Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

TMG Not Listening on SMTP Port 25

January 23, 2012, 8:41 pm
$
0
0

I am running a TMG 2010 SP2 box. (Fresh Install) on a Back-End style scenario. Exchange Edge server is NOT installed and at the moment prefer not to install it as a resolution.

The setup diagram is as follows

Internet -> NAT Router (External IP) -> TMG Server (DMZ Network)(Internal Network) -> Exchange 2010 (Internal)

No matter what I publish with the "Publish Mail Servers" wizard nor with the "Configure E-Mail Policy", I cannot get TMG to listen on port 25.

I'm absolutely stumped.

The only other thing to add is that there is no External Network, only an Internal and Perimeter.

Thank you for your time.

-Chase

Search

Trouble Publishing SMTP through TMG to Internal Exchange 2010

February 17, 2012, 8:15 am
$
0
0

Hello,

I have a TMG server configured as a back firewall.  I am trying to publish SMTP so that our hosted spam filtering can deliver inbound email through the TMG to the internal Hub Transport server.

The Internet firewall is a Cisco ASA that NATs our public IP to the DMZ IP of the TMG server.

I have run the Mail Server Publishing Rule with the following settings:

Name: Exchange HT SMTP Rule

Access Type: Server-to-server commnication: SMTP,NNTP

Services: SMTP

Server Being Published: 10.10.50.100 (internal Exchange HT server)

Network Listener IP Addresses: Perimeter - 10.119.1.50(DMZ IP of TMG)

i am using an external workstation and Telnet on port 25 to test the rule.  I have configured the logs to filter based on my external workstation's Client IP address.

When I attempt to connect via Telnet on port 25, Telnet replies back "Could not open connection to the host, on port 25: Connection failed".  On log of the TMG, i see two events repeated several times.

These two events are logged each three times per failed connection, but no other events are shown.

One thing that I am curious of is that the events in the log indicate the "[System] Allow SMTP traffic to the local host for mail protection filtering" rule and not the publishing rule that was created.  No events show up for the rule that was created to publish the mail server.

TMG problem IIS

December 5, 2012, 3:24 am
$
0
0

Hello everybody I have a problem somewhat strange.

I have a company in the field, there are two domain controllers, a TMG server, an IIS server, and a database server (SQL Server 2008R2)

Each of these services mentioned above on independent servers, ie the TMG Stay on a server, IIS in another and so on.

We have an application that runs on top of IIS, ie the local address is something likehttp://sistema.empresa.local, and there is an entry in the dns alias (CNAME).

In ForeFront TMG, I made the exception in the Internal - this marked the WebBrowser proxy bypass, as well as the stations in internet explorer, (not use proxy for local addresses).

There is a GPO that still make exceptions in the "Bypass proxy server for local addresses beginning with" where the site was registered site mentioned abovehttp://sistema.empresa.local

Well what happens is that every time the internet to can not I access my internal application, is trying to detect the proxy and does not enter.

In TMG settings of network adapters, this always ordered for the card after the card Local internet.

Anyway friends, did all of these settings and still am with the problem.

Someone has gone through it, you know how I can solve?

Newly added array member didn't pickup firewall rules

December 5, 2012, 6:28 am
$
0
0

Hey,

I have TMG 2010 array of two servers. Both are running SP1 RU4. I tried to add 3rd server to the array. Joining process went fine, configuration synched fine on newly added member. Everything seemed to be green.

Looking at live query I noticed that newly added array member blocks all the traffic. Reason is default rule.

Is there any steps I missed?

Regards, Mindaugas Laucius

Forefront TMG server blocks internet connections for client system by giving error "Denied Connections per Minute from One IP Address Limit Exceeded"

December 4, 2012, 10:24 pm
$
0
0
 

We have installed Microsoft Forefront TMG 2010 server in our network and it is working fine.

But sometimes, some of our client systems stops all internet related activities and on TMG Server, it shows "Denied Connections per Minute from One IP Address Limit Exceeded" related to that particular client system.  

Alert Description is:The number of denied connections from the source IP address 172.16.2.39 exceeded the configured limit. This may indicate that the host is infected or is attempting an attack on the Forefront TMG computer.

Forefront TMG server blocking internet connection for that client system by giving above error though the client systems are not infected.

To come out of this issue, we have to restart that particular client system. After restart, client system works fine. Sometimes, it takes 2 to 3 restart to come out from this issue which is very annoying task for users. 

kindly help to come out of this issue without client system restart.

Thanks in advance

Best Regards, 

TMG Workgroup - DMZ - Standalone Array

April 4, 2012, 7:19 am
$
0
0

Hi,

I have the following TMG cenario:

2 TMG Ent SP2
Standalone Array created
2 NICS (1 dmz - 1 lan)
*WORKGROUP
*DMZ
Topology: BackFirewall
TMG is behind a Hardware NLB

I need to publish Sharepoint and use TMG as reverse proxy. I'm having troubles with this cenario in workgroup environment.

here are the links I followed during the installation:
http://technet.microsoft.com/en-us/library/dd897048.aspx
http://technet.microsoft.com/en-us/library/ee658146.aspx
http://technet.microsoft.com/en-us/library/ee658140.aspx
http://technet.microsoft.com/en-us/library/ee658148.aspx
http://technet.microsoft.com/en-us/library/ee658141.aspx
http://blog.msedge.org.uk/2010/05/workgroup-deployment-with-forefront-tmg.html

I had problems to join the second server in array and did the reinstallation of TMG, and now I'm getting the following errors:

In monitoring -> Configuration tab -> Configuration Status
Server1 Array Manager - Error - Server is unable to update the configuration
Server 2 Array Managed - Not Synced - Server configuration does not match the stored configuration...

In the Alerts tab:

Configuration changes cannot be loaded by Forefront
Description: Configuration changes saved to the configuration storage server could not be applied to Forefront TMG services. After 5 attemps to apply the changes, Forefront TMG postpones any new attempts to apply these changes, and will only renew attempts when a new configuration is saved to the configuration storage server. Recent alerts may

Configuration Storage Access Blocked
Configuration changes made may result in loss of connectivity to the configuration storage server "SERVER" and cannot be aplied. This alert is caused by connectivity or authentication issues, or by Forefront TMG configuration settings. The error descritption is: The server is not operational.
The failure is due to error: The server is not operational.

Any ideas?

Thanks.

Tiago Ferreira
MCSA+M, MCTS, MCP
http://www.msitpro.com.br
http://portaltecnologia.net

discontin TMG

December 5, 2012, 1:16 pm
$
0
0

TMG replaces that product?

http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx?PageIndex=3#comments

SQL Express 2008 SP1 Extraction error when installing Forefront TMG

October 5, 2010, 8:38 am
$
0
0
Hi, I want to install Forefront TMG on a server with 2GB RAM. But when the setup is busy with the installation of the Additional Components, I get the following error: "Microsoft SQL Express 2008 SP1 Package could not be extracted. As a result, Forefront TMG installation cannot be completed." What can I do now? After doing some google-ing I found this forum thread: http://forums.isaserver.org/SQL_extracting_error,_when_installing_forefront_TMG/m_2002102022/tm.htm But there isn't a solution listed... My server is fully up to date and runs Windows Server 2008 Standard Edition R2. Regards, Nathan Vileyn
Search

TMG vulnerable to BEAST attack: Qualys SSL Lab test

December 5, 2012, 11:12 am

TMG Scripting Addition of Web Listener in Powershell

August 24, 2012, 2:36 am
$
0
0
I really need some help working on a script to create a web listener in TMG using PowerShell. Please can someone help! I have seen Jan Egil Ring's script on modifying properties of a web listener but I have not been able to find a way to create a new listener.

Forefront TMG 2010 Forward Proxy Session

November 24, 2012, 2:02 am
$
0
0

Hi all,

We have Forefront TMG 2010 configured as Forward Proxy. All internal users need to pass through TMG before they can access internet. Right now all the settings seems working well. User will set FF TMG IP address on internet browser proxy setting.

I just want to know, is there any way to restrict user session to internet. My point is, let say Alex want to access internet from his pc, he open web browser. Authentication will prompt and Alex need to supply his username and password. Then, he able to access internet. How can we restrict the same user Alex, from using his own username and password to access internet from different pc at the same time. In simple word, Alex cannot use his own username and password from different pc at the same time.

Is there any ways to do it?

Cheers.

0xc0040014 FWX_E_FEW_SPOOFING_PACKET_DROPPED

November 15, 2012, 2:56 am
$
0
0

I have Main office and branch linked with 2 TMG 2010 (+ all SP's and all rollups) over PPTP site-to site.

Sometimes some clients can't access to main office sourses with 0xc0040014 FWX_E_FEW_SPOOFING_PACKET_DROPPED on branch's TMG; internet sill works.

Everytime diffrent client, but no more then 1 at once.

There are 2 providers on branch office with ISP.

Single URL to redirect to multiple Lotus DWA sites??

December 5, 2012, 10:50 pm
$
0
0

Dear all,

My customer is having Lotus Domino as email servers and have at least 1 Domino clusters in each site (different locations).  Currently, an ISA2006 is acting as reverse proxy and redirect specific URL to corresponding site for iNotes (Domino Web Access) connection (e.g., mail-hk.abc.com to HK site, mail-sg.abc.com to Singapore site, etc.).  Separate listeners are created to each redirection.

My customer is having a new office in another city (London) and they do not want to maintain so many URL.  They want to know if it is possible to use one URL for all sites (e.g., mail.abc.com for all sites).  Then when login, the ISA2006 can based on rules to redirect the user to the corresponding site.  

What I do not know is that if ISA2006 can do this.  If not, can FFTMG 2010 do this?  If either application can help, how to set the rules to separate the users?  The customer now place corresponding users in specific directory in the Domino server (data/mail/HK or data/mail/SG, e.g.).

Sorry for this basic question but we tried the single URL approach in ISA2006 but are not able to make it work. 

Thanks a lot,

Rayson Wong

Web Access Rules for auhenticated and UN authenticated users

June 1, 2012, 2:57 am
$
0
0

Hi all,

We're running TMG 2010 Version: 7.0.8108.200.

I´m trying to create a rule set that will:

a) Allow AUTHENTICATED users web access through a whitelist
b) Allow UNAUTHENTICATED users unrestricted web access

They're all on the same subnet.

The rule that allows UNauthenticated users is above the one for the authenticated users, otherwise UNauthenticated user are precluded from further processing.
But then I need a way to exclude authenticated  users from matching that rule.

Any ideas? I'm lost here....

Thanks!
- Kris


TMG 2012 array setup

December 6, 2012, 12:43 am
$
0
0

currently I have a standalone TMG 2010 acting as a web proxy for my office.

we intend to migrate to a new setup when we will have TMG array.

the TMG array will have 2 new servers and one TMG management server.

do I need to assigned 3 different IP address and hostname for the new setup ??

Search

Apache Virtual Sites not working in TMG SERVER 2010

December 6, 2012, 1:30 am
$
0
0

Dear Sir,

I have installed TMG server everything working fine except local websites define in virtualhost in vhost and add some sites in hosts in windows is not working.

example:

127.0.0.1 local.play.com
127.0.0.1 local.cms.com

I have tried many things and add different firewall rules like webpublishing rules etc.. Can you advise me how these sites open through tmg, These sites are running on internally on Apache server.

Error on log file..
"Failed Connection Attempt TMGSERVER 12/4/2012 5:46:34 PM
Log type: Web Proxy (Forward)
Status: 10061 No connection could be made because the target machine actively refused it.
Rule: Allow Web Access for All Users
Source: Internal (192.168.1.140:1244)
Destination: Local Host (local.cms.com 127.0.0.1:895)
Request: GET http://127.0.0.1:895/config/?lang=eng&country=XX&reloadlang=1&afd=1354624342&afc=BF3A7E252C550A35489CB98541899048
Filter information: Req ID: 0a86da16; Compression: client=No, server=No, compress rate=0% decompress rate=0%

Please advise me to sole this problem.

Thanks a lot..
Kashif Shaikh.

TMG Error Code 502 Proxy Error. The directory name is invalid. (267)

December 6, 2012, 3:36 am
$
0
0

Hi,

I am having problem with a website in specific.
Is showing the following error message.
Error Code: 502 Proxy Error. The Directory name is invalid. (267)
Server: TMG.personaldomain.local
Source: web filter

I have found no information in the logs to help identify the problem.
I suspect that may be temporarily unavailable from the website. I enter the site without using the TMG and the same is responding.
The problem is solved when I restart the service "Microsoft Forefront TMG Firewall"
I suspect that may be cached in TMG that the site remains unavailable.

Any idea?

Tks.

MCITP|Enterprise Administrator

Installed TMG 2010 with ISA 2006 backup, now VPN doesn't work

December 6, 2012, 11:47 am
$
0
0

I recently install this TMG 2010 server and imported my backup from ISA 2006. The import was successful. Everything seems to work outgoing, but my vpn is not working. It seems to be connecting, but the authentication part seems broken. It just keeps asking me to authenticate, but it won't accept any configuration of username and password. Any ideas?

I tried
username password
domain name\username password
username@domain name password 

OS is Windows 2008 R2

LAN Routing

December 6, 2012, 9:33 am
$
0
0

Hi,

I've enabled LAN routing on my TMG server, my network is as follows:

laptop (192.168.1.111)---  router A (192.168.1.1)--switch--tmg (192.168.1.22/192,168.2.22)--- router B (192.168.2.1)

I've added a static route from my laptop to 192.168.2.0 with 192.168.1.22 as the next hop (TMG)

My laptop can ping TMG, TMG can ping both sides of the network, it's multi homed. I've configured TMG as follows:-
internal network - 192.168.2.0
perimeter - 192.168.1.0

I've added the following allow firewall rules:
internal to perimeter ping
localhost to internal\localhost - http, https, ping
perimeter to internal ping

Whenever I try to ping 192.168.2.1 (router B) from my laptop on the other side of the network the ping fails. TMG logs show:

DENIED, source internal - 192.168.1.111, destination perimeter - 192.168.2.1, protocol PING

I've checked my network addresses for internal and perimeter (they're correct). So, I don't know why the firewall rule is categorising the network traffic wrongly.

Also I have PING rules in place to allow ping in both direction, but this fails. I suspect it may be to do with enabling LAN routing on TMG.

Please advise.

Thanks

MaxConcurrentAPI - is this will really help to increase or resolved Client Authentication Issue?

December 6, 2012, 1:28 pm
$
0
0

Hi Guys,

     MaxConcurrentAPI - is this will really help to increase or resolved Client Authentication Issue? with connectivity with Domain Controller and standalone ISA Server - Web Caching and Web Filtering ISA Serer 2006.

     Any other idieas, suggestions it will be a great help.

Thanks,

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>