Quantcast
Viewing all 3822 articles
Browse latest View live

Some TMG protocols not worked properly.

Hello.

I written a TMG rule that can let cell phone use specific protocols :

Image may be NSFW.
Clik here to view.

Cell phones can't Open Web pages and use Instagram but when they use VPN Everything is OK.

What is your idea?


TMG 2010 2 node array, and DNS Round Robin

Hi,

We have a 2 server TMG 2010 Array SP2 Rollup5. At the moment we have windows integrated NLB enabled. We are about to disable NLB and implement DNS Round Robin. The DNS servers will have a Host A Record with the FQDN for name of the Array for each array node IP address. I know that with Round Robin enabled (by default) the DNS server will rotate the IP addresses that it provides to clients attempting to resolve the array name, to spread the load evenly across the array servers. The question I have is - is there anything that specifically needs to be done on the TMG servers to compliment the DNS Round Robin process.

many thanks in advance

 

Licensing in test environment for TMG?

Hi,

We have a customer using Exchange and TMG 2010 in the production environment, and they have purchased the extended support license option for this installation. They also have an Exchange installation for testing and development, but no TMG server since the services weren't published externally.

They are now looking at configuring the test environment so it can be used as pilot/test for mobile device management. If possible, how do we go about licensing a TMG server in this test environment if we need to publish services to the internet?

TMG 2010 - Remove encondig

Hi

I have a URL http://docs.sdl.com/LiveContent/content/en-US/API%20references%20for%20SDL%20Xopus-v311/GUID-4F2C6B13-8DAA-48A8-9C88-35594917DDBC

that the TMG shows me only the code HTML and not the web as it is correct.

The URL is excluded from malware scanner, http compression disabled.

TMG 2010 v.7.0.9193.644

What can I watch?

Regards!!!

The certificate chain was issued by an authority that is not trusted

Hello

We have sccm r2 environment, i tried to create custom report but report builder require to enter data source credentials to continue but an error message popup " unable to connect to data source- The certificate chain was issued by an authority that is not trusted ".

I checked test connection and its working fine. I have created many reports before but i changed administrator password after that.

Regards,


License TMG Standart 2010

Hello 

If I change the server the TMG, I can migrate license.

Thank you


Hugo Monge


TMG with multiple IP addresses yet another problem

Hello,

I use TMG 2010 on Windows 2008 R2 Standard.

On TMG I have three NIC:

  • NIC1 - intranet 192.168.1.19
  • NIC2 - ISP1 (178.xxx.xxx.66)
  • NIC3 - ISP2 (91.xxx.xxx.2, 91.xxx.xxx.3) - yes, multiple IP on the same subnet

TMG running in ISP redundancy mode (load balancing).

A problem: I can't ping the secondary NIC3 IP (91.xxx.xxx.3) from outside. I can ping 178.xxx.xxx.66, i can ping 91.xxx.xxx.2 without any problem, but I can not ping the 91.xxx.xxx.3...

Okay. I start some experiments. I connect another computer with 91.xxx.xxx.5 in the ISP2 provider switch and can ping from 91.xxx.xxx.5 to 91.xxx.xxx.3 and vice versa without any troubles.

Next step. I install Network Monitor on TMG and can see the interesting thing: the reply packet from 91.xxx.xxx.3 is sending throw the NIC2 interface.

I check the Weak Host Send on all interfaces - it is turned off. I decrease NIC2 metric - the result is the same...

Can anybody give me some ideas how to fix this?..



TMG DOES NOT BLOCK YOUTUBE.

Hi,

I have install TMG version 7.0.8108.200 and configure it for https inspections, i can block facebook, when i have try to block youtube using domain set or url set , categories or categories set i have not succeed.

Also i have try to block the video on it and the flash using the content type but same.

Any way to block the youtube or at least the video steaming on it.

thanks in advance.


Slowness & Timeout Errors for Microsoft Related Sites

Hi Experts,

We have recently migrated to office365 therefore our client needs to access https://login.microsoftonline.com portal and it’s all application like SharePoint we feel that something is wrong when accessing this portal or Microsoft TechNet site time out errors, slowness and browser hanging issues so we check internet speed all fine all other sites like daily motion, Facebook all are working fine.

We also checked logging (From TMG) that anything blocking but nothing is blocking.

Our Setup (Scenario)

Client Configuration:

IP : 10.1.x.x

Mask : 255.255.0.0.

Gateway : 10.1.0.1 (Router IP)

DNS 1 : 10.1.0.50 (Domain Controller)

DNS 2 : 10.11.0.24 (Domain Controller)

  • TMG Setting at Internet Browser through group policy
  • 10.1.0.45 (TMG Server)
  • Client has firewall client to access WinSock Based Applications

DNS Configuration:

Active Directory Integrated DNS Server

Forwarding set :

8.8.8.8 (Google Public DNS)

10.11.0.24 (Domain Controller)

TMG Server Configuration:

Edge Firewall

Internal network

IP : 10.1.x.x

Mask : 255.255.0.0.

Gateway : 10.1.0.1 (Router IP)

DNS 1 : 10.1.0.50 (Domain Controller)

DNS 2 : 10.11.0.24 (Domain Controller)

External network

IP : 10.6.0.3

Mask : 255.255.0.0.

Gateway : 10.6.0.1 (Router IP)

DNS 1 : 10.1.6.0.1 (Router IP)

Publish SharePoint Using TMG Firewall

Hi Members,

We have Office365 and SharePoint Site Can I Publish My this SharePoint Site on TMG Server as Publishing Exchange and Sites.

Would like to reinstall TMG, but unable to ADD NPS role

Unable to add the interface with the Router Manager for the IPV6 protocol.

TMG installed.

we see errors under SYSTEM event viewer: "Unable to add the interface with the Router Manager for the IPV6 protocol"

TCP/IP->IPV6 checkbox under LAN and WAN is unticked.

RRAS settings for IPV6 are on printscreen

Image may be NSFW.
Clik here to view.

Any hints how to avoid that error?

With best regards


bostjanc

Configuring TMG for Office 365 Exchange 2013 Hybrid deployments rule test fails.


I am running Server 2012 R2 with Exchange 2013 SP1 CU9. I am using the Exchange Server Deployment Assistant and I am at Configure Hybrid Deployment Prerequisites > Configure Exchange Web Services. I have configured my services and set the virtual directories to use "mail.mydomain.com"

I am using article configure my TMG server. I have performed all the steps to the letter setting up for my environment.

I am now setting the properties and adding the paths. to this point every time I test the new rule it PASSES. I added autodiscover.mydomain.com and verify mail.mydomain.com are listed under Public Name tab and test the rule and it PASSES.

Then I select the paths tab and add the paths listed below and remove the default “/*” path, and then apply those changes
◦/ews/mrsproxy.svc
◦/ews/exchange.asmx/wssecurity 
◦/autodiscover/autodiscover.svc/wssecurity
◦ /autodiscover/autodiscover.svc

When I test the rule it FAILS

I have verified in Powershell that the directories are correct. Any help on troubleshooting this issue would be appreciated.

I cannot run the Hybrid Wizard until I can perform the connectivity test and I cannot perform the connectivity test until the rule is in place.

Please assist if you can

Thank you

Steve


UDP Idle timeout

Hey guys,

We have a VOIP system added to our network.

We can call just perfectly but sometimes we seem not to be reached.

We contacted our VOIP provider and they said we need to check the UDP Idle Timeout.

We have some network engineers working on the router, but i would like to double check the TMG to be sure.

Can we manage the UDP Idle timeout timers in TMG 2010?


With kind regards, René de Meijer. MIEGroup.

Problems to display custom message "blocked content" in https pages

Hi guys,

I hope you could help me. When i open a blocked by rule http page, TMG show me the message "blocked content" but when i try to open a blocked by rule https page, TMG show me the message "page cannot be display" instead of the "blocked content" message.

I want to know why the TMG do that or where is my error. Sorry for my poor english :(


Status 12030 The connection with the server was terminated abnormally.

I have a weird issue. I'm trying to move over an IIS 6.0 website to IIS 8.5.

We want to use TMG to allow external for security.

Before the official move, I created a new DNS for testing.

Original DNS: original.test.com - this points to IIS 6.0 server
New DNS: new.test.com - this points to the IIS 8.5 server

On TMG I created a rule to allow connections to new.test.com using a wildcard SSL certificate for the test. When I test the rule it passes. I can access the website internally and externally, but further testing of the website from the homepage cannot be done because the links are hardcoded to the original DNS. I didn't think that mattered since the rule passed.

I went ahead and began pointing original.test.com to the new IIS 8.5 server. I modify both external and internal DNS entries. I modify the TMG rule from new.test.com to original.test.com. I run the rule, it fails.

Internally, I can access the website perfectly fine.
Externally, I can get to the website's homepage, but going further, I get a Status 12030 The connection with the server was terminated abnormally.

TMG 2010 has SP2.

Anyone have any ideas what I should look at? I'm confused.


TMG 2010 SP2 and Error Install RU5

Hi

I have TMG 2010 SP2 on Windows Server 2008 R2, I downloaded RU5 and Try to install but when is installing the setup freeze on status "Creating the services Configuration..."I letit run for 5 hoursbut does not changethe state.

Before install RU I installed all critical updates for Operating System and Disable AV (Symantec)Image may be NSFW.
Clik here to view.

Any ideato solvethis problem?

Thanks.

TMG 2010 DNS_PROBE_FINISHED_BAD_CONFIG

Hi, I have:

TMG 2010
2 ISP
1 Domain
PCs + Servers

I have my 2 ISP connected to my TMG 2010 Server. The TMG is part of my DOMAIN and the others PC and Servers are part of it too, so they connect to internet through my TMG.

The problem is that SOMETIMES not always when I'm trying to connect to any website (not one in particular) it give me the next error "DNS_PROBE_FINISHED_BAD_CONFIG" it happens in every browser and every pc and just sometimes, not always.

Can someone help me? How can I fix it or search for a solution?

Thank you and sry for my english or inexperience in the field.

TMG on 2008R2 - not showing PPP adapter RAS Server affecting VPN

Hi All,

I have interesting issues with an ISA 2006 SP1 to TMG2010 SP2 RU5 migration installed on 2008R2 Standard Edition. It is part of a migration /upgrade project. The TMG server is prepped and installed with the TMG software and imported the ISA configuration followed by repairing the Cert and Networking issues as the new server has a new FQDN and new set of DMZ and Production IP addresses. Initial testing has gone well and can confirm that all the web listeners are working and routing to the correct destinations. I have stumbled across an issue that I am trying to resolve with VPN. VPN is configured on the TMG and understand the RRAS is controlled by the TMG software. I have a Static IPV4 Address pool assigned and from the looks of things it all looks okay except that the Internal interface on the RRAS setting do not get an IP address assigned and remains IP Address = "Not Available" , Operational Status = "Non-Operational" , Administrative Status = "Unknown". I have also noticed that when I do a IPCONFIG /All , I don't see an "PPP adapter RAS Server" at all. I have removed the RRAS Role , with NPS and ran through the TMG Prep that reinstalls the Server Roles and Features , followed by a repair of the TMG software , however it does not cure the problem. I have been doing a lot of research and forums suggest the checking the ports GRE and the other ports. Note that L2TP and PPTP is enabled as default on ISA and these settings were migrated to the TMG. the Experience from a user using WIN7 with the standard WIN VPN comes back with an error 789 and expected as the current TMG VPN does not look like it is fully operational.

Any steer or guidance on this topic will greatly be appreciated.

Thanks

Deon


Deon MS Forum



Connectivity issues through TMG 2010 inbound RDP, outbound https

Sorry this is long, but trying to get as much info into the initial post.

Basic configuration: Windows 2008 R2 server running TMG 2010 acting as passthrough (not NAT) router and firewall for an internally hosted application. External network of TMG is on our intranet; perimeter network hosts a W2K8R2 server running Terminal Services; internal network has DCs and certificate server for the environment. A few other servers for database, FTP and file services.

Users connect via secure RDP from outside the environment though TMG to Remote Desktop server. Once on that server they do various tasks, including download of data from secure FTP sites (over https) on our intranet.

Three main issues, which we believe are related and caused by TMG, but not able to find a root cause. These started approximately 1 month ago, but cannot see a connection with any changes in the environment or patches in May:

1. intermittent issues establishing RDP connection from clients on our intranet to the Remote Desktop server. Can fail when initially try to connect (generic "This computer can't connection with the remote computer" message). Sometimes they can get to enter their credentials, but then next stage when certificate for the secure connection is being checked they get same message and can't connect. In both instances within TMG log we see a Failed Connection with "The Object is shutting down" as the error message. Searching for help on this error message just comes back with lists of all the error messages on TMG and nothing useful to indicate what is actually shutting down. If they do make the connection it is stable - no reported dropouts or reconnections.

We have verified that making an RDP connection from the TMG to Remote Desktop server works each time, every time (and that a connection from outside the environment immediately after fails). Users working with the database and other internal FTP/file servers do not report any issues accessing these - all the issues seem to be with connection in to and out of the environment.

2. intermittent issues accessing externally hosted secure FTP sites from the Remote Desktop server to download data. These sites are accessible with no issues from outside the environment. Users have to authenticate with a smart card, select an option for the service they want and then either get to the FTP portal or get a "Service Unavailable" message (even though the service is definitely working). No Failure messages on the TMG. Again, once they do manage to get connected (which can take up to an hour after numerous attempts), connection is stable but can be slow.

3. intermittent issues accessing MS Exchange on our intranet from Outlook client running on the Remote Desktop server. Failed Connection message on the TMG for this https connection is "A socket operation was attempted to an unreachable network".

All the servers are VMs running on a single VMware ESXi 5.5 host. VMs have VMXNet3 NICs, so communicate at 10G between themselves. Physical NICs on host are 1G. There are many other VMs on the same host but no reported issues with any of these. The TMG and Remote Desktop VMs have sufficient CPU/memory, etc. with reservations set. The host has sufficient host and CPU.

We have run Wireshark from the client and Network Monitor on the TMG. In both we can see when making RDP connection you get Syn from client, Ack/Syn from RD, Ack from client, X224 request from client and then an Ack/Reset apparently from RD, but we are not seeing anything on the RD server indicating anything reaching it for the connection.

Can anyone make any suggestion on where to look next?

TIA



Viewing all 3822 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>