Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

ForeFront TMG 2010 Error 12302 in SharePoint 2010 upload documento to a folder

March 30, 2011, 10:42 pm
$
0
0

Hi all,

    I've a problem when uploading a document to a document library. I've a SharePoint 2010 published with ForeFront TMG as Reverse Proxy with HTTPS. In my SharePoint I've a Document Library with one folder with an accent in it name (I'm from spain), I've Managed Metadata feature enabled in the site too. Then when I click "Add new document" the popup appears, then I select the document and the destination folder, when I push the ok button then an error 500 appears on the screen. This error becomes from Forefront TMG. In Forefront TMG logs I can see a Denied Connection with error code 12302 or 12202. The server denied the specified Uniform Resource Locator (URL).

    I'm not able to find the solution. Any idea?

Thanks!!

Search

Design Question - Using TMG to publish HTTPS app - TMG server inside a DMZ with Active Directory

May 31, 2013, 9:49 am
$
0
0

I'm being asked to set something up.  I know enough about TMG to be dangerous.  I can build a simple rule, but that's about it. 

I'll see if I can explain this.  We're being asked to use an Active Directory domain in a DMZ as an authentication point to an internal website using HTTPS.

I'll try to draw this with text here:

User from Internet =>  https://site.company.com:443 (use a wildcard cert here).

Enter DMZ, NAT'd IP address to NIC #1 on the TMG server.  NIC #1 is the primary NIC and the TMG server is a member of the AD domain in the DMZ.

TMG server has 2nd NIC.  NIC#2 connects to the internal corporate network which is a separate AD domain.

Requirement is user is prompted for credentials, which would be the DMZ AD Domain.  Upon authentication, the user is forwarded/proxy'd to the internal site:  https://site2.internalcorporate.net:443

That site has an internal authentication method so the user must use credentials a second time.

Makes sense to me, but I've not had luck finding any information on how to set this up on TMG.  We typically don't do anything with ISA or TMG.  A rule is set up and then we rarely if ever touch these servers.

Right now, the TMG server is a new deployment.  The TMG server is set up using a back firewall template.

Does anyone know how this would be configured or if there is documentation that covers something similar to this? 

Thank you

Ted


Blocking remote shutdown command

May 31, 2013, 2:07 pm
$
0
0

Hello,

I am using ForeFront TMG 2010 and I am curious if there is a way to block the remote shutdown command?  I recently had to rebuild the TMG server from scratch after our ISA 2006 server crashed.  Prior to rebuilding the server, the shutdown command (shutdown /m \\myserver) was disabled.  It is now enabled and I suspect that there was something configured on the old ISA server to block it, but I am not able to find anything...

How to open ports on TMG 2010 for Lync Mobility

June 1, 2013, 11:38 am
$
0
0

Hi ,

I have configured Lync mobility and published it using TMG 2010. Or set up is such that there is a cisco firewall (at our ISP's location) in front of the TMG. The TMG has a public IP configured exclusively for Lync Mobility traffic but for some reason when we test for open ports on the Lync Mobility Public IP the ports appear closed. The ISP assures us they are open on the router and we believe that going by other the public IPs definned on the same router. Is there something we need to do on TMG for this ports to be open on the public IP for Lync Mobility i.e. 80 & 443 ?

Thanks

Iwafula

TMG SitetoSite VPN problem

June 1, 2013, 11:57 am
$
0
0

Hi all and thanks for attention.

My configuration is like in image:

Site A, TMG2010 with 5 NIC

NIC1: Network Balancing with NIC3 for lan web access

NIC2: Dedicated at the Site to Site VPN

NIC3: Network Balancing with NIC1 for lan web access

NIC4: Dedicated at pubblic web services

NIC5: LAN

Side B, TMG2010 with 3 NIC

NIC1: Lan web access

NIC2: Dedicated at the Site to Site VPN

NIC3: LAN

Most works nice: all server and pc on the two lan can ping and use all the services that i need.

The problem is only in HTTP services:

PCB can ping SERVERA, can telnet in port 80 SERVERA, but with web browser i can't browse web server SERVERA. My browser give me an error:

Error Code 10060: connection timeout
    Sfondo: the gateway not receive an answare in time. The net can be full or can be problem in the web site.
    Date: 30/05/2013 09:29:38 [GMT]
    Server: XX-XXXXX.domain.local
    Origin: firewall

The problem i think is because web service pass throught proxy in TMG server. In fact the TMGB can't reach the remote network, so can't browse SERVERA.

TMGB can't ping any of machines in the remote network and TMGA the same. The network communicate each other, but the TMG SERVERS no.

How did i forget after VPNSite to Site configuratione for make the 2 TMG servers communicate with the remote networks?

Thanks all very much.

Mauro.


Publish local site through TMG 2010

May 14, 2013, 12:22 am
$
0
0

I have local web base software on seperate machine which need to publish on internet and allow my remote users to get connect to this local software. I have Live IP that configured on router and routed to TMG 2010 server. On TMG 2010 created publish web site rule and configured all required information as needed related to web base software informaiton. Now when i try to access my web application from remote location through TMG receiving no page display error.The URL is being accessed is http://123.123.123.123:9867 and also allow port on my router and TMG Server as well. 

When try to access directly means by pass TMG server the URL is accesable http://123.123.123.123:9867 with out any issue.

Kindly some one assist where I am making mistake to face this problem.

Mr

June 1, 2013, 11:39 pm
$
0
0

Hi, 

I have installed TMG 2010 as an edge firewall in a workgroup environment with internal DNS servers installed, now the problem is that while browsing my company's website hosted outside, an error pops up(Error  code: 502 proxy error the pipe is being closed 232, however it was working fine before the deployment of internal dns servers, forwarders have been set to 8.8.8.8 and ISP s dns in local dns servers, Host A record of www has been created for the company's website but still not able to browse it. :) tmg is blocking it.

Can anyone help me out pleas?


Tmg 2010 Server Category set

May 31, 2013, 8:50 am
$
0
0

Dear Sir,

I have agreed for providing Mail service only from TMG 2010 Server.But Sometimes yahoomail,rediffmail,msn,and gmail are blocking from Tmg 2010 server.Can u able to help me to allow the mail service.Which categoried i need to allow?

Please help me i cant survey my IT.

pLEASE HELP ME.

Search

how to blocking uplode in isa server 2006?

June 2, 2013, 7:33 am
$
0
0

hi,

 please help me , how to confige close and block any site  and uploade files?

tnx.

request authentication only to non-domain computers

June 3, 2013, 2:05 am
$
0
0

Hi all,

I have put in my organization the request of authentication active to all trafic by setting it up in web policy rules the last rule of web traffic to have the authenticated users instead of all users and the exception of system user.

So using this configuration, what happens is that the domain users on a domain computer sometimes have the authentication window requesting the credentials and even putting the data the window reapears.

So my idea is to have if possible few or none anonymous traffic and all the domain users with domain computers wich have installed the firewall client. The outsider computers every time they need internet the have to put the credentials supplied by me.

How to Direct all web requests to TMG

June 3, 2013, 4:58 am
$
0
0

Hi,

I've followed the step-by-step instructions to install TMG 2010 on windows server 2008 R2 Enterprise SP1 as a proxy service.

Many access rules been created to manage user's Internet access ,It's going on smoothly since we were adding the proxy address and port no. manually on IE settings.

But how can we direct all web requests from clients to TMG to apply the access policy with no need to do it manually(forcing).

Is it related to network configurations?Routing Issues?

your  reply will be much appreciated

Thanks in advance,

Niveen

 

ISA TMG 2010 (how to block P to P connection and torrent download)

June 3, 2013, 5:09 am
$
0
0
I want to block torrent files and P to P connection in my office using ISA TMG 2010. Can anyone guide me with this. Because blocking port is not helping as their is no fixed port for P to P connection. 

Issue with Publishing OWA

May 15, 2013, 4:15 pm
$
0
0

Hello,

   Having an issue with Outlook Web Access 2010 and Threat Management Gateway.  The OWA login screen comes up when the mailbox.mrm2inc.com/owa is entered into the browser, both internally and externally.  Internally when the user enters their username and password they are able to get to their email.  When a user externally enters in their username and password, it flashes off the screen and back to the login screen.  Anyone have any idea what would cause this?

Michael R. Mastro II

Migration from ISA to TMG

June 4, 2013, 3:36 am
$
0
0

Hi,

We have ISA 2006 without SP and now we'd like to migrate to TMG 2010. New dedicated hardware is ready for TMG, so we need that someone validate procedure for migration, so please advise if is correct.
1) backup all rules on ISA 2006
2) fresh OS installation on new server W2k08R2 SP1

3) re-import all SSL certificates to TMG
4) import ISA rules into TMG
5) check all settings and test it.
That is in general. Did I miss anything critical?

Question about client: at the moment DHCP gives Default Gateway IP address for all clients. DG is ISA. How and when switch it to the TMG?
Should or must or shouldn't TMG computer name will be the same as current ISA server computer name?

What else is critical? 

Configuration lost...!!!

April 15, 2012, 7:15 am
$
0
0

Dear Friends..

today i got a mail from my client that they getting loads of SPAMs .. thought lets check TMG .. but there is no configuration in nay of my TMG servers.. when i see my TMg console .. first it is not opening up.. and if it is .. then its not showing any configuration... guys this is very critical and urgent ... please help

UPDATE : .. :(

i got 2 TMG servers and that was configured with another TMG store server for the configuration ... which was a virtual server.. now by mistake we deleted that HDD for the store server... so both the TMG are without config server now .. is there any thing which can be done .. i have my production clients on this .. please help ...

Thanks
Happiness Always
Jatin



Search

tmg 2010 ingoing packet dropped because destination address does not exist

June 4, 2013, 7:11 am
$
0
0

Hi Everyone,

I have a problem with my TMG, it seems to randomly decide it doesn't want to allow outbound access anymore for random clients.

I get the following errors in the realtime log when attempting to connect:

An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists.
FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESTINED
0xc0040050


I have over 400 clients, and this is about the 10th client it's decided it doesnt like anymore, but it appears to be doing it with increasing frequency. Nothing is changing in regards to networking configuration, VLANs or anything. However one thing that appears to resolve the issue is moving the client to a new VLAN, leasing it a different subnetted IP, however, my most recent client is actually a server, now being refused outbound access, and I am unable to change it's VLAN, as I need to keep the IP the same... so i'm stuck. Please help!

TMG is fully up to date, I am not using the TMG client firewall on my clients. It is configured as a Proxy/Firewall.




SSL Offloading behavior in TMG

June 5, 2013, 2:22 am
$
0
0

Hi,

I've recently come across a strange behavior in TMG when doing SSL Offloading of a web published site.

Basically when an https request is made to a site, what happens is that the Host header sent to the actual site (although connected to the correct port) will contain the port to which the original request was actually issued to.

Example:

1) User accesses site https://www.xyz.com (naturally connecting to port 443), with host header: "Host: www.xyz.com".

2) TMG, configured to offload SSL traffic to port 80 on the server, connects to the actual webserver on port 80 and sends in the header the following: "Host: www.xyz.com:443".

Now, this has never been an issue and all sites seem to accept it and not complain, however I've recently had issues with one particular site which uses this header information and fails.

I've tried Link Translation to force the behavior to not occur but it doesn't work: it seems the Host header is added after the translation process.

Can anyone help me clear up if this is the common behavior and if there is a way to correct it/work around it?

Thanks in advance.

Ricardo.

TMG Error message you do not have “You do not have the permissions required to access this Web site."

June 5, 2013, 5:12 am
$
0
0

Hi,

I'm getting the following error message when I try log in to my SharePoint 2010 site using the forefront TMG login page that's used for external access -

“You do not have the permissions required to access this Web
site. Please contact the Web site administrator.”

All users have permission on the SharePoint sites to at least read. Even administrators get this message.

I only have one web application in IIS and internal users access this using the local machine name. my external domain name is also bound to this web application.

the alternate access mappings are also set up on the SharePoint Server

Any help would be greatly appreciated. it's driving me mad as I need to  get it working within 2 weeks!

TMG Publishing Rule-Listener with client certificate requirement does not check for revocation

June 4, 2013, 7:46 am
$
0
0

Hello all,

I have read a lot of sites and posts regarding Cert revocation but still have not found a working setup yet. We are publishing a website using a dedicated listener that requires client certificates from either an internal PKI (Based on Windows 2008r2) and an External PKI (Based on the opensource XCA tool). The internal CA's have the CDP/AIA information published and updated and are available via HTTP and LDAP. The TMG 2010 Server is member of the domain and can retrieve all certificate revocation information successfully using CERTUTIL -f -urlfetch -verify my-user-cert.cer.

The TMG server can also download the CRL using the CERTUTIL -URL "http://crl.domain.com/CAInfo/filename.crl".

I have installed the root/issuing/personal certificates on my iPad in the profiles store and can successfully open the website using Safari after importing those certificates, which I could not without those certs. So Certificate issuing-check is working fine, however when I revoke the certificate on the CA and replublish the CRL then the iPad can still access the website. When I sniff the traffic on the TMG server I also cannot easily see any trace of the server trying to even access the CRL either via an LDAP query or HTTP request.

When I run the CERTUTIL revocation check internally or via the internet works fine and shows the certificate is revoked. I also cleared the CRL cache locally on the TMG servers and downloaded the lates one via the CERTUTIL -f -urlfetch ... command.

What am I missing? On the TMG Server the System Policy "CRL Download" is enabled.

I hope you can help me out!

Many thanks,

Eric 

Best regards and many thanks in advance, Eric Vegter

TMG problem

May 27, 2013, 2:59 am
$
0
0

Dear All ; 

greetings of the day , 

Please i have an problem in in my proxy (TMG) . the problem is broken image when i use the tmg as a proxy .

I disabled the caching from it but the image broken problem is still , and i must inform you that the tmg in ESX5.0 in 7GB RAM . Our design is : ASA firewall and TMG as a web proxy . so please advice 

thank you all 

waleed odeh 

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>