7, 2014, 9:50 am
$
0
0

Hello,

Here is the situation. We have two AD domains, Domain A and Domain B. Domain A has an AD called domainA.local in the DMZ where all external users are. This domain also hosts SharePoint 2013 and TMG. We have another domain, internal this time called Domain B. This domain has an AD called domain.local when all our internal users are located. The internal domain also hosts a third party claim provider that we intend to use to authenticate both internal and external users. The issue we are having is that when external users authenticate to TMG (this is a requirement for us) then they are passed to sharepoint where the Claim provider kicks in but the issue is that we can't figure out how to pass the credential of the authenticated user in TMG to sharepoint in header so we can achieve some sort of SSO. Right now the users get also prompted at the SharePoint level after they get through TMG. I know we can do this through a header variable on TMG but I am not sure where to start. Any help would be appreciated.

Thanks

Array members not syncing config with config storage

October 28, 2014, 7:23 am
$
0
0

Hi guys,

I'm running Forefront TMG 2010 (7.0.9193.500) on W2K8 R2.

We have a management server that's also the configuration storage server. This is a domain member on the inside of our firewall.

We also have 2 array members in our DMZ only with a single NIC as workgroup members. These are in an NLB cluster. They have access to the config storage server. When I look at the config from the array members, I can see the current desired config, BUT when I check the configuration status, both of the array members are showing a status of "Not Synced", description 'Server configuration does not match the stored configuration'. The last update is shown "30/11/1999 00:00:00", as if they have never synced.

I have added a couple of IP addresses to the NLB config in TMG and need this config applied before I can create the associated publishing rules I need to create.

In the event log on both nodes, I am seeing repeated Schannel errors in the system event log, 36888 (The following fatal alert was generated: 45. The internal error state is 552.) and 36881 (The certificate received from the remote server has either expired or is not yet valid. The SSL connection request has failed. The attached data contains the server certificate). I can't see where the FQDN of the offending certificate.

Any ideas what's causing the problems with syncing the config?

Thanks.


How to public ftp server via TMG 2010

October 28, 2014, 2:50 am
$
0
0

Dear all,

Please show mw how to configure FTP server public via TMG 2010

Thanks and best regards,

Hung Viet

Move TMG 2010 server from physical to virtual (P2V) - no certifcates

October 29, 2014, 10:23 am
$
0
0

Hello,

I am helping our TMG administrator migrate from a physical server hosting TMG 2010 to a virtual server (VMware) and I used the VMware P2V tool to do the migration.

Everything appears to be there...all the TMG services start, etc.  Yet, according to the TMG administrator it is not working.  He told me he sees "no certificates" now.  I am not sure what that means, as I know very little about TMG...but I am assuming he means going into the OS certificate store and see nothing realted to TMG.  Or maybe there is a section in the TMG administration console where you view certificates...I really don't at this point in the investigation.

So I understand this may be more of a question for the VMware forums, but assuming the P2V does a perfect disk clone from physical to virtual, how could anything be missing?  Are there known issues with TMG not transferring certifcates when moving from machines?  Is there some dependance on physical server motherboard ID, or MAC address that TMG keys off of?

Just trying to understand where/how the cerfificates uses by TMG could be lost assuming a clean disk transfer.

Thanks

NK

TMG edge firewall

October 30, 2014, 3:55 am
$
0
0
I have successfully installed and configured TMG 2010 as a edge firewall. Now the problem is without the proxy settings all the client PC's and Laptops getting internet access and they are getting full internet access. Even i have created web access policy to block some websites. Please help me...
Search

In address bar ip is resolving intead of domain name

August 17, 2014, 10:23 pm
$
0
0

Hi,

We have web chaining configured in TMG for the clients to access internet. The websites are resolving perfectly when Proxy IP is configured in IE on client system.

When we are testing internet access without proxy in IE, the websites are resolving to IP address instead of domain name.

Is there any settings/configuration to be done in TMG to fix this?

TMG Traffic For a Specific IP isn't leaving the server despite valid routes and no firewall

October 30, 2014, 3:49 am
$
0
0

Hi,

 I'm struggling to troubleshoot a TMG networking issue:

I have a TMG server setup in my DMZ. Inbound traffic hits the a 3rd party firewall router, goes to the TMG server and is then routed back through the 3rd party firewall router to my internal network. I've setup web publishing rules and listeners for IIS sites and SMTP traffic using a different IP to listen for 2 different websites and another IP for SMTP.

The issue I have is that my TMG server can't ping a server on the internal network on a specific IP:

TMG can ping 192.168.11.190
TMG cannot ping 192.168.11.191

Firewall rules are configured to permit traffic (no deny connections are shown in the monitor).

tracert and pings to 192.168.11.190 hit the internal IP of the 3rd party router
tracert to 192.168.11.191 simply responds with * * * * before timing out

Monitoring from within TMG shows the correct IP is being used in both cases (internal NIC 192.168.10.10).

A route print from TMG has a valid route to the internal network:

(network)192.168.11.128 (mask) 255.255.255.128 (gateway) 192.168.10.126

In summary:
 - TMG can ping 192.168.11.190, but not 192.168.11.191
 - Valid routes exists 
 - No firewall rules are blocking communication
 - Traffic to 192.168.11.191 doesn't seem to be leaving the TMG server 

Any advice on solving this would be appreciated.

Cheers

 


Error Code 10061: Connection refused TMG 2010

October 30, 2014, 11:43 am
$
0
0

Good morning, this timeitis presentinga problem in thenavigationof a specificpage,I explainourenvironmentiswindows server2008 R2sp1with all updates,TMG2010 SP2RU5, the problem thatoccursto meis random, todaymay be wrongtomorrow may bewell andso onwithout anyspecific pattern,onlytoa specificweb page,I getthe following error inthe browser:

Explanation: The Web server refused the connection. 

Try the following:
  • Refresh page: Search for the page again by clicking the Refresh button. The timeout could have occurred due to Internet congestion.
  • Check spelling: Check that the Web page address is spelled correctly. The address may have been mistyped.
  • Access from a link: If there is a link to the page you are looking for, try accessing the page from that link.
  • Contact website:You may want to contact the website administrator to make sure the Web page still exists. You can do this by using the e-mail address or phone number listed on the website home page.

If you are still not able to view the requested page, try contacting your administrator or Helpdesk. 

Technical Information (for support personnel)
  • Error Code 10061: Connection refused
  • Background:The server you are attempting to access has refused the connection with the gateway. This usually results from trying to connect to a service that is inactive on the server.
  • Date: 10/30/2014 2:48:14 PM [GMT]
  • Server:XXXXXXX
  • Source: Remote server

Jose

Disable Websense scanning for specific src networks

October 21, 2014, 3:41 am
$
0
0

Hi all,

I have an installation of Forefront TMG 2010 with Websense Web Filter Plug-In. The task I am supposed to do is to disable redirecting requests to Websense for specific source networks. It is impossible to do it from Websense Server, due to license limitations.

I know there's a way to ignore some source users from isa_ignore.txt but I should filter this basing on source IP addresses. Please help me solving this issue.

Kind Regards,

]TMG 2010 SP2 Rollup 5 - None Available Worker threads

November 3, 2014, 5:32 am
$
0
0

Hi Guys,

We're experiencing some problems with our TMG 2010 Array (SP2 Rollup 5 ),and the first thing I can see is that the "Available Worker Threads" are 0 many times during the day. How can debug further this issue to know the root cause?'

Best Regards

Federico Giampietri Latamsupport IT Infrastructure Services

TMG 2010 SP2 Service Crash

November 3, 2014, 8:13 pm
$
0
0

Hello.-

We have a TMG 2010 which main service crashes randomly. This is a SP2 Roll Up 4 and windows 2008 R2 full patched. The error reported is:

"The Firewall service stopped because an application filter module C:\Program Files\Microsoft Forefront Threat Management Gateway\GwpaFltr.dllgenerated an exception code C0000005 in address 000007FEF40422B4 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service"

SU 1 for Service Pack was applied and following Roll Ups to number 4. Roll Up 5 points out to a issue related to DiffServ filter, but in our case this filter is not enabled.

There is no a specific condition when service fails, this happens after some time (even weeks) running without problem, even with less load than usual.

Thanks in advance.


ISA 2004 publish web site

November 4, 2014, 2:46 am
$
0
0

Hi all,
I publish a web site trought ISA 2004 and from the ISA monitoring I saw all request to have destination to the IP address for the isa server and not to the web site url... What can I check?
Thanks

Search

TMG 2010 wspsrv.exe 100% CPU after SU1 Rollup 4 (NIS)

July 13, 2011, 5:00 am
$
0
0

Hey guys,

I just wanted to let you guys know this. I have (virtualized) TMG 2010 SP1 with SU1 RU3 on Windows Server 2008 R2 (fully patched) installed at this moment (uninstalled RU4).

After a week running, no apparent problems were noticed, except some users reported slow logins through owa. So i took a quick look at it, and i noticed 100% CPU usage in VMM 2008 R2. After a bit of research, it had all this time a 100% CPU usage. Ok, so a search was iminent.
Quickly stumbled upon various articles, one of which caught my attention: http://blogs.technet.com/b/yuridiogenes/archive/2011/03/20/another-case-of-high-cpu-utilization-by-wspsrv-exe-on-forefront-tmg-2010.aspx. So, first thing i wanted to try was to disable NIS and restarted Firewall service. CPU dropped immediately. I've let it run for a few hours, CPU stayed normal for that time (0-30 % maximum CPU usage normally). After that I enabled NIS, restarted firewall, again 100% CPU (almost immediately). The high CPU usage is constant, no matter how long you keep your machine running. A reboot doesn't matter either.

I uninstalled RU4, CPU usage immediately went normal.

Now, to further clarify other possible causes: no monitoring, no diagnostic logging or anything is active. The tracing is also not active (in my case, the registry keys, quite simply did not exist... so i assume tracing is not active then)...

So concluding, installed SU1 RU4 causes 100% CPU usage due to NIS doing something. Finding out the exact cause is out of my scope and time unfortunately.

With kind regards,

Sven

 

 

TMG 2010 anonymous access

November 4, 2014, 2:01 am
$
0
0

Hi all,

I upgrade from ISA server 2006 to TMG 2010 . In the ISA server we using forward proxy from authenticate and nonautheticated users . But after I upgrade to TMG 2010 nonautheticated users which try use proxy , the proxy return access denied.... in the proxy is setting all users ... How I set for nonautheticated user ?

thanx

Falcon

Export TMG config from EMS Array to standalone?

May 7, 2012, 8:45 am
$
0
0

A similar question was raised in this thread, but was not answered. I have a test array that is managed by an EMS, and I am attempting to export that configuration into a production standalone array without an EMS.

If I do a standard export / import, I get the error:

"The value specified for the parameter Scope is not valid for standalone mode"

If I attempt to use the script here, I receive the same error.

I hoped the EESingleServerConversion tool would do the trick, but that apparently is only for ISA to TMG (gives error "Error: This tool supports files exported from the root node only.").

I am fully patched to SP2.

Uninstall TMG Packet Filter

November 4, 2014, 8:34 pm
$
0
0
Based on this thread, I checked the Device Manager (including hidden devices) for the Packet Filter but couldn't find anything.  How does one remove the Packet Filter from a network device after Forefront TMG 2010 has been removed?

Multiple ip's on a single nic + web listner

November 4, 2014, 7:49 pm
$
0
0

Hi,

I'm trying to configure a web publishing rule and at the moment I'm using the exchange listener to access the site from the web.

Because I'm using the exchange listener, there's an issue with the ip address......So I want to create a listener specifically for the site I'm trying to get too and not the exchange listener.   I'd like to add another ipaddress (external), but this is where the waters get muddy!!  How do I add another ip address to the NIC?  If I go to the listener properties and select networks, there's only one external ip......how do I create another object and give it another ip so it appears in the "Selected networks for this listener"

Thanks in advance.

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>