Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

Publishing Server on Load Balancing TMG Array

February 4, 2015, 2:04 am
$
0
0

Greetings,

I would like to request your professional help regarding the issue we have here.

We have a TMG Array consisted of 2 TMGs, as a load balance array.

We published SFTP server on this TMG Array with the gateway IP of the NLB 

We need this SFTP to communicate only with 1 fixed IP but now we have this server communicating with an IP for a period then it transfer randomly on the other IP and any progress being lost after then as the IP has been changed.

Any idea how to make SFTP communicating externally with only IP (one TMG of the ARRAY to be fixed).

Search

wireless access through ISA 2006

February 7, 2015, 3:22 pm
$
0
0

Hi,

I have ISA server in my organization and it is functioning properly. However I want to setup a wireless access point for executive when they visit the organization.

I did setup the WAP, it broadcasted the SSID, I was able to connect and browse the internet but I had to put in the proxy settings in the web browser.

I need set it up whereby they just connect to the SSID and browse the internet without inputting any proxy settings.

What configurations do I need to do?

Thanks..

FF TMG 2010 on Server 2012

July 6, 2012, 11:29 pm
$
0
0

Has anyone tried successfully installing Forefront TMG 2010 on Windows Server 2012?

I tried but failed, it complained about unable to add roles and features.

Valuable skills are not learned, learned skills aren't valuable.


Forefront TMG dropping connections

July 30, 2013, 2:09 am
$
0
0

I have a strange and intermittent problem. I use Forefront TMG 2010 to publish Exchange 2010 (using separate rules for webmail, Active Sync, and Outlook anywhere + autodiscover. Normally this works correctly but we have instances where traffic is being dropped by TMG, but at the very same time, traffic from other networks into the same TMG are working correctly.

So I get a complaint from one user located somewhere that whenever he tries to reach the webmail URL he gets " internet explorer cannot display the page", whilst at the very same time, I am able to access OWA from my home, when using my phone and even from the office. Now if troubleshooting the issue, and using TMG's log I can see that from the IP address at which the complaining users is at, packets are being dropped with messages similar to :

0x80074e21 FWX_E_ABORTIVE_SHUTDOWN

Whilst at the very same time, people from other locations have no problems whatsoever to reach the very same published website. The only fix is to restart the Microsoft Forefront firewall, after the recycle of this service connectivity is restored for the complaining user.

HTTPS inspection issue

February 9, 2015, 7:09 am
$
0
0
Hello All,

I have seeing error 12227: the name on the SSL server certificate supplied by a destination server does not match the name of the host requested.

I have already put in the entry in the https destination exception with no validation option enabled for the SAN Values that i see in the certificate. I have also added the entry in the host file for the solution, as i suspect the issue can be with the reverse DNS lookup.

I have also installed the latest rollup but still i see same error.

The entries added in the exception with no validation option enabled are:-

abc.com
www.abc.com
*.abc.com

Any body have any idea as to why this is happening?

Is TMG server 2010 can be install on server 2012 standard R2?

February 9, 2015, 11:20 pm
$
0
0

Hi,

Is TMG server 2010 can be configure on Server 2012 Standard R2? if not, let us suggest any equivalent product same as TMG server which can be configured on Server 2012 Standard R2.

Note: TMG Server 2010 will be configured as SecureNat Gateway to manage some internal network retractions, internet secure policies and also URL blocking.

Your response is requested.    

Allow only Whatsapp

February 10, 2015, 5:08 am
$
0
0

I have TMG 2010 and I need to add a access rule for allowing only whatsapp program that is working through Bluestack emulator

I tried to monitor a pc which have running whatsapp ,but unfortunately I couldn't catch the IPs of whatsapp or any protocol it uses.

Please help me to allow only this app to run on certain users .

Thanks for help.

Packets droped because of spoofing on site-to-site VPN

February 11, 2015, 11:47 am
$
0
0

Hi!

We've just set up a new site and created a site-to-site VPN Connection between our main Office and this new site. Everything connects fine, but when we try to Transfer data if Fails. In the logs we can see that our packets are being droped with the following error message: "A packet was dropped because Forefront TMG determined that the source IP address is spoofed."

After searching the Internet I'm pretty sure the Problem is that we don't have a static route defined in the Windows Routing table. The TMG Settings seem to be fine though.

My Problem: how do I set a static route for a VPN Connection? After all I don't have a Gateway to route through. Any ideas?

Regards,


Gerrit

If you think your to small to make a differnce, try going to bed with a mosquito in the room...

Search

how to check whether a client computer has has obtained WPAD option?

September 26, 2013, 1:11 am
$
0
0

hi friends

i have deployed wpad Autodiscovery via DHCP. 

now in clients how can i check whether my client has detected webproxy server & has obtained wpad.dat file? 

when i run ipconfig /all, it doesn't show me wpad option. so ipconfig /all doesn't show all options obtained from DHCP server.

is there any command to see all options which a client has obtained from DHCP server ?

thanks in advance

Problem with URL/Domain Sets as destination - help!

February 12, 2015, 4:11 am
$
0
0

Hello,

We got TMG 2010 single server as internet gateway, where I have rules with users categorized in

  1. VIP (All Outbound Traffic open to External),
  2. Standard (All Outbound Traffic to specific URL+Domain Name sets)
  3.  Time-based (All Outbound Traffic to specific URL+Domain Name sets) - with a calender restriction.

Here VIP group has everything expect for some denial rules I created atop this rule, perfect.  The standard group has specific URLs and domains explicitly opened based on their request for e.g. http://www.moi.gov.sa/ as follows

  • - in URL set - http://*.moi.gov.sa/*; https://*.moi.gov.sa/*
  • -in Domain Set - moi.gov.sa/*; *.moi.gov.sa/*  

Both of these threads should ensure all pages, parts of www.moi.gov.sa to the Standard Users (or is this syntax wrong??)

The problem, even after opening like that, certain sites would not load properly - few examples

https://www.linkedin.com/ , http://www.booking.com/.  Sometimes homepage and some sub pages will load well, then an unclear/not-well-loaded page inside. Or homepage won't load well, but inside most pages would work.

If this used is moved to VIP group, everything works so well  because the traffic is open to 'External' i.e. all.  I even created another rule atop all exisiting rules namely " Allowed Sites" where traffic set from 'All outbound' to Set or URL+Domains sets of course, but put system default "All Users" in condition, which I think will anonymous level access to those URL/Domain sets for all users. Still the same error -

If my explanation is messy, please ask for clarification.  Appreciate any tips.

Insaf Muhammed

Multiple listeners on the same IP and Port - is this possible?

February 12, 2015, 9:26 am
$
0
0

Hi all,

I think I know the answer but thought I'd ask anyway, as someone might have some suggestions.

So in IIS we can have multiple websites bound to the same IP - this is called "Hostname binding", and means that IIS will check the Host header of incoming traffic before deciding on what to serve.

Can we do anything similar in TMG?

Or, if I want to handle requests for the same port (443) for multiple applications, do I simply need to get another IP address an interface onto the TMG box?

Thanks in advance.

12210 errors with /Wbo-B38AEDC9-4764-4BCD-9033-E00A056A69CD/ in URL

February 12, 2015, 1:55 am
$
0
0

Hi,

Every now and then after things have been working well I start seeing 12210 errors and so far the only solution I've found is to restart TMG!

The 12210 get generated who a URL like this hits TMG http://www.somewebsite.com/Wbo-B38AEDC9-4764-4BCD-9033-E00A056A69CD/some.gif.  When things are working the URL looks like this http://www.somewebsite.com/some.gif.

Something is inserting the Wbo-B38AEDC9-4764-4BCD-9033-E00A056A69CD.

Does anyone have any ideas?

Thanks

Kerberos double hop works internally, but not when published via TMG

February 13, 2015, 4:25 am
$
0
0

Hi all,

          Have 2 x IIS 8.5 servers internally with .net applications on them

The IIS servers have been configured to use a domain account for their apppool... and credentials are pass successfully from the front end server to the back end server.

When publishing the front-end server via TMG, the front-end web pages show up fine, but the delegated credentials aren't passed to the "back end" pages and a 401 - unauthorised error is presented.

The TMG computer account has the front end and back end http SPN's defined for delegation in its AD account properties.

Is this expected ? is this a limitation of TMG ? or have I simply done something incorrect ?

Microsoft Lync Camera

February 13, 2015, 4:14 am
$
0
0

i want to use a CCTV camera linked to a DVR as the camera for my Lync app, i would also like to explore the option of using a camera attached to a codec

basically is this possible, has anyone done it before and how would i go about it ?

thanks 

Mike 


*** No String ID found for ID 10328 ***

February 14, 2015, 1:42 am
$
0
0

When using diagnostic logging all entries show this error.  

Can anyone suggest a solution?

Thanks

Search

TMG - Block Youtube - HTML5

June 16, 2014, 2:11 am
$
0
0

Dear all.

I want to block youtube with TMG 2010

I try with url name

youtube.com/* or  *.youtube.com  or youtube.com:443  or  youtube.com:443/* or  *.youtube.* 

...

I aslo add content fliter

video/mp4

video/x-flv

video/x-ms-asf

and stop Flash player

application/x-shockwave-flash

1. User cannot access www.youtube.com directly but they can access youtube.com/watch?v=xxxxx and view video without problem.

2. User can access youtube.com and view video without any problem.

Please help me slove this problem.

Thanks and best regards.


Blocking torrent traffic via tmg 2010

February 16, 2015, 11:37 pm
$
0
0

Hi Experts,

I want to disable the traffic of all torrent clients like utorrent/bitTorrent.

The suggested solution I have implemented is to enable HTTP Filtering and do a signature block, but this doesn't seems to work.

Any suggestions for blocking torrents.

Thank You.

TechSpec90


CMAK client VPN issues

February 17, 2015, 1:24 am
$
0
0

Hi,

We have been using the "standard" XP/Windows VPN client with our ISA 2006 Enterprise server for years with no real issues. I've recently decided to start rolling out a new client using Connection Manager Administration Kit (CMAK) so we can efficiently map/disconnect mapped drives. Tested with a small group of users and no problems at all. Have now rolled the client out to about 10% of our workforce and we are gettingintermittent VPN connectivity issues and I'm sure it's related to our new client. The Remote Access Service stops running and only way to start it up again is to restart our ISA 2006 server. Proxy and firewall services are still fine. 

VPN protocol on both old and new clients are PPP.

I've noticed the new client also has software compression enabled where as the old one does not. Could software compression cause this problem?

Certificate and HTTP setting for SSTP VPN with TMG 2010

February 17, 2015, 9:03 am
$
0
0

Hi,

I've followed the directions at http://www.isaserver.org/articles-tutorials/configuration-general/Configuring-TMG-Beta-3-SSTP-VPN-Connections-Part1.html for setting up an SSTP VPN connection and I everything works but I had a question about the configuration as seen from the RRAS manager. If I bring up the RRAS manager and go to the properties dialog and the Security tab, for SSL certificate binding the "Use HTTP" checkbox is checked, and no certificate is selected. 

Is this correct?  I would think that I should have the same certificate I specified for the HTTPS listener I created in TMG used here also.

Thanks in advance,

Nick

TMG Proxy not connecting internal HTTPS connection

February 18, 2015, 2:13 am
$
0
0

Dear All,

I am working government org, and there are many internal HTTP and HTTPS sites which is going/thought to proxy tmg(2010) server.internal clients are able to connect to http sites but they are not connect to https sites and all server application are come to internal intranet network

i am trying to add https access rule and some basic troubleshooting but governmant clients not able to open internal application https sites.

my question is that is that possible?

if possible how to make a rule or redirect https connection?

Thanks for advanced

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>