Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

WMI traffic through ISA 2006

November 14, 2014, 3:00 am
$
0
0

Hello,

I am having a problem in my network and read this in an article to solve the problem:

"...

    Allow the following traffic in your ISA Server:

  • TCP/IP - port 135 - RPC/DCOM/WMI endpoint mapper (RpcSs)
  • TCP/IP - all ports - Asynchronous callback WMI client (Unsecapp)
  • TCP/IP - all ports - Windows Management Instrumentation service (Wmimgmt)

..." 

(It is taken from this article: http://support2.microsoft.com/kb/2737560)

It is easy to make the first one, port 135, but the other two rules, if those two are "all ports" , what is the difference? How could do that in ISA ? . Sorry if it is too basic a question.

Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)



Search

ISA server vpn client

November 14, 2014, 4:05 am
$
0
0

Hi

Our current ISA 2006 server are letting the vpn client transport all internet traffic through the vpn clients own internet connection, so that only local net traffic through the vpn tunnel. But now i need a specific www adresse to go through the vpn tunnel - how do i do that ?

eg:

server on the localnet

from client on vpn: ping mylocalserver go through the vpn tunnel, so the transport will be (client->client ISP->isa->localnet)

server on the internet

from client on vpn: ping www.google.com go through the vpn clients own ISP, so transport will be (client->client ISP->internet)

/

David

How to make Forefront TMG build VPN site-to-site tunnel with reduced subnet

November 7, 2014, 7:16 am
$
0
0

I am trying to implement a Site-to-Site VPN tunnel with a supplier. We are using Forefront TMG 2010 SP2 (Site A) and they are using Cisco ASA (Site B)

I have complete access to SITE A, but no access to Site B (suppliers end)

We have set up the VPN tunnel, but it will only come up if it is initiated from the Site B end. We know this is because there is a mismatch in the expected network size. Site B fits within Site A, but not the other way round.

The tunnel is set up at Site A with an allowed route of 10.0.2.60/30 and matched with a configuration at the other end. This configuration is If I look at the "Site-to-site" summary on TMG.

However, my counterpart at site B tells me that when the TMG actually tries to build the tunning, it is not specifying 10.0.2.60/30 but 10.0.2.0/24

I should also mention that TMG internal ip is 10.0.2.6 ,that we only 10.0.2.61 and 10.0.2.62 should be allowed through the tunnel, and that due to existing VPNs on the supplier site, they cannot increase the size of the network on their side to match the 10.0.2.0/24 range

I am a at a bit of a loss why this is happening. Does any one have any guidance, I don't really even know what terminology to use to effectively search for an answer

TMG wount work on the network

November 17, 2014, 12:35 am
$
0
0
I installed tmg 2010 on a virtual machine, after installling it it doesnt seem to block access to the network and outside the network. can someone help me out on this

Account Keepgetting Lockout from TMG Server

November 16, 2014, 11:26 pm
$
0
0

Hi All,

one domain user account keep getting lockout every 30min from our TMG server. i have restarted the TMG server many times. earlier i was having only TMG SP1. after i encounter this lockout problem i have upgraded my TMG server to SP2.

my currently TMG Version : 7.0.9193.500

i have captured below event error from TMG server ( Event ID : 4648, Source : Microsoft Windows security )

A logon was attempted using explicit credentials.

Subject:
    Security ID:        NETWORK SERVICE
    Account Name:        TMGServerName$
    Account Domain:        WORKGROUP
    Logon ID:        0x3e4
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
    Account Name:        userid
    Account Domain:        domain
    Logon GUID:        {00000000-0000-0000-0000-000000000000}

Target Server:
    Target Server Name:    Domain.FQDN.org
    Additional Information:    Domain.FQDN.org

Process Information:
    Process ID:        0x2f98
    Process Name:        C:\Program Files\Microsoft Forefront Threat Management Gateway\wspsrv.exe

Network Information:
    Network Address:    -
    Port:            -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials.  This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

i am not sure, why the account keep getting lockout from TMG, any suggestion would really helpful.

srini

Unable to access "https://wss.pspcl.in:56301/logon/logonServlet" sites through ISA 2006 server

November 16, 2014, 10:31 pm
$
0
0

hi,

we are Unable to access  "https://wss.pspcl.in:56301/logon/logonServlet"      site  through    ISA 2006 server.

And we also create   rule in isa sever but still we are facing problem to access this site.

Plz help me or provide solution if any body face such type of issue in ISA server.

Regards,

Ravi

TMG Logs file Naming Convention

November 18, 2014, 7:21 am
$
0
0

Hi,

Can i change the TMG logs file naming convention. I am using Wc3 Extended log file format.

Default is: ISALOG_yymmdd_FWS_nnn

Want to change in ISALOGTMG01_yymmdd-FWS_nnn

Thanks

TMG 2010 anonymous access

November 4, 2014, 2:01 am
$
0
0

Hi all,

I upgrade from ISA server 2006 to TMG 2010 . In the ISA server we using forward proxy from authenticate and nonautheticated users . But after I upgrade to TMG 2010 nonautheticated users which try use proxy , the proxy return access denied.... in the proxy is setting all users ... How I set for nonautheticated user ?

thanx

Falcon

Search

ISA/TMG as default gateway with default authentication page

November 29, 2011, 2:30 am
$
0
0

Hi,

I'm working on a community college. We have a roaming wireless network which covers the complete area. It was fully open for our students, besides some restrictions like peer-to-peer downloads, e-mail (port 25), and other dangerous protocols. But due to security regulations we need to authenticate and log all the activity. Is this possible with ISA/TMG without any action on the students computers? Because we can't control what device they are using.

We're thinking about a situation like you see in hotels, where you'll get a login page, no matter what URL you type in. And then ISA/TMG should also log all the activity the students are doing. Please note: Not only browsing (80/443), but also a lot of other protocols/ports have to be possible.

Any advice is welcome!

Does TMG 2010 Work with Server Name Indication (SNI) Feature of IIS8?

October 6, 2014, 3:15 pm
$
0
0

Hi,

I am trying to publish Microsoft Azure Pack Tenant Websites using SSL 443 for multiple sites with the recent Server Name Indication (SNI) feature. For the life of me I cannot get this working (no denied traffic on TMG).

does TMG 2010 SP2 UR5 support (sorry work with) SNI?

Microsoft Partner

TMG work without adding proxy setting in web browser

November 12, 2014, 8:46 am
$
0
0
i have a TMG 2010 and working as a web proxy and i want to configure the TMG using my client without adding proxy setting in their web browser. because most laptop users are using dongle or their home wifi, then they can't  access internet out of the office.

Block Page Customization for https

November 20, 2014, 9:42 pm
$
0
0

Hi All,

I have Created rules for blocking some sites like facebook.com , dailymotion.com now i want to customize a page for blocking message for my users it just works fine for http but on https request its not working and new pages displays "THE PROXY SERVER IS REFUSING CONNECTIONS"

Pls help me how i can i customize my block page for https requests too

NTP Sync

November 21, 2014, 10:34 pm
$
0
0
I want to configure TMG as my NTP server. So our all domain controllers sync time from TMG and all clients sync time from our domain controllers. You might think why this configuration, because i do not want to expose our domain controllers to external network. But the problem is our DCs would not sync time from TMG. I created the rule in TMG to allow NTP(UDP) from DCs to the localhost(TMG). and the same traffic coming to the TMG also. But after initiating the connection, the connection will be shut down by the TMG itself. Please give me a solution. 

Shanif Salim

Forefront Threat Management Gateway 2010 Management console only on Windows Server 2012 Server

May 28, 2013, 12:25 am
$
0
0

Hi, I have installed Forefront Threat Management Gateway 2010 Management console only on Windows Server 2012 Server, i can connect to TMG CSS role but i cannot see anything in Array information, it just ask me to create new array but i want to manage my existing array on TMG Servers from my management server using this TMG 2010 Management console....Your Help is very much appreciated....

Cheers,

Praakassh Ghaitadke

Internet is working very slow through ISA 2006 Srever

November 26, 2014, 1:35 am
$
0
0

Hi,

We are using isa server 2006 for accessing internet service, but internet is working is very slow.

When we ping the public DNC its show the lot of delay time.

And in ISA alerts its display the following error messages:-

1."ISA Server is no longer experiencing a SYN attack".

2. The request was denied because the number of connections per second allowed for the [System] Allow DNS from ISA Server to selected servers rule was exceeded.

I am new for ISA 2006. SO, Plz provide required solution if anybody face such type of problem.

Thanks and regards ,

Ravi Singh

Search

youtube web page block

November 26, 2014, 2:48 am
$
0
0

Hi

Few month ago i block Youtube from TMG 2010 server but after one months it is not working. So if any body have good solution please help me. 

Engr. Ripon Kanti Dutta

Sudden Skype Cant login via TMG 2010 Proxy server

November 26, 2014, 3:31 am
$
0
0

Anybody Help us out. We are using TMG 2010 Sp1 Proxy in our Office and skype was working Great. But suddenly from Today SKype is not login via Proxy server. We even tried with simple Allow all rule. And skype giving error of "Skype Can't Connect". We are sure Microsoft has done some changes on Skype. ON TMG we are Getting error message logs on user traffice

"Failed Connection Attempt" 

Status: 10061 NO connection Could be made because the Target machine actively refused it.

 

or Status 10060 A connection attempt failed because the connected party did not properly  respond after a period of time, or established connection failed because connected host has failed to respond.

 

Destination IPs are : 91.190.218.40:443, 91.190.216.17:443  137.116.193.65  90.136.190.167 etc

How to Identify the Network Topology being used for a running ForeFront TMG Stand Alone array?

November 27, 2014, 8:02 am
$
0
0

Hello Experts,

My client has decided to move their datacenter  from one location to other including the ForeFront TMG servers which are being used as Reverse Proxy and TMG Gateway  in DMZ environment.

I need to know the network topology used for this configuration so that I could chose the same topology when creating new TMG environment at new datacenter. Here are some details : 

1. There are 2 TMG servers configured in a DMZ Workgroup in Stand Alone array.

2. Both servers have 3 NIC attached to them. (one has all public IPs configured, another one has internal IP address and the third one has Management IP which is used to connect the server via RDP).

3. There are more than 50 websites published via this standalone array.

I am very new to Forefront TMG technology and need to know the Topology used to create such environment.

Thanks 

Lalit

POP3 and SMTP Only

November 11, 2014, 11:13 pm
$
0
0

Dear Sir

Hope you well 

I just allow only pop3 and SMTP services on outlook via TMG please help me

i allow all mail protocol but unable to send receive email 

ALSO TMG client installed in client PC

SHA-2 Suppot for TMG 2010

September 22, 2014, 7:31 am
$
0
0
Will an update be released to support SHA-2 on TMG 2010, or will the end of life of the product be much shooner than the previous 2020 date that was announced?
Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>