Hi There,
Anyone noticed issues with Skype for Business with respect to TMG as reverse proxy.
If yes, please share relevant links.
↧
Anyone noticed issues with Skype for Business with respect to TMG as reverse proxy
↧
Outlook Anywhere issues with TMG 2010 in mixed Exchange 2013/2010/2007 environment
Hello All,
We just recently introduced Exchange 2013 into a mixed Exchange 2010/2007 environment with TMG 2010. We had no issues with TMG and any Exchange 2010/2007 protocol.
We installed Exchange 2013, created new TMG rules as per the MS Technet articles and pointed eveyrthing on the TMG server to the Exchange 2013 CAS roles via a TMG web farm.
Everything is working correctly on all Exchange 2013/2010/2007 servers *except* for Outlook Anywhere for the test mailbox that we have on the Exchage 2013 server. We cannot successfully configure a OA session the the 2013 mailbox - it keeps prompting for credentials. When we direct the Outlook client to go directly to an Exchange 2013 server via a hosts file, OA works without issue so it appears to be something related to TMG.
So we've spent a bunch of time checking settings and trying different combinations of settings on both the TMG policy for OA and the Exchange 2013 CAS roles without any luck - we cant seem to authenticate the OA client and establish a session.
Interestingly enough if an Exchange 2010 user with the correct rights tries to open the Exchange 2013 test mailbox, they will eventually be able to open it but only after a delay of a minute or two.
Any ideas?
Does anyone have a set of working TMG and Exchange 2013 settings for a mixed environment that they can share here ?
Thanks
↧
↧
Forefront TMG error refresh failed the RPC server is unavailable
Hi,
I cannot do any action or modify on Forefront TMG 2010, I got the below error
refresh failed error 0x800706ba
the RPC server is unavailable
↧
Forefront TMG Control Service terminated with service-specific error the data is invalid
HI,
all Forefront TMG is now started and when I try to start Forefront TMG control service I got this error in event viewer
Forefront TMG Control Service terminated with service-specific error the data is invalid
↧
ISA 2006 connection limit of exchange 2010
Is it both internal and external connection will go to ISA? I saw the OWA both internal and external re-directly to same URL.
We have depoly new ms apps will using exchange EWS and which lead exchange 2010 meet the connection limit when traffic go thought ISA.
It is normal traffic, can I increase the connection limit size?
Thanks.
↧
↧
TMG 2010. ISP Failover. Error Code: 408. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time.
Hello! I have install tmg 2010 on Windows Server 2008R2.
I have 2 external and 1 internal adapter, after configurated ISP Failover tmg computer and all interal computers can't access to websites published on TMG. From external all website work.
Then try to connect website i have Error Code: 408. The operation timed out. The remote server did not respond within the set time allowed. The server might be unavailable at this time.
And i don't understand why, can some one help?
↧
How to read blob data from vendorparametersets?
Hi,
I am working on some scripting with TMG and have run into some issues modifying the configuration via the COM interface.
For example - if you have a web publishing rule set up with customised selections under Traffic > Filtering > Configure HTTP, this will create an entry under the rule's vendor parameter sets. To view it you can use this script in an elevated Powershell:
$fpcroot = New-Object -ComObject fpc.root
$tmgarray = $fpcroot.GetContainingArray()
$global:PolicyRules = $tmgarray.ArrayPolicy.PolicyRules
$rule = $PolicyRules.Item("YOUR-RULE-NAME")
$rule.VendorParametersSetsYou can see the entry in question is {f1076e51-bbaf-48ba-a2d7-b0875211e80d}. If you select that entry (eg.
$rule.VendorParametersSets.Item('{f1076e51-bbaf-48ba-a2d7-b0875211e80d}')
Name AllNames
---- --------
{f1076e51-bbaf-48ba-a2d7-b0875211e80d} {XML_POLICY}), you still can't view the actual data under the {XML_POLICY} value.
Is it possible to retrieve the data in PowerShell? I can write to it easily, so it should be readable...
Thanks
↧
ISA 2004 & ISA 2006
Hi All,
In my environment we are using ISA 2004 and 2006, where microsoft had ended up giving technical support on this. Can anyone please advice what will be the replacement product for this both ISA 2004 and 2006
↧
Clients getting issue in connecting to Proxy TMG Forefront 2010
We have TMG Forefront 2010 and its has got two nodes in Microsoft Network Load Balancer.Recently we are facing issue with TMG that clients either get slowness and theneventually not getting connected to internet.After we do a restart of Nodes one by one everything seems to be ok .After restartSQL express ISARS will not start automatically we have to do it manually and also we are usingweb sense filter which is also not started automatically.
On the event viewer there are some errors with caching which we deleted the cache and still same issue.And there are some IP's ip connection exceeded error.
Kindly advice for the above issue.Earlier response/guidance will be appreciated.
Thanks & Regards
↧
↧
How to use the TMG proxy server as DNS server for accessing the external sited if internal DNS is down
I have 2 tmg server one has firewall and another one as proxy with ad servers which is the replication of the HQ through intranet
Client pc gateway IP is firewall and ad server as dns ips
now my intranet was down I want to access few sites and outlook mails through internet which was accessed earlier through intranet
can some one pls help
↧
unable to Ping External network from internal network
Scenario:
Local Host: 10.x.x.x
External: 202.x.x.x
Internal:10.x.x.x
firewall policy: protocol:pingsource:internaldestination:external
i am trying to ping external network from internal network but unable to ping. but internet is up and running on internal network. but i cant ping external network or web address e.g google.com, microsoft.com
electrifying
↧
Sliding sessions in TMG?
Hi,
Is it possible to configure sliding sessions in TMG?I found that it is possible in .Net framework with the “SlidingExpiration” property but is this configurable in TMG?
Regards,
Johan
↧
TMG 2010 Request timeout at one time
Hello everybody,
i have server TMG 2010 it's working fine but at one time gives to me request time out and i can't ping or received internet from the server, it's happen everyday , to make it work i should shutdown force because when i'm going to connect a monitor on the server and try to login it's take too much time, after login checking the network connection i see it's working fine but no internet and the internet from the router it's working very well !!!!
please can anyone advise me. how to solve this problem.
Thanks
↧
↧
0x800733f5 WSA_RWS_ERROR_ACCESS_DENIED - Rules Issue?
I have a strange situation and I'm guessing it might be an easy rules-based error on my part but it's been some time since I worked with TMG so I'm rusty!
TMG 2010 - all patched up.
I've got a client on the internal network (192.168.1.107) trying to reach 92.233.114.10 on TCP Port 6903 and this traffic is being blocked by the default rule. The error given seems to be 0x800733f5 WSA_RWS_ERROR_ACCESS_DENIED
I have a rule created from the Internal network allowing traffic to a netrange of 92.233.0.0 => 92.233.127.255
I have a custom protocol consisting of 6900 => 6910 TCP Outbound
So I don't get why the firewall is denying that traffic. The rule is located well above the last default rule.
The destination IP address is allowed as it falls within the defined range, the desired ports are allowed as I made a custom protocol to allow the traffic through. Yet, the firewall seems to be blocking the traffic.
I must be missing something very simple but what is it?
Q: Marking a question as answered when it's not - is this something new? A: Not at all, it's standard Nick Gu!
↧
Question about WPAD file
Hi,
I have an TMG 2010 with only one net cable, we want to use it only as a web proxy, not as a firewall. I want to use a WPAD, this WPAD seems to be working right when I set up on a computer manually, and proxy detects the traffic. But I need to create on TMG a rule (the first one) to allow the access to WPAD file (placed in the same server).
The problem is that if I setup the Wpad file URL on IE, in proxy logs, appears all logs allowed by this rule but with no information about the acceses (only the server IP).
If I setup the IE without WPAD, it works right, but I wish to configure it thru WPAD file.
Someone can help me?
Regards,
↧
The Forefront Threat Management Gateway Firewall service (Wspsrv.exe) consuming high memory resources
We have Forefront TMG 2010 with SP2 installed in our network. Suddenly, wspsrv.exe started consuming all memory and we have to stop and restart firewall service to clear it out and sure enough the ram will max out, rendering the server dead. I have no idea why the proxy is chewing up so much ram. No changes have been made to it prior to.
Appreciate if anyone helps me to sort it out.
Best Regards,
Anwar Shah
↧
TMG ISP Redundancy but DNS Confusion?
Hi,
I have configured ISP redundancy (for Failover only) with two ISPs.I'm confused about DNS resolution, here are my configurations:
TMG's Internal interface is set to internal primary and secondary DNS(AD) servers and both ISPs External interfaces are without DNS entered, empty! Metric 1 is on primary ISP interface and Metric 2 is on secondary ISP interface.
I have set OpenDNS servers (208.67.222.222 & 208.67.220.220) as forwarders on Internal DNS servers for public name resolution. And these DNS/AD servers are also behind this TMG (as secureNAT client). I am not using any of ISPs DNS because
using opendns for web filtering also.
Now my question is, do I also need to add static persistent route for DNS ips on TMG server when TMG's only internal interface is configured to use internal DNS?. Am i missing something? Please guide.
Thanks
Here is route print:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 222.252.189.129 222.252.189.133 257 (Primary ISP)
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4
258 (Secondary ISP)
.
.
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 222.252.189.129 Default (Primary ISP)
0.0.0.0 0.0.0.0 192.168.1.1 Default (Secondary ISP)
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
↧
↧
DNS resolving bypass
Hi
Please verify my thoughts.
One of my customers wants TMG to bypass DNS resolving, but only for external hostnames. Internal ones should be resolved as usual in internal DNS server. Requests for external websites should be send directly to upstream proxy without resolving in internal DNS.
Can it be done by setting SkipNameResolutionForAccessAndRoutingRules property as described in https://msdn.microsoft.com/en-us/library/ms826264.aspx ?
As far i I understand SkipNameResolutionForAccessAndRoutingRules will skip resolution for all requests, even if it is internal hostname.
↧
Error: Daily Summary last success date does not exist for server
Alert: Forefront TMG Server: Reporting Daily Summaries Monitor reports an error
Description: Error: Daily Summary last success date does not exist for server: servername
Source: Reporting - servername
Server: servername.domain.local
Alert raised time: 2015-12-17T03:30:01
MP: Microsoft.Forefront.TMG
Monitor: True
We are running Forefront Threat Management Gateway 2010 and monitoring it with System Center Operations Manager. All of the reporting appears to be working correctly, but I am showing an error in SCOM that states:Error: Daily Summary last success
date does not exist for server. Can someone help me? Its reporting 1 Forefront TMG Server only. No erros for other Forefront TMG Servers.
↧
TMG Cannot Remotely Access from AD Domain Server and AD Users
Hello Everyone,
After allow Remote Desktop Protocol, Server is easily access from non domain client but not access from AD domain and AD users please help to fix it
↧