Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG 2010 - Some external locations/IPs cannot reach sites published by TMG but others can - A connection was abortively closed after one of the peers sent an RST packet

October 10, 2012, 2:51 pm
$
0
0

Hi there,

This issue has been driving me crazy for the last month, and I thought I had it solved but definitely don't.

I have TMG configured for the sole purpose of being a reverse proxy for SharePoint, SAP BusinessObjects, and some other services to follow.

Everything works great... usually....

I put this in place for a client, I had it all configured, and I could reach both sites without any issue from home as well as my office. However, the client I put it in place for was unable to reach it from home, from his office, or from his cell, or anywhere really. The site would time out for him. On the TMG server I would receive an error stating: A connection was abortively closed after one of the peers sent an RST packet.

I searched all over the internet for this, and found a million posts about this error, and none of them helped me. I decided to reconfigure everything on TMG. I reconfigured everything from scratch, and it worked for me from home, on my cell, and worked for my client from his cell and from home, so we thought we were good. However, I am now trying to access it from my office, and it times out, and I receive: A connection was abortively closed after one of the peers sent an RST packet on the TMG server.

I tried from both of our external connections here at the office and I can't get to it, and the TMG server gives this error. I can still reach it from my phone and from home.

This is all done on the same laptops, so clients are not the issue. I've done packet sniffing, and the traffic makes it to the TMG and then nothing. Just a TCP Reset. The only difference at all is where the traffic is coming from...

I need to make sure that no matter where you connect from, if you have internet access, you can reach these sites... I have no idea why TMG is dropping the packet or why the reset happens from certain IPs.

Does anyone have any possible information that might help me?


Thanks

Search

Forefront TMG 2010

November 20, 2012, 1:14 am
$
0
0

Hi Guys

I need some assistance, this is very funny, I setup a proxy server with TNG 2010, i had no issues and this server has been running for 2 years now without any issues.

I am currently busy setting up a second proxy server, the problem I have is when the server is setup, the local pc's can ping the proxy but none op my remote sites which connects through vpn tunneling can ping the proxy, which means they cannot connect to the internet as this is the proxy server for internet.

Nothing is different between the first proxy and now the second, only difference is hardware.

Any ideas please.

Thank You

API (ISAPI) filter

November 20, 2012, 3:17 am
$
0
0

Hi,

We have an TMG 2010 that is running on a server 2008 R2 that also is our Exchange edge and also has FPE 2010. we access our OWA that is behind this TMG server, laatly I come accross this issue, when I access the owa link it gets open then when I try to loggin to the owa rendomly see this error in browser:

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

streang thing is when I close and open the web browser then I can login to the OWA without any issue. we use this publish rule for more then 2 years and never has any issue.

I did also run the logs on the TMG server and at the same time I get the error in the browser get this error on the TMG server:

NTS53 11/1/2012 8:58:24 AM
Log type: Web Proxy (Reverse)
Status: 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator.
Rule: OWA of company
Source: External (132.XX.XX.230:1068)
Destination: Local Host (10.0.10.11:443)
Request: GET http://mail.mycompany.nl/owa/ev.owa?UA=0&oeh=1&ns=PendingRequest&ev=PendingNotificationRequest&canary=b1eeb49f700b42c48172f0f65e756c69
Filter information: Req ID: 0f1b7dff; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=public, user activity=no
Protocol: https
User: domain.local\postmaster@domain.nl
Additional information
Client agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x4000000 (Response includes the WWW-AUTHENTICATE header.)
Processing time: 16 MIME type:

Any idea why is this happening?

Thanks

Shahin

Error while installing Mcafee

November 4, 2012, 12:27 pm
$
0
0

Have a strange situation ,when trying to install Mcafee on TMG server it will not connect to my Enterprise server to communicate and install the antivirus .(Telnet fails on port 9080 to 9085)

I created a rule for Inbound and outboud for ports 9080 to 9085 so as TMG can communicate with the centralised server .

When i run log event test it always goes to the last rule which is default irrespective of rule above default is mcafee (Inbound and outbound rule ).




Proxy problems with TMG 2010

November 20, 2012, 4:39 am
$
0
0

Ever since upgrading to TMG 2010 from ISA 2004, client connectivity through the proxy has been unstable.

This may be down to my lack of understanding of TMG, but the upgrade was pretty much a straight config migration from ISA.

1. One problem is that if you select "Automatically detect settings" in IE, you get no connectivity at all.  We did not have this problem before and if you do check it, it should find ISA.

2. Now, when connecting to VPN from a home internet connection it can't connect because the proxy is set to look for TMG within the work network.   But you can't talk to it until after connecting to VPN. If you disable proxy settings in IE you can connect. Again did not have this behaviour with ISA 2004.  How do I fix it?

Error Code 11001: Host not found

January 19, 2011, 9:55 pm
$
0
0

I have ISA 2006 , it has 2 interfaces ( internal + DMZ) , and i have applied 2 rules ,

1- allow internal and local host to external , all protocols , for all users

2- allow my internal DNS to query dns from my ISP DNS ( I have setup a computer set for ISP dns servers , and another one for my internal DNS servers)

but the problem is some websites like microsoft.com , cant be opening with this error

Error Code 11001: Host not found
Background: This error indicates that the gateway could not find the IP
address of the website you are trying to access. This is usually due to a
DNS-related error.
Source: DNS error
Error Code 11001: Host not found

i cant open this website on the isa server also !! but i can access it if i specidfy the IP address of microsoft.com

any idea why is this happining ? do i need to apply any rule ?

What happens to TMG owners with Software Assurance, now that the product is discontinued?

September 20, 2012, 9:51 am
$
0
0
We bought TMG not all that long ago, and got SA with it.  Now that it's a dead product, does that mean the Software Assurance on it was a waste?

TMG and Exchange 2013 CAS maintenance mode

October 26, 2012, 12:48 pm
$
0
0

Hi

I have a thought about TMG and Exchange 2013 CAS maintenance mode. Microsoft is talking to the big vendors of loadbalancers so that they configure the products to know when a server is in maintenance mode or when it´s broken. But i can´t read if Microsoft is going to update TMG to understand that?

Does anyone have any information about that?

Regards

Fredric

Search

TMG 2010 Design for OWA Publishing multiple DMZs

November 20, 2012, 10:14 am
$
0
0

Hi,

 I need to deploy Exchange 2010 and TMG in an environment which has a security model of an inner and outer DMZ.

The desired mail flow would be as follows:

Internet --- > Hardware Firewall

Hardware Firewall ---> TMG 2010 mail filtering (outer DMZ)

TMG 2010 mail filtering --> TMG 2010 OWA Proxy (inner DMZ)

TMG 2010 OWA Proxy --> TMG 2010 Firewall

TMG 2010 Firewall --> Internal network and Exchange 2010

I'm using VLANs and subnets to separate the networks out. I know how to enable SMTP mail filtering and publish OWA on TMG 2010, but what I haven't done is publish OWA on 1 TMG 2010 server and then use another to do mail filtering. If someone has pointers on how to do this, I'd love to hear from them.

Thanks

IT Support/Everything

Rules for use android os IOS

August 30, 2012, 9:06 am
$
0
0

My name is Higor,I have a problemwithtmg2010, I haveconfiguredmy rules, howeverBrownserAtmy rulesare working, but whenthe accesspart of anandroidorios devicethey'reaccessingsites who areblocked.

I havea rule thatthefinal releaseofblockagesaccesshttp/httpsfor allusers... ifI putittoonlyauthenticatedusersarenotsmartphones,soIputalso notpossibilitovisitorswithlaptopsthat have access tositesreleased...

How do Iresolvethis situation?

After Enable Accounting from Nap Server console which install on TMG ,insted of vpn client real machin ip address it record TMG Ip address

November 20, 2012, 11:06 pm
$
0
0

hi

I have TMG server with Nap service and sql service install on it,I have vpn client who connect to Internet Via vpn connection from my Internal network.I want to enable Accounting that report which client frome which computer start vpn connection.

after config and enable log accounting from nap console which save record on sql databse  ,it creat the databse ,but when i query the databse in (Client_IP_Address) filed insted of real client machine ip address is show me the TMG ip address .

there is a log file (IN*) in c:\windows\system32\report\  folder which show me the vpn machin client ip address and user propertise connection correctly.

I print screen the Database and select the problem.

you will be kind enough if you help me.

 

After Enabeling log Accounting ON TMG server Forme NAP Console to log VPN client connection Propertise In The Client_IP_Address filed it shows TMG Ip address Insted of Client Machin Ip address

November 20, 2012, 11:13 pm
$
0
0

hi

I have TMG server with Nap service and sql service install on it,I have vpn client who connect to Internet Via vpn connection from my Internal network.I want to enable Accounting that report which client frome which computer start vpn connection.

after config and enable log accounting from nap console which save record on sql databse  ,it creat the databse ,but when i query the databse in (Client_IP_Address) filed insted of real client machine ip address is show me the TMG ip address .

there is a log file (IN*) in c:\windows\system32\report\  folder which show me the vpn machin client ip address and user propertise connection correctly.

I print screen the Database and select the problem.

you will be kind enough if you help me.

 

TMG sp2 and logging to local SQL fails

November 20, 2012, 11:19 pm
$
0
0

We have 2 node TMG array with Sp2 Rollup2 installed. Logging to local SQL fails in array node - secondary. On master, logging is ok. SQL Server (MSFW)-service fails to start with service-specific error 1814...

The SQL Server (MSFW) service terminated with service-specific error The specified resource name cannot be found in the image file..

Tried to re-install TMG to secondary node, but after joining to array first reboot brakes something. Service won't start again. Flat file logging works but returning back to local SQL logging fails in secondary node. Nodes are similar, installed from same media within couple days, so they are most likely "identical".

Any idea what next? Is this SQL or TMG problem?

-Amigo

Lumia ActiveSync client mail sync occasionally leads to timeout and 85010014 error

September 18, 2012, 6:16 am
$
0
0

Our customer has TMG 2010 SP2 installed as a two NIC scenario, with Internet-facing NIC in DMZ and LAN-facing NIC in intranet LAN. There are several Nokia E series and Lumia phone ActiveSync clients working OK and able to sync their mail. However, some phones are occasionally unable to sync their mail. Instead, the "Synchronizing mail..." text may hang for two minutes, and then disappear, resulting in 85010014 error on Lumia screen. Typically, the problem phones fail about 50% their sync cases.

The problems started when we replaced the old ISA 2006 server by installing a new W2008 R2 SP1 + TMG 2010 SP2 server from scratch and giving its IP address to TMG. The Exchange server is 2010 SP1 (14.01.0393.000). There are two DC's (W2008 R2, DFL 2008 R2) in LAN, and they are reachable from TMG.

We have tried two different authentication options in the ActiveSync Listener in TMG: both of the Windows (AD) authentication and the LDAP (AD) authentication. The result was that, when the Windows (AD) authentication option was changed to LDAP (AD) option, part of the phones seemed to start sync their mail without problems. However, not all.

When sniffing the network traffic and TLS conversation between Lumia and TMG, we could see that in the timeout case, the TMG is the last one that sends a TLS packet to phone, and then nothing can be seen on that line. However, not sure if this is a relevant finding when solving the actual problem.

What should be done to resolve this issue?

Br, Kari

ISA 2006 sp1 - Internet stop working for few min. & start by it self

November 21, 2012, 12:17 am
$
0
0

Dear All,

I am usign the ISA 2006 sp1 ,

i am having problem like , the internet stop working for few min. & start again by it self, it was having the problem before with MAC Laptops, now it happen with the windows pc also,

 i tested my wifi connection , lan, Firewalll connectivity everything is fine, while stop browsing the it can ping the ISA & other device, i can open the Itranet sites also, but the problem remain the same, i do't get any logs on the ISA or WIFI AP , i do not understand how it is

anybody having any clue

Search

ISA 2006 sp1 - Internet stop working for few min. & start by it self

November 21, 2012, 12:19 am
$
0
0

Dear All,

I am usign the ISA 2006 sp1 ,

i am having problem like , the internet stop working for few min. & start again by it self, it was having the problem before with MAC Laptops, now it happen with the windows pc also,

i tested my wifi connection , lan, Firewalll connectivity everything is fine, while stop browsing the it can ping the ISA & other device, i can open the Itranet sites also, but the problem remain the same, i do't get any logs on the ISA or WIFI AP , i do not understand how it is

anybody having any clue

ISA 2006 sp1 - client pc asking user name & password while browsing

November 21, 2012, 12:11 am
$
0
0

Dear All,

i am having the regular problem with my ISA that, many times in a week the client broweser asking for the user name & passwords, & not accepted any of the user name, i am cheking the logs in ISA it is : Event ID no: 5719 source : netlog on,

1. as a temp. solution i am going to DNS server delete the PTR record of the ISA server & clear the cach , & that creat again the same , on the ISA server i run the command   " ipconfig /flushdns' to get the ip renewal from DNS

2. i installl the TMG client for all client pc that it stop coming that problem, but now days with the TMG clent it comes again

i try to get many try but not get any luck,

the problem seems very criticall , any body who can help me out for this ...

Outlook 2010 can send and receive email behind FFTMG

November 12, 2012, 11:30 pm
$
0
0

I installed FFTMG to restrict web access in my internal network.

I am not sure how to create an allow access rule for outlook 2010 to get access to internet through FFTMG.

Exchange server is not installed.

DNS and DC are installed on one machine, while FFTMG is installed on a separate machine.

Below is the list of software installed on network

MS Server 2008 Enterprise edition (eval)

MS FFTMG 2010 (eval)

MS Office Pro 2010 (eval)

Outlook 2010 cant geting emails through TMG SERVER

October 23, 2012, 5:18 am
$
0
0

Dear All,

I have recently installed TMG server in my network after configuration basic rules outlook was unable to connect , We using SSL 993 PORT and smtp 465 port. Every thing are working fine except email there is no email server in my network.

Please advise or give some steps to allow ssl ports to ge email.

Thanks

kashif

TMG and Azure

November 21, 2012, 7:43 am
$
0
0
We have installed a TMG in our office. We want developers machines can open remote desktops in Azure (3389) and also have access to SQL Server (1433).

From an external internet I have found that I can connect to these services, therefore I understand that they are rules I configure network but not exactly where.

thanks
Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>