All the clients in the network are recieving errors:
Forefront TMG cannot handle your request because the DNS quota was exceeded
unable to RDP to TMG server which holds the public DnS.
We needed to reboot the server.
How to solve this please?
bostjanc
Is it possible that
Recommended Forefront TMG 2010 SSL and TLS Configuration
on TMG side would cause ping time outs?
bostjanc
We recieve a lot of warnings in event viewer/app on TMG server:
Forefront TMG disconnected a non-TCP connection fromDOMAIN CONTROLLER
We already added this domain controller on TMG's Flood Mitigation IP Exceptions list but that did not help.
Those warning events are still shown on Event Viewer/app on TMG side.
Any hints how to solve this problem please?
with best regards
bostjanc
We are a small business and so far we have been using Forefront TMG 2010 (in a simple LAN-DMZ-WAN 3-legged configuration) with great success.
Recently we added a Google Chromecast to the TV/Monitor in our meeting room. The Chromecast device itself works great but other devices on the same LAN cannot discover it.
It's my understanding that Chromecast uses UPNP SSDP discovery protocol which, by default, is being blocked by Forefront.
And In fact in the log we see an endless stream of the following errors:
Log type: Firewall service
Status: An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists.
Rule: None - see Result Code
Result Code: 0xc0040050 FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESTINED
Source: Internal (172.16.8.76:60164)
Destination: UPNP (239.255.255.250:1900)
Protocol: Unidentified IP Traffic (UDP:1900)
In addition to the existing "Internal" interface (address range 172.16.8.0-172.16.8.255) I created a new internal "UPNP" interface with the address range: 239.255.255.0-239.255.255.255 and a "route" relationship between the "Internal"
and "UPNP" interfaces.
I also added firewall policy rules to give full access to each other.
Unfortunately Chromecast discovery is still not working.
Any suggestion how to resolve this issue and let Forefront allow UPNP SSDP discovery?
Thanks.
---Mirco.
Hi everyone,
i am using Tmg 2010 in my network and also using Fortinet firewall.
i facing problem since last month the Tmg deny firewall to access internet. the Tmg asking authentication to allow access internet
already set user name and password to firewall(done by fortigate team support)but still facing problem.
i hope one help me to avoid this problem.
thanks in advance
i am unable to use dropbox on WORKGROUP computer in a domain network.
we using MS Forefront TMG 7.0.9.193.500 and tmg client on domain computers. so dropbox working fine on tmg client PCs, but not connecting on workgroup PCs , i tried with no proxy, auto detect and manual proxy for dropbox but didn't worked .
i also create a rule on TMG which allowed all domains, URLs of dropbox.com .. but nothing working for me.
advance thanks for precious suggestions.
Hi All,
we are running ISA 2004 proxy, cannot connect to dropbox through the proxy. we can connect to dropbox directly without using proxy. please advise what configuration shell i make to allow dropbox through our ISA
Virgo
Has anyone tried successfully installing Forefront TMG 2010 on Windows Server 2012?
I tried but failed, it complained about unable to add roles and features.
Valuable skills are not learned, learned skills aren't valuable.
i am unable to use dropbox on WORKGROUP computer in a domain network.
we using MS Forefront TMG 7.0.9.193.500 and tmg client on domain computers. so dropbox working fine on tmg client PCs, but not connecting on workgroup PCs , i tried with no proxy, auto detect and manual proxy for dropbox but didn't worked .
i also create a rule on TMG which allowed all domains, URLs of dropbox.com .. but nothing working for me.
advance thanks for precious suggestions.
Hello,
We have a problem creating custom forms on ISA 2006. The default ones work fine but if I copy the 'ISA' folder for example (under CookieAuthTemplates), name it something else, then set the new name either on the listener or the publishing rule we get the following error when accessing the pages -
Error Code: 500 Internal Server Error. The data is invalid. (13)
Has anyone seen this before?
I've seen a few people talking about disabling HTTP compression but this doesn't seem to have made any difference.
Thanks in advance,
Chris
There is Windows 2008 R2 with Tmg 2010 SP2 installed at it.
As I saw at many articles and found out from Tmg log that broadcast UDP packets even outgoing from LocaHost (server where Tmg installed) with source IP = IP server to 192.168.0.255 address is denied even outgoing, that is:
IP server -> 192.168.0.255 is denied
I think, packets from every internal nework client to 192.168.0.255 is denied also (I didn' t see such line at log) .
How is to enable broadcast for Internal that in particular NetBios broadcast packets could be allowed (accepted) as from LocalHost as to LocalHost (at least from LocalHost) ?
It would be appreciated if some registry parameter would present to enable/disable broadcast.
And what the latest Tmg version of SP supports of broadcast ?
hi,
we are using Microsoft "ISA Server 2006 .Version: 5.0.5723.514".
But how we can check it is ISA Server 2006 standard edition or a enterprise edition.
And how we can check its END OF LIFE AND END OF SUPPORT dates.
thanks and regards,
Ravi
Hi All,
I have a ISA 2006 server.I can browse all the website except microsoft sites (like: microsoft.com, support.microsoft.com etc)
the web page shows err_name_not_resolved
the details shows dns lookup failed ....
I haven't configured DNS in the ISA .
i tried to monitor the logs ... it dosen't show any rules blocking the sites .....
help help
Thakyou
I have installed TMG Server in head office, after configuring TMG, everything is working properly like emails, internet acess, except head office users are unable to connect with remote site ERP Server using VPN dial up connection.
TMG is blocking VPN traffic, users are unable to dial VPN connection to acess remote office ERP Server.
I have made rule for this issue.
Protocol = All Outbound Traffic / VPN Protocol (PPTP-L2TP)
Action = Allow
Source = Local host and Internal Host
Destination = Remote TP-Link Router Static IP (232.125.65.98)
Users = All
After activating the above rule, while dialing VPN Connectiopn from head office, users get the following errors.
Any one please give me some suitable idea to resolve the issue.
We would like to access Azure host(Public) through TMG.
1.Source Subnet is ok;
2.All outbound is enabled.
3.Azure host ip address is correct.
4.Installed TMG client application on laptop.
5.when we try to access the Azure host ip address, the error message is present.
6. Based on above information, i captured netmon trace on Laptop and found the clue. Is there anyone can let us know why this Connection refusedby TMG? Thanks.
1610:18:39 AM 9/3/20158.8922839mstsc.exeClientTMGTCPTCP:Flags=......S., SrcPort=56750, DstPort=1745, PayloadLen=0, Seq=2367321505, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192{TCP:5, IPv4:4}Have a nice day!
Rgds
Steven