TMG 2010 on windows 2008 R2 low disk space into active partion C: drive
After running tool I found 98.3% of space is occupied by Log files located under C:\Program files\Microsoft Forefront Threat Management Gateway\Logs
The log files named as ISALOG_72D6EDF5_xxxxxx.llq (where xxxx are numbers)
How safe it is delete or remove these log files?
Muhammad Mehdi
Hello colleagues
I have site https://site.domain.ru:9510/pmpsvc
In site work: http://imgur.com/2cQ6vlF
I publish this site through TMG 2010, but I have error:
500 Internal Server Error. The certificate chain was issued by an authority that is not trusted (-2146893019).
On TMG server via MMC I imported certificate to: http://imgur.com/eYqjrQg and reboot TMG server, but problem is not solved.
Maybe someone solved this problem?
Thanks.
I have would like to add ssl port 7201 on TMG which is causing the error below.
Error Code: 502 Proxy Error. The specified Secure Sockets Layer (SSL) port is not allowed. ISA server is not configured to allow SSL requests from this port. Most Web browsers use port 443 for SSL requests. (12204)
i have tried this script but its giving and error, do i need to key in the ports on the script givenhere ?
Someone can assist with a working script.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''Meshax
Hi All,
I'm new to ISA and corrently just setup a TMG 2010 server as edge firewall (two network card mode.)
As the special situation here, i need to set the server as a transparent agent so everyone does not need to setup web proxy for internet access.
Issue 1: I ran the TMG server status report, and looks fine. when I copy and paste the report folder(html) to my computer or any other computer, the report content messed up as the picture shows:
issue 2: If I want the AD user name & site domain name shows to replace current IP in report, but no web proxy setup for users, what should I do?
Thank you.
Jack,
Image may be NSFW.
Clik here to view.
We have a TMG server with 2 NIC (internal & External). VPN deployment exists.
I need to add a second adddress to External NIC to publish an internal web site....(so I need a listener)
How should I add this new IP ?
Has anyone tried successfully installing Forefront TMG 2010 on Windows Server 2012?
I tried but failed, it complained about unable to add roles and features.
Valuable skills are not learned, learned skills aren't valuable.
Hi Everyone,
I have configured HTTP compression (GZIP) and can see the Accept-Encoding header. However the response out is now sending a 'Transfer-Encoding: chunked' header instead of a Content-Length header but from the tcpdump output I can see that it is the gzipped resource
that is served by Jetty, so this is good:
Vary: Accept-Encoding^M
Content-Encoding: gzip^M
Content-Type: application/javascript^M
Accept-Ranges: bytes^M
Cache-Control: no-cache,must-revalidate^M
Last-Modified: Fri, 12 Oct 2018 01:57:57 GMT^M
Content-Length: 272145^M
Is there anyway to get Forefront to return the Content-Length header rather than the Transfer-Encoding: chunked header - the response from Jetty contains this as the content size is known.
Thanks in advance.
DoJu
TMG 2010 SP2
Publishing an IIS 7.5 web server to the Internet. It is on a TMG perimeter network, and is a web proxy client. While TMG is a domain member, the web server is not. The site is set up to accept HTTPS (for WEBDAV publishing) and HTTP for normal browsing.
I can browse by HTTP or HTTPS from the web server itself. But from the Internet, I can only browse with HTTPS. If I use HTTP, I get this error page:
403 Forbidden. The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator. (12311)
Web searches tell me this is related to requiring authentication where I shouldn't, but I can't find any place where I'm requiring auth in TMG.
FWIW, Test Rule is happy.
Here are all the Publishing Rule settings that seem remotely relevant to requiring auth or SSL:
Web listener
Authentication Delegation
Bridging
[x] Web Server
Users
Here is the TMG log entry:
Failed Connection Attempt
Log type: Web Proxy (Reverse)
Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.
Rule: Publish Tenant Web Server
Source: External (10.200.10.1:54943)
Destination: Local Host (10.200.10.2:80)
Request: GET http://tenantwebfarm001.byoctechnologies.com/
Filter information: Req ID: 026ad3b4; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
(No source information is available.)
0x0
1 MIME type:
Processing time:
Cache info:
Object source:
Client agent:
</dir>I have 20 clients that need to very limited access to the Web via MS TMG. We recently went live with a product hosted by another organization (shared services agreement & we are dependent on it). Application will not work if we have proxy
configured in our LAN settings on these clients (vendor has confirmed their app will not work with a proxy). But with no proxy defined, our internet resources are completely unavailable.
Long story short, how can I configure these clients to access the web resources without specifying a proxy. I've attempted to configure a PAC file for the couple of sites they need but didn't have much luck w/that (also not sure if that's best practice).
Not really sure if WPAD is a solution. Thanks in advance.
Asking this here as I figured TMG people may have the knowledge as well...
Trying to replace TMG with ARR and use Kerberos Constrained Delegation.
TMG is working properly to a backend server (app-01 for example). TMG is using the SPN of app-01.domain.com and trusted for delegation in AD to http/app-01 and http/app-01.domain.com
Now, I am trying to set up ARR to do the same thing. ARR is trusted for delegation with the same settings as above. However, it is not working. I am not sure how to set the SPN for the ARR server like I did in the TMG UI.
Any thoughts?
Mark
Hi Guys,
I want to allow VPN access only from specific remote IP adresses.
Can I follow these ISA 2004 steps also on the TMG 2010?
Excluding Specific Addresses from VPN Source Networks in ISA Server 2004
https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc713321(v=technet.10)
Alternatively is there a walk through of how to enable two factor authentication on TMG 2010 with the authenticator app only for remote access?
TIA,
Fred
Hallo,
we are trying to upgrade TMG Standard to SP1.
Status: Saving registry information...
Setup cannot modify or create the registry entry System\CurrentControlSet\Services\Tcpip\Parameters.
And then: Setup was unable to configure TCP settings. As a result, Setup cannot continue.
Has someone a similar problem?
OS: Windows Server 2008 R2 Standard
Thomas
Hi,
We still use TMG 2010 for site to site VPN between 2 offices. We have a weird problem where it just decides to block some traffic from only some machines to only some servers in the other site.
If we disconnect the VPN tunnel in routing and remote access, it self-reconnects and all is well again. We're having to do this every few days.
Our environment is 2016 Hyper-V nodes, and TMG VMs are running Windows Server 2008 R2 SP1 and TMG version 7.0.9193.644, which is the latest according to here.
I looked online and I read about a 'race condition' and a problem with afd.sys. I checked and ours are 6.1.7601.18264 dated 9 March 2018 for site 1 and 6.1.7601.17514 dated 20 November 2010 for site 2.
hi friends
i have deployed wpad Autodiscovery via DHCP.
now in clients how can i check whether my client has detected webproxy server & has obtained wpad.dat file?
when i run ipconfig /all, it doesn't show me wpad option. so ipconfig /all doesn't show all options obtained from DHCP server.
is there any command to see all options which a client has obtained from DHCP server ?
thanks in advance
I am looking for a working download link for Forefront TMG 2010 Rollup 5 For service pack 2
I tried to get hotfix via this link https://support.microsoft.com/en-us/help/2954173/rollup-5-for-forefront-threat-management-gateway-2010-service-pack-2 but the link https://support.microsoft.com/hotfix/kbhotfix.aspx?kbnum=2954173&kbln=en-US says that hotfix is not available.
Is there any other way to get a hold of this rollup?
I have a client which needs it since we are having some issues with their TMG currently running Serviced Pack 2 with no rollups applied.
Would really appreciate if someone could provide me with a working download source
Thank you