Hi
I have hit up a Bad Request (invalid hostname) during accessing the page. Example : https://erp.srw-msia.com:4443/reports while configuring the port 4443 at the SQL SERVER MANAGER 2008. I suspect this is due to the windows security issue. How should I configure to request the Port 4443 is working from accessing the page.
Please assist.
Thank you.
Hi,
I have problems with rule for Outlook Anywhere. It works for some users, and it doesn't work for another.
When I use Traffic Simulator for "not OK" users I recive this message:
Traffic Simulator Error:
The traffic simulation cannot to be completed.
Error description: Access is denied.
And another point:
Alert information:
Description:
Forefront TMG failed to delegate credentials using Kerberos constrained delegation to the Web site published by the rule Outlook Anywhere. This may occur when a Forefront TMG computer is not trusted for delegation to any authentication protocol in Active Directory.
But I made this delagation.... :( And it works (for some users...)
TMG version: 7.0.9193.575 .But I have had the same situation with another versions.
Does anybody could help me with that?
I am stuck in one of the Project and I need your expert advice Hope you can help me out.
Basically we have 2 TMG environment
I am planning to achieve like this.
TMG Version : TMG 2010 SP2 (No Rollups)
Can Anybody help me out in this. Thanks a lot in advance.
In our enviroment we are using Forefront TMG 2010. We want to use Gigaset C610 VOIP phones but this is not working. The gigaset phones make use of an external provider called WEEPEE 2. The phones need to register with this provider and when I allow the ports needed, this not any problem. The problem is when I want to make a phone call, I only hear a busy tone, and I don't see any traffic through the firewall log. So I inspected the traffic with Network monitor and you see the result below.
So I installed the phones after the firewall and everything works perfect, so I'm sure the problem is the firewall. On the technet forums I saw I needed to configure VOIP wuth the wizard in Firewall Policy. I tried every selectection but non is working and I'm already searched 2 weeks for this solution. I really hope someone can help me out.
I have an Exchange 2010 CAS at a second datacentre (but part of the main exchange org and domain) and I am trying to publish EAS and OWA from it through TMG. The name that is being published is drwebmail.contoso.com as opposed to the main site which is webmail.contoso.com. The FF TMG server is currently sitting in the DMZ and is not domain joined, and resides on the same server as the Edge Transport role (don't ask - it's not my design).
I have set this up with the same settings as my main site (where OWA and EAS are published through a domain joined ISA). When I go to ExRCA i get the 401 unauthorised error.
The error: You could not be logged on to Forefront TMG. Make sure that your domain name, user name, and password are correct, and then try again.
I am using Mozilla Firefox and the error appears when I try to log into an online university for class. I do not get the error on Chrome, but Firefox is recommended for classes. I have tried to "resolve" the problem from the directions from this website: http://support.microsoft.com/kb/2579940?wa=wsignin1.0
When it's downloaded & I try to install I get the following Windows Installer error: "The upgrade patch cannot be installed by the windows installer because the program to be updated may be missing or the upgrade patch may update a different version
of the program."
any and all help is very appreciated!
thanks
shannon
Hi :)
I have to create a site to site, L2TP/IPsec VPN tunnel between two TMG servers. the thing is that both TMGs in both sites are placed behind routers, their external interfaces are configured with a private ip address. is it possible to create the VPN tunnel in such situation?
thanks
With the news that Microsoft are discontinuing Forefront Threat Management Gateway, are there any replacements out there? We are rebuilding our setup at the moment and installing Server 2013 etc but we can find no info about any replacement for Web Filtering or Web Protection software.
Any advice please?
Thanks,
Mark
Dear Sir,
I've configured my TMG Single network adapter as Web proxy. Successfully!!!
I've created using GPO in AD my Proxy server.
But?
How to manage the mobile users? and Non Domain users account?
to be able the connect to internet?
hi,
please help me , how to confige close and block any site and uploade files?
tnx.
Hi, we've been using TMG with WPAD deployed through DHCP for almost a year now. Internal network composed of 3 sites (subnets). Since few weeks we've been reported that some random client computers from site #3 looses internet access for a period of time (30min to 2h). While the problematic computer can't load web pages, it:
We've tried the following:
Hi,
I am running a test on testechangeconnectivity.com for autodiscover and for some of the users in the domain I am getting An HTTP 403 error was received because ISA Server denied the specified URL. on the website and12202 Forefront TMG denied the specified Uniform Resource Locator on ISa server 2006 this is only happening for some of my AD users a lot of them work fine, any newly created users do not appear to pass the test, because a lot of users are working fine I am sure it is not a configuration problem with ISA server but I can't be sure they were all working a few days ago.
Any help would be greatly appreciated...
hello,
i published windows ftp service on TMG.
when i'm trying to access the ftp, authorization is successful. but when i want to paste some files on ftp, i'm getting the following error:
"an error occured copying a file to the FTP server. make sure you have permission to put files on the server.
Details:
200 type set to I.
227 entering passiwve mode (xx,xxx,xxx,xx,xxx,xx)
550 Access is denied. "
so when i m entering directly on ftp (without tmg) i can successfully paste and modify files.
any ideas?
Costa Curta
Hi,
I have a ConfigMgr/WSUS Server in my internal LAN and a TMG Server as Firewall/Gateway/Proxy. When I try to use Windows Update on my Test-Client (TMG Client installed), it fails with Code 80244021 (which more or less means it can't connect to it's update server). When I look at the TMG Log, it shows that it blocked access to mentioned WSUS Server. What I don't understand is why, because since the connection from the client to the wsus server is purely LAN-based, why does it even touch the proxy? Both the domain suffix and the ip range is configured for the TMG Network "Internal", so it should be possible to connect directly.
Do I have to create a firewall policy or publish policy to allow local access to my wsus?
Regards,
Pharao2k
Hi all,
I'm currently trying to put together a small test environment.
I have configured my TMG server with an external NIC 'EXTNIC' and an internal 'INTNIC'. The IP info for each is:
EXTNIC: 81.1.1.10 / 24 and INTNIC: 10.107.211.11 / 24
I am trying to test a LYNC 2013 Web Services rule which is simply a web publishing that listens on 81.1.1.10 for 443 connections and then bridges them on into the internal network on port 4443.
All of the internal Lync web sites are accessible when I access from the TMG server itself so can confirm certs are good and url's accessible.
The internet simulation bit starts here:
I am running my tests from a Windows 7 client that has an IP address of 81.1.1.100 / 24 so as to be able to contact the external listener on TMG....81.1.1.10. The problem I have is that the requests being sent from the client are skipping the web rule for Lync and being denied by the Default rule.
Is this because the client is on the same network as the external NIC? Typically in a real life scenario the client would be on a different routable network.
Any ideas on this one?
i have TMG server sp3 and it was working like a charm but iam trying to connect to the management console it gives me a server is not operational message with error code 0x8007203a so icame to the services and tried to start the ISASTGCTRL service but i didn't and it gives me an error of 0xc0000001 so i came to the event viewer and tried to view the error messages corresponds to the ADAM service and i found these errors :
ISASTGCTRL (3664) ISASTGCTRL: Unable to read page 5124 of database C:\Program Files\Microsoft Forefront Threat Management Gateway\ADAMData\adamntds.dit. Error -1018.
and
ISASTGCTRL (3664) ISASTGCTRL: Database recovery/restore failed with unexpected error -1018.
Active Directory Lightweight Directory Services could not be initialized.
The directory service cannot recover from this error.
User Action
Restore the local directory service from backup media.
Additional Data
Error value:
-1018 JET_errReadVerifyFailure, Checksum error on a database page
and
Internal error: An Active Directory Lightweight Directory Services error has occurred.
Additional Data
Error value (decimal):
-1018
Error value (hex):
fffffc06
Internal ID:
4078b
and even tried to change the service account of ISASTGCTRL service with the local system account and restart the service but i didn't it give me these errors even tried to modify the permissions to read and write of the ADAM and ADAMDATA folders with anonymous login account and tried to start the ISASTGCTRL but i didn't also
sooooooooooo any help here ??????
Was asked some general questions about TMG and could not find the answers:
- Does Microsoft provide a list of databases that they pull from for their categorized sites?
- How frequently are those databases updated?
- When someone clicks on the button to request a site gets added as a safe site, what is the typical turn-around on the processing of that request?
Thanks.
I need to Disable a rule programmatically from time to time depending on occupancy.
How can I disable/enable "Sample Rule" and have TMG apply the changes when done?
More than a month ago we installed NEC SV8100 VoIP systems in our two offices that are connected via MPLS circuit. Our west coast office has a TMG 2010 installed as an edge firewall. All TMG services, web and SharePoint publishing is working just fine but we simply cannot get VoIP to work for our remote NEC phones. By remote phones we are talking about the NEC VoIP phones that home office employees use to connect to our NEC PBX.
Remote phones do connect to our published SIP address using NAT traversal and they are programmed to use SIP Mate port 5080 (NEC requirement). Problem is that either the calls always drop after couple of minutes and remote phone either is ready for another call in few seconds or it shows network busy and reboots.
On the TMG side NEC told us to disable TMG VoIP services (we did try with them configured and turned on but with same results) and use UDP port forwarding as follows:
5080 & 5081 = Forward to the address in 192.168.10.12
10020 – 10051 = Forward to the 1st IP address in 192.168.10.13
10052 – 10083 = Forward to the 2nd IP address in 192.168.10.14
10084 – 10115 = Forward to the 3rd IP address in 192.168.10.15
10016 – 10147 = Forward to the 4th IP address in 192.168.10.16
10148 – 10179 = Forward to the 5th IP address in 192.168.10.17
10180 – 10211 = Forward to the 6th IP address in 192.168.10.18
10212 – 10243 = Forward to the 7th IP address in 192.168.10.19
10244 – 10275 = Forward to the 8th IP address in 192.168.10.20
We created user defined protocols to allow UDP traffic with specified port ranges with Primary Connections set in Receive Send direction and Secondary Connections direction set as Send Receive for same UDP port range. Server publishing rule was than created for each port range/protocol and published external TMG dedicated SIP address as requested.
We did try all many different rules and configurations but are running out of ideas.
If anyone has ideas, suggestion and especially experience with NEC specific VoIP configurations, it would be greatly appreciated.