Hello,
i need to open 6080 port on TMG 2010 for ArcGIS Server. I've created a new protocol (port range:6080 protocol type:tcp direction:outbound) but it doesn't seem to work.
Any suggestions?
Thank you in advance.
Hello,
i need to open 6080 port on TMG 2010 for ArcGIS Server. I've created a new protocol (port range:6080 protocol type:tcp direction:outbound) but it doesn't seem to work.
Any suggestions?
Thank you in advance.
Recently we have implemented TMG 2010 before that we was using ISA 2006. We have Active Directory based on windows 2003. All the user get the proxy address and port number from AD group policy. After implement TMG 2010 user is not getting automatic proxy address from AD group policy. If i put the manual proxy address in the workstation after restart the workstation proxy showing blank in IE. Please give a solution.
Thanks
Mahatab Rahimafrooz
I recently had to have my SAN Certificate re-keyed due to the fact that I am bringing a new Exchange 2010 server online to replace our Exchange 2003 server. I have imported the re-keyed certificate into the TMG server but when I select the "Select Certificate" button in the web listener properties to select the new certificate I get the following error:
"One or more array members is not responding. To select a certificate, Forefront TMG services must be running on all the servers in the array."
This is our only TMG server and as far as I can tell all services are running on this server that should be. Any help is appreciated.
Hi,
Please share what are the best 3rd party TMG 2010 reporting Tools
Regards
Usman
Usman Ghani - MCITP Exchange 2010
Hi,
Is there possible to add Users in exceptions in a Firewall rule. I have blocked website rule , From tab of this rule in exception , i can add only only network entities, i want to make exception for group of windows users.
http://prntscr.com/14tcet
Regards
Usman Ghani
Usman Ghani - MCITP Exchange 2010
Hi Folks;
I'm having an issue with TMG 2010 in that I'm seeing reports of Routing/Chaining failure / TMG Detected a Loop;
Event id 14141
Forefront TMG detected a proxy server loop. There may be a problem in the configuration of the Forefront TMG Web chaining policy. Alternatively, in Enterprise Edition, when CARP is enabled and there are intermittent interruptions of intra-array connectivity, array member A may forward a request to array member B according to the CARP algorithm, and array member B may forward the request to array member A in an endless loop.
A look at the log files indicates that this error occurs when the localhost (the TMG 2010 VM itself) is connecting to Microsoft to check for Windows Updates. This is the only time the error occurs and it occurs often.
Here's a snippet to illustrate;
Microsoft-CryptoAPI/6.1 Proxy - 65.54.87.108 TCP GET Req ID: 0a655fc7; Compression: client=No, server=No, compress rate=0% decompress rate=0% - 0x110 0x0 58066 SecureNAT 1 3923 201 - 5/14/2013 1:23:26 AM - - 0 - 0 - - - - - - 0 0 From cache 65.54.87.108 5/13/2013 6:23:26 PM Local Host xx.external.IP.xx External 65.54.87.108 80 http Failed Connection Attempt - - -
[System] Allow all HTTP traffic from Forefront TMG to all networks (for CRL downloads)
12206 Forefront TMG detected a proxy chain loop. There is a problem with the configuration of the Forefront TMG routing policy. Please contact your server administrator. anonymous http://65.54.87.108/pki/mscorp/crl/mswww(6).crl EDGE Technical Information Web Proxy Filter - 0 -
Is there anyone left in the groups with knowledge of TMG 2010? I've already looked on the web for information relating to this but none seems relevant. I think the key is in the fact that it only happens when the local host goes off to Microsoft to check for Windows Updates.
All other websites are working with authentication however one particular website is being denied for some strange reason?
Does anyone have any ideas as to why?
Denied Connection PERDMZ01 14/05/2013 10:07:58 AM
Log type: Web Proxy (Forward)
Status: 12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
Rule: Allow Web Access for All Users - Authenticated
Request: GET http://www.medallionclub.com.au/
Filter information: Req ID: 098601fe; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
I have local web base software on seperate machine which need to publish on internet and allow my remote users to get connect to this local software. I have Live IP that configured on router and routed to TMG 2010 server. On TMG 2010 created publish web site rule and configured all required information as needed related to web base software informaiton. Now when i try to access my web application from remote location through TMG receiving no page display error.The URL is being accessed is http://123.123.123.123:9867 and also allow port on my router and TMG Server as well.
When try to access directly means by pass TMG server the URL is accesable http://123.123.123.123:9867 with out any issue.
Kindly some one assist where I am making mistake to face this problem.
We are publishing a website through ISA to client desktop
client desktop --> ISA --> IIS servers
The whole transmission is within our company internal network, just passing through different zones.
There are 2 IIS servers, using Win2k8 NLB (network load balancing) to share a virtual IP address to receive request from ISA.
ISA is using a Website Publishing Rule to receive and redirect request.
Meanwhile, all transmission is under HTTP, it works fine.
Now we want to switch to HTTPS, so we created another Website Publishing Rule on ISA, to listen on port 443 and redirect to IIS servers' port 443.
IIS servers also opened port 443 for that same website.
Both ISA and IIS servers use the same SSL certificate to publish the website.
It seems to be working, until the load test.
Out of the thousands requests each day, there must be a few (less than 10) requests failed.
No error in IIS servers log. Those failed requests were successfully received and returned, with http response code 200.
But ISA log showed sc-status code 64.
ISA Diagnostic Log showed this error message
"ISA Server rejected the request with the HTTP status code 0 and will return the following error message to the Web client. "The specified network name is no longer available. (64)""
And client would receive an error html page, saying "Error Code 64: Host not available. The connection to the Web server was lost."
Googled a bit, seems to have many possible causes, including driver bug or router, switch error.
I tried to use Microsoft Network Monitor. But honestly, I have no idea how to troubleshoot........
Been struggling with IP spoofing issues on our TNG 2010 server.
We have web services published to public IP’s all bound to a NIC called WAN-PUBLIC which then NAT’s to the internal IP’s on the web servers.
In certain scenarios we’re unable gain access to the servers and the ISA logs are full of Spoofing errors such as this:
Log type: Firewall service
Status: A packet was dropped because Forefront TMG determined that the source IP address is spoofed.
Rule: None - see Result Code
Source: Local Host (213.122.169.54:18816)
Destination: Internal (192.168.9.130:443)
Protocol: HTTPS
The source host in this scenario is an IIS server / NLB using ARR so it’s almost acting like a reverse proxy.
Below is the relevant public IP’s bound to the WAN Nic and as you can see it has a default gateway set of un upstream ISP router.
Ethernet adapter WAN-PUBLIC:
Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 213.122.169.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.51
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.52
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.53
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.54
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.55
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.56
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.57
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.58
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IPv4 Address. . . . . . . . . . . : 213.122.169.59
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 213.122.169.49
Below is the internal NIC of the ISA server (no gateway set)
Ethernet adapter LAN-PRIVATE:
IPv4 Address. . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
So the rule above that’s failing is on a 192.168.9.x network, this network has a manual route defined that’s an internal core switch.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 213.122.169.49 213.122.169.50 266
10.10.10.0 255.255.255.0 192.168.0.2 192.168.0.1 11
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.1 266
192.168.0.1 255.255.255.255 On-link 192.168.0.1 266
192.168.0.103 255.255.255.255 192.168.0.103 192.168.0.107 31
192.168.0.107 255.255.255.255 On-link 192.168.0.107 286
192.168.0.255 255.255.255.255 On-link 192.168.0.1 266
192.168.9.0 255.255.255.0 192.168.0.2 192.168.0.1 11
213.122.169.0 255.255.255.0 On-link 213.122.169.50 266
213.122.169.50 255.255.255.255 On-link 213.122.169.50 266
213.122.169.51 255.255.255.255 On-link 213.122.169.50 266
213.122.169.52 255.255.255.255 On-link 213.122.169.50 266
213.122.169.53 255.255.255.255 On-link 213.122.169.50 266
213.122.169.54 255.255.255.255 On-link 213.122.169.50 266
213.122.169.55 255.255.255.255 On-link 213.122.169.50 266
213.122.169.56 255.255.255.255 On-link 213.122.169.50 266
213.122.169.57 255.255.255.255 On-link 213.122.169.50 266
213.122.169.58 255.255.255.255 On-link 213.122.169.50 266
213.122.169.59 255.255.255.255 On-link 213.122.169.50 266
213.122.169.255 255.255.255.255 On-link 213.122.169.50 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.1 266
224.0.0.0 240.0.0.0 On-link 213.122.169.50 266
224.0.0.0 240.0.0.0 On-link 192.168.0.107 286
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.1 266
255.255.255.255 255.255.255.255 On-link 213.122.169.50 266
255.255.255.255 255.255.255.255 On-link 192.168.0.107 286
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.9.0 255.255.255.0 192.168.0.2 1
10.10.10.0 255.255.255.0 192.168.0.2 1
0.0.0.0 0.0.0.0 213.122.169.49 Default
The 192.168.9.x network range has been defined within the ISA Network tab to the “Internal Nic”
I’ve run the ISA BPA and that’s not detected a configuration issue.
Any thoughts on how to proceed?
I'm using Windows Server 2012 Datacenter hyper-v one of my VMs run TMG 2010 on win 2008R2
The VM configuration:
4G RAM, 2 NIC, 1 virtual Processorand the external NIC connected to 10M internet connection
my network contains 2 VLANs , the TMG belongs to 1st VLAN and browsing is very fast with no problems
in the 2nd VLAN browsing is very slow.
Ping to my TMG ip <1ms and no delay
how to fix this issue?
Hello,
Can I configure ISP Load Balancing and publish internal site in one TMG Array?
Hi
One of the RSA servers is already configured I am currently trying to configure another RSA securid to authenticate through the same gateway. As i have noticed you can only copy a single sdconfig file to the location. appreciate your thoughts and suggestions on how i can achieve this task.
thanks
Ashneil Singh
we Have a site which we access using RSA token TMG.
Sometime site be faster but sometime it takes long time to process each request.
site works find internally.
Dont know why it would be doing this.
Hi,
How do I allow X-MicrosoftAjax header.
We have a website which is being access from TMG when we click on data text box we dont get ajax calendar opening.
Can someone please let me know how do i allow this.
this works find without the tmg.
Hello
We use here TMG Management tools to administrate a TMG array remotely, and after installing IE9 (RTM), these tools give all kinds of error messages like 'member not found', 'refresh failed' and so on. Is there a (hot)fix for this?
Thanks in advance,
Jeroen.
Hey guys,
From my TMG server, I cannot get to any web pages. I can ping google.com, so I know I can get to the Internet. Also, we are publishing internal application through this TMG to the outside world. I get the error in the following image:
As far as I know there are no settings that would prohibit web pages from showing. I need to update my TMG server so this is a problem. Windows Update fails too. How can I troubleshoot this? Remember I CAN ping google.com so I know I can get out.