Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG2010 not show me the rules

July 15, 2015, 7:27 am
$
0
0
Good afternoon.

I just be a problem with the TMG 2010. This morning when I open the console TMG 2010 does not show me the rules, restart the service, and nothing restart the TMG and the same.

run, everything works perfect, the other views is OK, records, digital desk, networks, systems, all, the only thing that does not show me the rules are and when I want to export the rules given me the task is not active.



if anyone knows anything, I appreciate the help

Fernando S. Vidal Nieva

Search

Enable RDP

July 16, 2015, 9:05 pm
$
0
0

Proxy server has 3 Nics, segmented for Front END, Back end and management traffic

Requirement is to enable RDP to proxy server via back end NIC. Need to allow RDP for any hosts from a specific range

Tasks performed.

1. Created a network set and added the IP range

2. Create a firewall policy and added from "the newly created range" to "local host" selected RDP protocols.

I had one issue while configuring the network set, the option to add adapter and add range I have selected my back end adapter and some routes were populated automatically in the add range. So there was a conflict and had to remove the range which was populated by the network adapter and proceeded with the add range option.

After configuration, RDP is inaccessible, as per the logs the RDP is getting denied due to IP spoofing error.

Can any one help me on this


assign valid ip

July 20, 2015, 4:20 am
$
0
0

hi

any body knows how can i assign valid ip to the vpn server? i mean when anyone try to connect to vpn server use that ip

i have tmg 2010 and i config VPN Clients Tasks & General VPN Configurationjust like this

http://www.isaserver.org/articles-tutorials/configuration-general/Checking-Out-TMG-2010-Virtual-Private-Network-Server-Part1.html

TMG authorization error to RD Gateway

July 13, 2012, 4:31 am
$
0
0

Hello, 

I am trying to connect to published server, via RD Gateway and always get stucked in logon loop: Logon attempt failed.

In TMG log is this: 

Denied Connection
<id id="L_LogPane_LogType">Log type:</id><id id="L_LogPane_WebProxyForward">Web Proxy (Reverse)</id>
<id id="L_LogPane_Status">Status: </id>12309 The server requires authorization to fulfill the request. Access to the Web server is denied. Contact the server administrator.
<id id="L_LogPane_Rule">Rule:</id>RDP gateway
<id id="L_LogPane_Source">Source:</id>XXX.XXX.XXX.XX:29742
<id id="L_LogPane_Destination">Destination:</id>XXX.XX.XXX.XXX:443
<id id="L_LogPane_Request">Request:</id>RPC_IN_DATA http://something.something.cz/rpc/rpcproxy.dll?localhost:3388
<id id="L_LogPane_FilterInfo">Filter information:</id>Req ID: 11a8e415; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
<id id="L_LogPane_Protocol">Protocol:</id>https
<id id="L_LogPane_User">User:</id>anonymous

TMG version: 7.0.9193.540. runs on Server 2008 R2.

RDGateway publishing rule is using same listener as Exchange (OWA, sync, Outlook RPC etc). On exchange all is working fine, certificate is wildcard one: *.domain. 

test of Publish Rule for RD Gateway has this result:

Time reported by the Microsoft Forefront TMG Firewall Service: 0.004 seconds
Testing https://something.something.cz:443/RPC/
Category: General warning
Error details: The internal path of the URL was identified as part of a SharePoint or Exchange server publishing rule.
Action: Use the SharePoint Publishing Rule Wizard or the Exchange Publishing Rule Wizard.

Internally RD Gateway is working without any problems.

What am I doing wrong? 

Thanks

The undefiable Default Rule

July 24, 2015, 5:02 am
$
0
0

Hello All,

I've got a WSUS server deployed on my internal network (223.0.0.x) I'd like my TMG2010 (used as backend firewall) to get updates for it (and for all machine in my DMZ). WSUS server IP 223.0.0.240. TMG backend 223.0.0.60. When I try wuauclt /detectnow I get

Denied Connection

BACKEND 7/24/2015 1:55:05 PMLog type: Firewall serviceStatus: The policy rules do not allow the user request. Rule: Default rule Source: Local Host (223.0.0.60:10090)Destination: Internal (223.0.0.240:8530) Protocol: Unidentified IP Traffic (TCP:8530)

even though I've created a rule for HTTP all ports (both direction).

Can you please help on the above?

Cheers beppe



Additional information
<dir>
<dir>

Number of bytes sent:

0 Number of bytes received: 0


Processing time:

0ms Original Client IP: 223.0.0.60

</dir>
</dir> 


giuseppe

TMG Can't Let me connect to the Telegram suddenly.

July 26, 2015, 11:53 am
$
0
0

Hello.

I use a TMG Server and this problem occur on clients. My TMG server run Telegram without any problem.In TMG I use some rules and the PCs that want to use Telegram are NAT (Use a TMG rule that let them connect to internet directly).
This problem suddenly happened :(.

I use Wireshark on my Client and it show me below Picture :

https://ask.wireshark.org/upfiles/wireshark_1S1dX3c.png

Thank you.

ISA 2010 to Windows Server 2012 R2 Site to Site

July 27, 2015, 4:07 am
$
0
0

I want to create a Site to Site connectivity between ISA Server 2010 and Windows Server 2012 R2. Can anyone please guide me with the steps involved or any link which could help me in this.

Thanks

Parth

Installing TMG using GPO

July 27, 2015, 12:27 pm
$
0
0

Hello,

I am using a GPO to install the TMG client software on my windows boxes and that works great, but I haven't been able to figure out how to pass the .msi the value of server name. When I configure the client manually and try to use autodetect, it never finds the server. What server name is it looking for? The message in the data field displays: MS Forefront TMG not found. Is that the name its actually looking for or just TMG. I thought about adding a DNS alias but it won't accept a multi-word name. I've looked at using a .mst file to pass parameters but I've never done that before so I'm not sure what the best way ahead is. Any help would be greatly appreciated.

Regards,

Ernie

Search

Error Code: 502 Proxy Error. TMG denied the specified URL (12202)

July 30, 2015, 9:16 pm
$
0
0

I have made a rule to allow local URL in Forefront TMG Server 2010. But everyday when I access it on client's PC I get the following error

"Error Code: 502 Proxy Error. TMG denied the specified URL (12202)".

The issue gets resolved after restarting client's PC. Need help to find a permanent solution?

Thank you.

TMG site to site VPN connecting as client

July 31, 2015, 8:06 am
$
0
0

Hello, I have a windows 2008 R2 and TMG 2010 (SP2 rollup 5) and created a PPTP site to site vpn.

The problem is that from my site the vpn seems connected, but to the other site it appears connected as client.

As result the two sites are not able to communicate, can someone help me to solve this problem?

Thanks,

Danilo

ActiveX controls or Java applets

July 31, 2015, 9:22 am
$
0
0
Please assist, I get the following message on Edge "Your browser does not support either ActiveX controls or Java applets".

TMG array / EMS issues

August 1, 2015, 1:09 am
$
0
0

Hi,

I am  testing TMG arrays for redundancy/failover. i am stuck with no internet to users after successful array and EMS configurations. Topology is:

DC+DNS+CA:192.168.0.1

EMS:192.168.0.2domain joined single network adapter(array configured: name - testarray)

TMG1:192.168.0.3domain joined 2 network adapters (testarray joined)

TMG2:192.168.0.4 domain joined2 network adapters(testarray joined)

When at client side, i use default gateway --> 192.168.0.3 or 192.168.0.4, internet is OK. but when i use default gateway --> 192.168.0.2, no internet access, array is configured, both TMGs are member of this array. policies are added. please suggest where i am making mistake.

Enterprise policy --> allow DNS,allow ping, allow http/https

when i change policy in EMS, it is replicating to both TMGs. what configurations to done on client side ?

default gateway to 0.2 or something else? manual proxy or automatic proxy ? please suggest

Thanks

Can I write a rule that TMG get internet from other PC?

August 4, 2015, 5:59 am
$
0
0

Hello.

My TMG server has 2 NICs, One for internal network(Internal NIC) and another one for Internet(External NIC). Can I write a rule that TMG get internet from other system in network and not from External NIC?

Thank you. 

iPhones stop authenticating with TLS 1.1/1.2 enabled

October 15, 2014, 2:13 pm
$
0
0

We have a publishing rule on our TMG's for managing mobile devices. We have a mixture of iPhone's and Android phones that are connecting to Airwatch.

We recently enabled TLS 1.1 and 1.2 on our TMG servers. After we enabled these new protocols, all of our iPhones could no longer connect to our Airwatch server. Our Android phones continued working. 

After some troubleshooting through the TMG, we see that with TLS 1.1/1.2 enabled, the iPhones no longer authenticate. The 'client username' shows anonymous. When we disable TLS 1.1/1.2, it authenticates with its AD credentials.

I have pasted the log entry showing an iPhone that could not connected. I sanitized the IP's, TMG name and Rule name.

Has anyone else seen anything similar?

Our TMG's are 2010, Service Pack 2 Rollup 3

The OS is Win2008 R2, sp1 Datacenter

Client Agent,Authenticated Client,Service,Referring Server,Destination Host Name,Transport,HTTP Method,Filter Information,MIME Type,Object Source,Cache Information,Error Information,Source Port,Session Type,Bidirectional,Network Interface,Raw IP Header,Raw Payload,Processing Time,Bytes Sent,Bytes Received,Original Client IP,GMT Log Time,Authentication Server,UAG Array Id,UAG Version,UAG Module Id,UAG Id,UAG Severity,UAG Type,UAG Event Name,UAG Session Id,UAG Trunk Name,UAG Service Name,UAG Error Code,Internal Service Info Log Field,Client Application SHA1 Hash,Client Application Trust State,Client Application Internal Name,Client Application Product Name,Client Application Product Version,Client Application File Version,Client Application Original File Name,Client FQDN,URL Categorization Reason,Forefront TMG Client Version,URL Destination Host Name,Log Time,Client IP,Destination IP,Destination Port,Protocol,Action,Overridden Rule,Server Name,NIS Scan Result,NIS Signature,NIS Application Protocol,Rule,Result Code,HTTP Status Code,Client Username,Source Network,Destination Network,URL,URL Category,Log Record Type,Malware Inspection Action,Malware Inspection Result,Threat Name,Threat Level,Content Delivery Method,Malware Inspection Duration (msec),NAT Address,Client Application Path
Apple-iPhone6C1/1201.405,Yes,Reverse Proxy,,,TCP,POST,Req ID: 0c7096ea ,,,0x0,0x203,23391,Web Proxy,,-,-,-,0,0,375,-,10/15/2014 19:27,,,0,,0,,,,,,,0,0,-,,-,-,-,-,-,-,,-,,10/15/2014 15:27,11.22.33.44,55.66.77.88,443,,Failed Connection Attempt,,TMG-server1,Inspected,,,RuleforAirwatch,,0x80090326 ,anonymous,,,,-,Web Proxy Filter,,,,,,0,-,-



Problem wiht transfer port 3391 on 3389 RDP

August 5, 2015, 4:55 am
$
0
0

i have test server(RDP) and i want transfer him on non standart port 3391 on TMG 2010

  1. In registry RDP-tcp i changed portnumber 3389 on 3391 
  2. In TMG i  access new rule non web publishing rule 
  3. then i try join RDS(static adress *****:3391) on computer(not in local this server)he did not work=(
  4. Where is problem? i need tips and sorry for my english :)
Search

TMG 2010 and GMail POP IMAP

May 10, 2011, 3:41 am
$
0
0

appriciate if someone can help me with this

I am migrating to TMG 2010 and i have done all the needed configurations

TMG 2010 SP1 running on Server 2008 R2 enterprise

my TMG is running on two NICs

one connected to my Domain and the other NIC is connected to my ADSL line

everything is working perfectly exchange DNS DHCP Browsing and web filtering

except when i try to add any account to my outlook 2007 or 2010 such as Gmail, Hotmail etc

i cannot send recieve emails
i can access them through web interface; but not on IMAP POP3

Outlook cannot sync subscribed folders error message shows (0x800CCC0E)

if i remove the proxy from my browser Gmail, hotmail works!!
TMG is blocking IMAP and POP

i added a firewall policy to allow IMAP4 Server, IMAP4, IMAPS Server, IMAPS, POP3 Server, POP3 POP3S Server, POP3S, SMTP Server, SMTP, SMTPS, SMTPS Server

from internal to external
for all users and all authenticated users

it still dont work!!!

any idea 
thanks  

Unable to Access Whatsapp through TMG Server

August 7, 2015, 2:18 am
$
0
0

Dear Team,

We have Microsoft TMG 2010 in our environment.

We are not able to access whatsapp application  on Cellphone using WiFi  for end users.

- We have created additional rule on TMG enabling all Inbound and Outbound  protocols.

- All other sites/urls (Facebook,Skype) are accessible

- We have opened all ports from Firewall side and there is no any blocking from firewall.

- But still we are not able to access whatsapp

Kindly help in configuring/allowing Whatsapp through TMG server.


TMG License Error and connection Limit.

August 8, 2015, 12:48 am
$
0
0

Hello.

I bought a license for bandwidth splitter but I guess my TMG license Expired and I have some problem in connection. For example, PC connections are limited to time and etc....

Can it because the TMG license? 

Any idea?

Microsoft Edge Error Alert

August 8, 2015, 9:18 pm
$
0
0

So I got on Microsoft Edge and went to Youtube, or tried to anyways. The page turned red and an alert popped up. Here's what it said:

This site says.....

The website you were attempting to access is infected with malware.

Unknown users are attempting to install harmful and programs which will allow them to steal and delete information. This is including, but not limited to photographs, user passwords, instant messages, and credit card numbers.

We strongly advise that you dial the number for customer care at (855) 982-1492 this very moment for technical support.

I don't how to get rid of it. Every time I open up Edge, it's there. I can't use the browser at all. I have done a full scan twice with Windows Defender and McAfee. I have restarted the computer twice. How do I fix this, because up until this happened, Edge was my new favorite browser and I'd like to continue to use it.

TMG recuring reports are not sending emails anymore

August 8, 2015, 11:30 pm
$
0
0


Hi

TMG recurring reports are not sending emails anymore. if I test sending test email from the rport job, the email is successfully received. it was working earlier. how this can be solved

Mashhour Faraj

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>