How to open 6080 port on TMG 2010

May 13, 2013, 4:16 am

≫ Next: Proxy related error in user workstation with TMG 2010 as windows 2003 domain client

≪ Previous: Setting up NAT or Routing in TMG? Confused.

Hello,

i need to open 6080 port on TMG 2010 for ArcGIS Server. I've created a new protocol (port range:6080 protocol type:tcp direction:outbound) but it doesn't seem to work.

Any suggestions?

Thank you in advance.

↧

Proxy related error in user workstation with TMG 2010 as windows 2003 domain client

May 13, 2013, 6:08 am

≫ Next: Importing Certificate into Web Listener error

≪ Previous: How to open 6080 port on TMG 2010

Recently we have implemented TMG 2010 before that we was using ISA 2006. We have Active Directory based on windows 2003. All the user get the proxy address and port number from AD group policy. After implement TMG 2010 user is not getting automatic proxy address from AD group policy. If i put the manual proxy address in the workstation after restart the workstation proxy showing blank in IE. Please give a solution.

Thanks

Mahatab Rahimafrooz

↧

Importing Certificate into Web Listener error

April 30, 2013, 3:28 pm

≫ Next: TMG Reporting Tools

≪ Previous: Proxy related error in user workstation with TMG 2010 as windows 2003 domain client

I recently had to have my SAN Certificate re-keyed due to the fact that I am bringing a new Exchange 2010 server online to replace our Exchange 2003 server. I have imported the re-keyed certificate into the TMG server but when I select the "Select Certificate" button in the web listener properties to select the new certificate I get the following error:

"One or more array members is not responding. To select a certificate, Forefront TMG services must be running on all the servers in the array."

This is our only TMG server and as far as I can tell all services are running on this server that should be. Any help is appreciated.

↧

TMG Reporting Tools

May 13, 2013, 6:34 pm

≫ Next: Users in Exceptions in From Tab

≪ Previous: Importing Certificate into Web Listener error

Hi,

Please share what are the best 3rd party TMG 2010 reporting Tools

Regards

Usman

Usman Ghani - MCITP Exchange 2010

↧

Users in Exceptions in From Tab

May 13, 2013, 6:39 pm

≫ Next: Routing/Chaining Failure TMG Detected a Loop

≪ Previous: TMG Reporting Tools

Hi,

Is there possible to add Users in exceptions in a Firewall rule. I have blocked website rule , From tab of this rule in exception , i can add only only network entities, i want to make exception for group of windows users.

http://prntscr.com/14tcet

Regards

Usman Ghani

Usman Ghani - MCITP Exchange 2010

↧

Routing/Chaining Failure TMG Detected a Loop

May 13, 2013, 6:49 pm

≫ Next: Certain website Failed Connection Attempt/Denied Connection

≪ Previous: Users in Exceptions in From Tab

Hi Folks;

I'm having an issue with TMG 2010 in that I'm seeing reports of Routing/Chaining failure / TMG Detected a Loop;

Event id 14141

Forefront TMG detected a proxy server loop. There may be a problem in the configuration of the Forefront TMG Web chaining policy. Alternatively, in Enterprise Edition, when CARP is enabled and there are intermittent interruptions of intra-array connectivity, array member A may forward a request to array member B according to the CARP algorithm, and array member B may forward the request to array member A in an endless loop.

A look at the log files indicates that this error occurs when the localhost (the TMG 2010 VM itself) is connecting to Microsoft to check for Windows Updates. This is the only time the error occurs and it occurs often.

Here's a snippet to illustrate;

Microsoft-CryptoAPI/6.1 Proxy - 65.54.87.108 TCP GET Req ID: 0a655fc7; Compression: client=No, server=No, compress rate=0% decompress rate=0% - 0x110 0x0 58066 SecureNAT 1 3923 201 - 5/14/2013 1:23:26 AM - - 0 - 0 - - - - - - 0 0 From cache 65.54.87.108 5/13/2013 6:23:26 PM Local Host xx.external.IP.xx External 65.54.87.108 80 http Failed Connection Attempt - - -

[System] Allow all HTTP traffic from Forefront TMG to all networks (for CRL downloads)

12206 Forefront TMG detected a proxy chain loop. There is a problem with the configuration of the Forefront TMG routing policy. Please contact your server administrator. anonymous http://65.54.87.108/pki/mscorp/crl/mswww(6).crl EDGE Technical Information Web Proxy Filter - 0 -

Is there anyone left in the groups with knowledge of TMG 2010? I've already looked on the web for information relating to this but none seems relevant. I think the key is in the fact that it only happens when the local host goes off to Microsoft to check for Windows Updates.

↧

Certain website Failed Connection Attempt/Denied Connection

May 13, 2013, 7:13 pm

≫ Next: Publish local site through TMG 2010

≪ Previous: Routing/Chaining Failure TMG Detected a Loop

All other websites are working with authentication however one particular website is being denied for some strange reason?

Does anyone have any ideas as to why?

Denied Connection PERDMZ01 14/05/2013 10:07:58 AM
Log type: Web Proxy (Forward)
Status: 12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
Rule: Allow Web Access for All Users - Authenticated
Request: GET http://www.medallionclub.com.au/
Filter information: Req ID: 098601fe; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous

Failed Connection Attempt PERDMZ01 14/05/2013 10:07:58 AM
Log type: Web Proxy (Forward)
Status: 5 Access is denied.
Rule: Allow Web Access for All Users - Authenticated
Request: GET http://www.medallionclub.com.au/
Filter information: Req ID: 098601ff; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous

↧

Publish local site through TMG 2010

May 14, 2013, 12:22 am

≫ Next: [ISA 2006][Website Publishing] intermitten sc-status-code 64 after switching to HTTPS

≪ Previous: Certain website Failed Connection Attempt/Denied Connection

I have local web base software on seperate machine which need to publish on internet and allow my remote users to get connect to this local software. I have Live IP that configured on router and routed to TMG 2010 server. On TMG 2010 created publish web site rule and configured all required information as needed related to web base software informaiton. Now when i try to access my web application from remote location through TMG receiving no page display error.The URL is being accessed is http://123.123.123.123:9867 and also allow port on my router and TMG Server as well.

When try to access directly means by pass TMG server the URL is accesable http://123.123.123.123:9867 with out any issue.

Kindly some one assist where I am making mistake to face this problem.

↧

[ISA 2006][Website Publishing] intermitten sc-status-code 64 after switching to HTTPS

May 14, 2013, 4:25 am

≫ Next: skype problem with TMG

≪ Previous: Publish local site through TMG 2010

We are publishing a website through ISA to client desktop

client desktop --> ISA --> IIS servers

The whole transmission is within our company internal network, just passing through different zones.

There are 2 IIS servers, using Win2k8 NLB (network load balancing) to share a virtual IP address to receive request from ISA.

ISA is using a Website Publishing Rule to receive and redirect request.

Meanwhile, all transmission is under HTTP, it works fine.

Now we want to switch to HTTPS, so we created another Website Publishing Rule on ISA, to listen on port 443 and redirect to IIS servers' port 443.

IIS servers also opened port 443 for that same website.

Both ISA and IIS servers use the same SSL certificate to publish the website.

It seems to be working, until the load test.

Out of the thousands requests each day, there must be a few (less than 10) requests failed.

No error in IIS servers log. Those failed requests were successfully received and returned, with http response code 200.

But ISA log showed sc-status code 64.

ISA Diagnostic Log showed this error message

"ISA Server rejected the request with the HTTP status code 0 and will return the following error message to the Web client. "The specified network name is no longer available. (64)""

And client would receive an error html page, saying "Error Code 64: Host not available. The connection to the Web server was lost."

Googled a bit, seems to have many possible causes, including driver bug or router, switch error.

I tried to use Microsoft Network Monitor. But honestly, I have no idea how to troubleshoot........

↧

skype problem with TMG

May 14, 2013, 5:28 am

≫ Next: Forefront TMG 2010 Spoofing issue preventing connections

≪ Previous: [ISA 2006][Website Publishing] intermitten sc-status-code 64 after switching to HTTPS

hey all i found way to login to skype but it is still not working features like chat , voice , video so i tell you how.. you go to https inspection > certificate validation then uncheck all the boxes then try to login to skype it will but how to make the features works ?

↧

Forefront TMG 2010 Spoofing issue preventing connections

November 2, 2012, 11:50 am

≫ Next: Slow Internet access with TMG 2010 + Windows Server 2008 R2 running on windows server 2012 hyper-v

≪ Previous: skype problem with TMG

Been struggling with IP spoofing issues on our TNG 2010 server.

We have web services published to public IP’s all bound to a NIC called WAN-PUBLIC which then NAT’s to the internal IP’s on the web servers.

In certain scenarios we’re unable gain access to the servers and the ISA logs are full of Spoofing errors such as this:

Log type: Firewall service

Status: A packet was dropped because Forefront TMG determined that the source IP address is spoofed.

Rule: None - see Result Code

Source: Local Host (213.122.169.54:18816)

Destination: Internal (192.168.9.130:443)

Protocol: HTTPS

The source host in this scenario is an IIS server / NLB using ARR so it’s almost acting like a reverse proxy.

Below is the relevant public IP’s bound to the WAN Nic and as you can see it has a default gateway set of un upstream ISP router.

Ethernet adapter WAN-PUBLIC:

Connection-specific DNS Suffix . :

IPv4 Address. . . . . . . . . . . : 213.122.169.50