Hi there,

This issue has been driving me crazy for the last month, and I thought I had it solved but definitely don't.

I have TMG configured for the sole purpose of being a reverse proxy for SharePoint, SAP BusinessObjects, and some other services to follow.

Everything works great... usually....

I put this in place for a client, I had it all configured, and I could reach both sites without any issue from home as well as my office. However, the client I put it in place for was unable to reach it from home, from his office, or from his cell, or anywhere really. The site would time out for him. On the TMG server I would receive an error stating: A connection was abortively closed after one of the peers sent an RST packet.

I searched all over the internet for this, and found a million posts about this error, and none of them helped me. I decided to reconfigure everything on TMG. I reconfigured everything from scratch, and it worked for me from home, on my cell, and worked for my client from his cell and from home, so we thought we were good. However, I am now trying to access it from my office, and it times out, and I receive: A connection was abortively closed after one of the peers sent an RST packet on the TMG server.

I tried from both of our external connections here at the office and I can't get to it, and the TMG server gives this error. I can still reach it from my phone and from home.

This is all done on the same laptops, so clients are not the issue. I've done packet sniffing, and the traffic makes it to the TMG and then nothing. Just a TCP Reset. The only difference at all is where the traffic is coming from...

I need to make sure that no matter where you connect from, if you have internet access, you can reach these sites... I have no idea why TMG is dropping the packet or why the reset happens from certain IPs.

Does anyone have any possible information that might help me?

Thanks

Hi, we need to get access to an external Oracle DB using ODBC from our Internal Network. We have MS TMG 2010 with SP2. I created an OutBound protocol definition for TCP 1521 and add that protocol to the access rule used for our internal clients (firewall clients).

However, we cannot get communication from our internal apps that use the ODBC connection. For example SQL Developer. I tried the same connection configurations from a machine outside TMG and they worked, so I am sure the problem is on the TMG.

I logged the traffic in the TMG and I can see that there are no errors but a few seconds after starting the connection I see a message in the logs saying " A connection was abortively closed after one of the peers sent an RST packet. "

Any ideas would be much appreciated.

Xavier Villafuerte

Xavier Villafuerte - http://preempalverec.blogspot.com

Hi,

we are running a 2 node TMG EE array with two EMS servers. I have successfully upgraded the two EMS servers to TMG SP2. After drain/stopping and suspending one of the TMG array members I have installed TMG SP2 on it. After rebooting the NLB services cannot be started again. In the Event Log the following error messages (Event ID 21215) appear in the application log:

"An inconsistency in the Network Load Balancing (NLB) configuration may
result in inconsistent handling of traffic between the VPN Clients network
and the Internal network. When a network rule specifying a route relationship
is defined between two networks, NLB must be enabled (or disabled) on both
networks. To enable NLB for IPsec remote site networks, enable NLB on the
network containing the local tunnel endpoint. To enable NLB for VPN
site-to-site and VPN client networks, enable NLB on the selected access
networks. Alternatively, for the VPN Client network, you can designate a
router for routing traffic according to the static address pool."

We have enabled NLB only on the external Interfaces because from my point of view it is not necessary to enable it on the internal interface (as stated also in the event log message). Before those error messages did not appear.

Any ideas?

Best regards

Thomas 

Hi!

Is it possible in ISA 2006 to find the user who accessed a specific website in the past?

Thanks.

Hi,

I am trying to Install TMG 2010 on new virtual, 2 NICs. In the end of first installation step I've got the error: "Setup failed while starting Microsoft Forefront TMG Storage Service".

Internal NIC is the first adapter in binding order.

Dear All, i have install Forefornt Threat Management Gateway in our network, but i can't connect our Ipad and mobile devices with it,

so please help me i have seriouse problems.

thanks in advance

Shookrullah Qurashi

shookrullah@yahoo.com

+93 788 851 911

Hello,

I configured the proxy settings via Group Policy in Internet Explorer, but Internet Explorer exception list cleared when the TMG client receives its configuration from the TMG server, and internal sites work through TMG. How I can fix this.

So i upgraded our exchange servers from 2003 to 2010 this week-end, i created the new Listener that uses FBA and created rules for OWA, ActiveSync, Outlook Anywhere and finally Legacy.

The OWA access works fine and redirection to legacy server for 2003 users is working flawlessly except that now the change password feature in webmail 2003 does not work anymore  (i am not talking about the change password feature on TMG itself with FBA) but the one with exchange (Virtual Directory called Iisadmpwd)

The error i receive is:

Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)

Do you know if there is anything i need to change on IIS server or TMG?

I have TMG SP2 with 2 last hotfixes as Back-Firewall topology with Internal Network, Perimeter and Inter-Array Communication NICs. NLB is configured on Internal and Perimeter NICs. In Perimeter the DGW is of the Edge hardware firewall.There are no host in Perimeter Network. I want to publish non-web protocol ex DNS . I have created a new Network as Perimeter. Also created Network Rules as

Perimeter- Internal = Route

Internal- Perimeter = Route

Internet Access - External = NAT

I'm facing issue with published rule. What should be From and To and Networks. I have tried From"Anyware" To "DNS Servers IP" "Request appears to come from the original client" and Networks " External" . With this publishing rule TMG does not allow DNS traffic "The policy rules do not allow the user request". In logs it shows as protocol DNS instead of DNS Server.

In publishing rule should it be Perimeter in Networks be chosen with what options ALL, NLB or Specific? We have public IP with Static NAT in Edge firewall. Should this IP added as additional VIP in Perimeter network?

Could anyone point to right configuration and resolution steps

Ok So here is my current set up, pretty simple setup.

1- I installed Forefront TMG in a Front Firewall type setup with Two Interfaces (One external interface: 10.8.*.* and One internal: interface 10.7.*.*)
2-I have a static Public IP address 63.144.*.* registered as the IP for a DNS record mail.mycompany.com
3- Traffic on coming on 63.144.*.* over 443 is NAT'ed to my TMG's External Interface at 10.8.*.*
4- Installed SAN Certificate (*.mycompany.com) to the Exchange Server as well as to the TMG Server.
5- Added to TMG the following two rules:

5.1 - Allow HTTPS between Internal Network of the TMG Server and the Internal Network and Vice Versa. Tested Access to my Exchange Server from TMG server Successfully.
5.2 - Created a Web Publishing Rule for OWA and Listener following one of the many articles online.
5.3 - Right clicked on the Rule and chose Properties, then tested it successfully.

Now, when trying to access and test OWA from outside, i watch the logs and i see a connection initiated from the public IP address i'm testing from destined for 10.8.*.*, however i don't see TMG forwarding traffic at all from the TMG's internal interface 10.7.*.* to the exchange server internally, and the connection after few tries closes with the following status : " A connection was abortively closed after one of the peers sent an RST packet" (0x80074e21 FWX_E_ABORTIVE_SHUTDOWN)

I really don't see what i'm missing here, this is very simple rule that should just work.

Any suggestions are much appreciated as i've been banging my head against this for couple days now.

Hi<o:p></o:p>

I try to
install TMG 2010 in Server 2008 R2. but in Additional component install i`m
getting error message "Error installing TMG 2010: failed to install SQL
Express 2008 (logging instance)".then I tried uninstall SQL server 2008,
removed SQL folders in programme files (x86 also) and run setup file as
administrator same problem happens again and again :-(. i tried all the technet
methods no luck. i formatted and reinstall server 2008 also same problem
again.here i attached log file from SQL setup bootstrap.

Hello,

how can i secure Outlook Anywhere (on Exchange 2010 SP2) with two factor auth on TMG 2010 SP2?

Thanks, 

Best

Martin

Hi,

I'm trying to install Forefront TMG on a Windows 2008 R2 server but it always fails set up when trying to install the SQL Express 2008 Reporting Instance.  The install log is shown below.  Any help would be appreciated as I can't find any answers on the internet other than to wipe the server.

The target server is a member server and fully patched.

13:18:58 INFO: Installer activated, command-line=''
13:18:58 INFO: Expanded full extraction path of SQL Express 2008 SP1 Package is 'C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}'.
13:18:58 INFO: Install scenario
13:18:58 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:18:58 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:18:58 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:18:58 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:18:58 ERROR: CSSEInstaller::GetInstanceId failed to read from reg 'MSFW'
13:18:58 INFO: CSSEInstaller::Prepare: Failed to get the instace id of MSFW
13:18:58 ERROR: CSSEInstaller::GetInstanceId failed to read from reg 'ISARS'
13:18:58 INFO: CSSEInstaller::Prepare: Failed to get the instace id of ISARS
13:18:58 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:18:58 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:18:58 INFO: Installing ISA (Core components)...
13:18:58 INFO: CFirewallInstaller: Activating installation, command line args = '-I "E:\ISO\SW_DVD5_Forefront_TMG_Standard_2010_64Bit_English_MLF_X16-23051\FPC\MS_FPC_Server.msi "WRAPPER=1 ARPSYSTEMCOMPONENT=1 MEDIAPACKAGEPATH=\FPC\ REBOOT=ReallySuppress'
13:23:55 INFO: Process completed successfully
13:23:55 INFO: Calling CreateAddRemoveEntry
13:23:55 INFO: Creating an entry in ARP
13:23:56 INFO: Add/Remove entry was created
13:23:56 INFO: Installing Additional components...
13:23:56 INFO: Activating Extration of SQL Express 2008 SP1 Package, command line args = '-s -f "C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}" -e'
13:23:56 INFO: SQL Express 2008 SP1 Package path is .\Program Files\Microsoft ISA Server\SQLE\SQLExpress2008SP1.exe
13:24:53 INFO: Process completed successfully
13:24:53 INFO: SQL Express 2008 SP1 Package was sucessfully extracted to 'C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}'
13:24:53 INFO: Activating SQL Express installation, command line args = '/QUIET /ACTION=Install /FEATURES=SQLEngine /INSTANCENAME=MSFW /SQLSYSADMINACCOUNTS="BUILTIN\Administrators" /BROWSERSVCSTARTUPTYPE=4 /SAPWD=************** /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /NPENABLED=0 /TCPENABLED=0 /SKIPRULES=RebootRequiredCheck /HIDECONSOLE /PCUSource="C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}\PCU"'
13:24:53 INFO: SQL Express 2008 installation path is C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}\setup.exe
13:28:51 INFO: Process completed successfully
13:28:51 INFO: SQL Express 2008 successfully installed
13:28:51 INFO: Starting SQL Express service
13:29:02 INFO: Changing network service permissions to allow access to SQL Express
13:29:03 INFO: Changing SQL Express tempdb size
13:29:03 INFO: Failed to change Tempdb MAXSIZE, error = ,, 0x80040e09. Ignoring...
13:29:03 INFO: Moving SQL Express tempdb to stingray logging directory
13:29:08 INFO: AdjustSSEConfiguration completed successfully.
13:29:08 INFO: Activating SQL Express installation, command line args = '/QUIET /ACTION=Install /FEATURES=SQLEngine,RS /INSTANCENAME=ISARS /SQLSYSADMINACCOUNTS="BUILTIN\Administrators" /BROWSERSVCSTARTUPTYPE=4 /SAPWD=************** /SECURITYMODE=SQL /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /RSINSTALLMODE=DefaultNativeMode /RSSVCACCOUNT="NT AUTHORITY\SYSTEM" /RSSVCStartupType=Automatic /NPENABLED=0 /TCPENABLED=1 /SKIPRULES=RebootRequiredCheck /HIDECONSOLE /PCUSource="C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}\PCU"'
13:29:08 INFO: SQL Express 2008 installation path is C:\Windows\temp\{86A574B1-0376-449C-B202-B2E06EFAC5E6}\setup.exe
13:30:00 ERROR: Setup failed. Error returned: 0x84be03f4
13:30:00 ERROR: Installation of SQL Express 2008 failed. hr = 0x84be03f4
13:30:00 ERROR: Installation failed. hr = 0x84be03f4
13:30:00 ERROR: Installation failed, hr=0x84be03f4
13:30:40 ERROR: InstallProducts:Install Additional components failed, hr=0x84be03f4
13:30:40 INFO: Rollback: Performing rollback after installation failure.
13:30:40 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:30:40 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:30:40 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:30:40 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:30:40 INFO: The instance Id of instace MSFW is MSSQL10.MSFW
13:30:40 INFO: GetUninstallCode: Prepare: product code is {9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}
13:30:40 ERROR: CSSEInstaller::GetInstanceId failed to read from reg 'ISARS'
13:30:40 INFO: CSSEInstaller::Prepare: Failed to get the instace id of ISARS
13:30:40 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
13:30:40 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
13:30:40 INFO: The instance Id of instace MSFW is MSSQL10.MSFW
13:30:40 INFO: Activating SQL Express uninstallation, command line args = '/QUIET /ACTION=Uninstall /FEATURES=SQLEngine /INSTANCENAME=MSFW /SKIPRULES=RebootRequiredCheck /HIDECONSOLE'
13:30:40 INFO: Uninstall command line is C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\Setup.exe
13:32:27 INFO: Process completed successfully
13:32:27 INFO: Uninstall of SQL Express 2005 instance MSFW finished successfully
13:32:27 INFO: Deleting previous SQL Express installation directory <C:\Program Files\microsoft sql server\MSSQL10.MSFW>
13:32:27 INFO: Activating Reconfigure with cmdline='REBOOT=ReallySuppress WRAPPER=1'
13:32:27 INFO: Activating setup cmdline='C:\Windows\system32\msiexec.exe /qn /X {AEBCA466-489C-4e03-B667-C89DCD5EFF24} REBOOT=ReallySuppress WRAPPER=1 /Lvoicewarmup+ C:\Windows\TEMP\ISAFWSV_254.log LOGSESSIONNUM=254 FWUILOGFILE=C:\Windows\TEMP\ISAFWUI_254.log '
13:33:34 INFO: Process completed successfully
13:33:34 INFO: CFirewallInstaller::DeleteAddRemoveEntry
13:33:34 INFO: CFirewallInstaller::DeleteComUIRegistry
13:35:55 ERROR: Wrapper: Install failed, hr = 0x84be03f4
13:35:55 ERROR: Wrapper: DoSetup failed, hr = 0x84be03f4
13:35:55 ERROR: Wrapper: DoSetup failed, hr = 84be03f4
13:35:55 ERROR: Setup of SSE Reporting failed. Return value: SETUP_ERROR_SSE_SSRS

Hi Folks,

Runnning Forefront TMG build 7.0.9193.500

When attempting to update the NIS definition files, the files download but fail to install and the following message is logged in the TMG alert section:

"Definition Updating Failed

Description: An error occurred during an attempt to check for, download, or install definition updates on the server ServerName.
The failure is due to error: 0x80240022"

When looking in the windowsupdate.log file, it appears that there is a permissions problem encountered during the update process (WARNING: ExtractUpdateFiles failed with 0x80070005)

Here are the full contents of the C:\Windows\windowsupdate.log file logged during the update process:

Since it seemed to help some folks that were having trouble downloading the NIS updates, I have also tried downloading the updates with (winhttp) Proxy authentication on and off.

I have also tried recreating the C:\Windows\SoftwareDistribution folder (Stop wuauserv; Rename folder; Start wuauserv; Folder recreated)

Still no luck. Any help or direction you can provide is much appreciated.

Cheers,

John

I am attempting to create a LT2P VPN connection with multiple IP addrsses on the public (external) adapter.  I can successfully connect using the default address but attempts to the other two result in the 678 (no answer) error.  PPTP connectivity works on all of these addresses.  I am also able to ping these addresses from the public network after setting up a firewal rule to allow me to do so. 

Windows 2008 R2 is at the latest patch level and TMG is at SP2

I would appreciate any thoughts in this matter.

which version of sep works with Windows 2012

Hi,

We have a problem that we need to verify who are the users that are being lockout by the rules in TMG. This has been going on for quite sometime. we used TMG as a proxy for connections on the Exchange Server. Mainly Active Sync and Outlook Anywhere. 

We did stumble upon this solution:

http://support.microsoft.com/kb/2592929

We had already implemented Sp2 Rollup 2 on our TMG Farm

But it doesn't seem to be of much help if we filter the logs using these parameters:

Log Record Type -equal -Web Proxy Filter

Log Time  -Last Hour / Live

HTTP Status code -Equals -1909

Can you please help me with this? Are there any other hotfix that needs to be installed so the anonymous will be replaced by the name of the user instead when we do a query?