Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all 3822 articles
Browse latest View live

Hosting multiple websites on any domain behind TMG 2010

July 11, 2013, 7:02 am
$
0
0

Hi everyone

We're selling cloud applications to our Customer (hosted Exchange, multitenant SharePoint and IaaS Platform) and we'd like to extend our offer with websites hosting. I setup the Azure for Windows server and I published the frontend servers behind TMG

By default, all websites are set with our specific domain (eg hosting.com). So in the TMG publishing rule to our frontends, I specified *.hosting.com in the public name field and everything works like a charm

Customers will then create sites like mycompany.hosting.com but the will surely want to access their hosted website through their own public domain likewww.companydomain.com. The problem is that in the previous TMG publication rule, I can't set the public domain to accept any domain (I can't set the field to * or *.*)

Does anyone has an idea to reach my goal ?

Thanks in advance for your help




Search

TMG Client and application exceptions

July 11, 2013, 7:05 am
$
0
0

Hi fellas

I'm trying to roll-out TMG this week and we have a desktop app that is trying to connect to a local webserver yet the FWC intercepts this traffic and fails thru TMG.

We added the app executable name to the exceptions in TMG and it is working on some workstations but not all. 

Any recommendations on why these changes are not coming down to all of the firewall clients?

Thanks!

SSL with 256bit Strength

August 4, 2011, 3:06 am
$
0
0

We have TMG 2010 and publish a Website with SSL. The Certificate supports 128bit up to 256 bit encryption. How can we force to use 256bit only?

Mark

authentication to webproxy fails using wpad and autodetection, but works fine if proxy is set in the browser

July 11, 2013, 5:30 am
$
0
0

Hello,

some of the clients have trouble with internet access over the TMG. The IE is configured to use wpad, which is setup as an DHCP option. In the logs I can see, that the clients are not authenticated. If I enter the proxy parameters in the browser settings, everything works fine.

Has anybody an idea, what may be wrong?

Regards
Andreas

TMG in Virtual Machine

July 11, 2013, 9:55 pm
$
0
0

Here is my TMG using Plan :

1- I have window 7 on my laptop
2- I have Installed Win2008R2 on Oracle Virtual Box
3- win2008 have 2 LAN card (one attached as internal Network : 192.168.90.10 and one is Bridge as external: 192.168.55.41)
4- The bridge LAN card have internet from my main ISA server
5- I have installed DHCP Server too
6- I installed TMG 2010SP2 ENT on Win2008 Virtual box
7- The VPN Server PPTP configured on this TMG it is using DHCP for assign IP to clients
8- I maked VPN connection from my own windows7 (Laptop) to TMG external IP
9- VPN connection established without any problem

here is my Qustions:

1- My VPN connection take IP from TMG in unknown range  (169.254.197.254)

2- I want my clients to take IP in local range that I made scope in DHCP (Server DHCP Scope 192.168.90.20 - 192.168.90.30)

Please help me and show me solutions

How to Stop transparent proxy for vpn Users

January 7, 2012, 11:50 am
$
0
0

Hi

 

I have my vpn terminating on my tmg box, which is in my DMZ. I have allowed my VPN network through the firewall, but all the port 80 & 443 traffic is being proxied (transparently) by the TMG machine how do I turn this off ?

 

Alex

Lync Server 2010 Publishing with TMG SP2

October 16, 2012, 7:54 am
$
0
0

Hello all!

I have test infrastructure with one frontend server in a pool and one edge server in internal network.

Also I have one TMG server, which is connected to internal network and DMZ with a second NIC.

External address with port 443 is natted to DMZ address interface port 443.

Task is to publish Lync IM to be available to external users.

I read lots of articles how to publish IM to external users. Nothing works. Do I need Edge server for my needs?

TMG show only unidentified traffic 4443 in logs, nothing works.

Could you please describe the procedure step-by-step how to publish Lync IM to external users please.

Thanks in advance.

MVP | MCP Club lead, Moscow

Is it possible to publish a single file based web page with TMG 2010?

July 12, 2013, 4:05 am
$
0
0

Hi,

I want to publish a single web page for maintenance purposes. My TMG server publishes an internal OWA page, but I want to redirect to a maintenance page (i.e. maintenance.htm - "offline until 7am"). I've simply knocked up a single HTML page and copied on the C:\ of the server. Can I get TMG 2010 to just serve a single page or must I point at an actual web server?

Thanks

IT Support/Everything

Search

The server denied the specified Uniform Resource Locator | errors;12302; ASHTTP error code of 500

September 26, 2011, 9:19 pm
$
0
0

Hi All,

 

I'm setting up an exchange publishing rule on a TMG2010 EE box but keep getting this error.

<12302 The server denied the specified Uniform Resource Locator (URL). Contact the server administrator>

Looking at the log I can see the destination IP Address isn't the backend CAS server. The destination IP address is the address the listener is bound to.

Source: 49.x.x.x:49313
Destination: 10.0.x.x:443

This TMG box is in a back configuration with two NIC's, one in the LAN and one in the DMZ.
Traffic is NAT'd to the DMZ listener by our appliance perimeter firewall.
Once it hits the TMG box it's denied. My thinking is it's problem with how the "networks" are defined in TMG.

The publishing rule has the CAS server FQDN & IP configured + a hosts file entry & the rule tests out with all green ticks.

Would any kind folk out there be able to provide any insight into why this might occur?

Client user ask password again and again

July 10, 2013, 9:44 pm
$
0
0

Hello Sir,

I have TMG 2010 web proxy server.

now a days I have facing the problem at client side.

when user access the internet at their system that time it is asking user name and password again and again.

this story is continue to 25 to 30 minutes, and after that it is accept password.

please give me the solution over this issue.

Cant Setup SP2 for Forefront Crypt Init Failed error 0x80090016

March 6, 2013, 6:11 am
$
0
0

Hi guys,

im trying to implement TMG SP2 on our accept servers.

The current situations is as follows:

1 EMS server, 1 Internal Array (2 servers) 1x external array (2 servers). Logging is done in a separate SQL server Database.

Current Version is TMG 2010 enterprise Update 1 Rollup 4.

Array is proxy chained upwards.

Ive succesfully upgraded the EMS server to the new version.

When installing SP2 on the first server in the internal array (Reporting server) the setup crashes at the actionSetFwsrvSdToCSP

=========================

MSI (s) (34:84) [14:56:02:933]: Executing op: ActionStart(Name=SetFwsrvSdToCSP,Description=Sets the Firewall service security descriptor on the cryptographic service provider...,)
Action 14:56:02: SetFwsrvSdToCSP. Sets the Firewall service security descriptor on the cryptographic service provider...
MSI (s) (34:84) [14:56:02:936]: Executing op: CustomActionSchedule(Action=SetFwsrvSdToCSP,ActionType=25601,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (34:8C) [14:56:02:938]: Invoking remote custom action. DLL: C:\Windows\Installer\MSI3645.tmp, Entrypoint: SetFwsrvSdToCSP
14:56:02 ISA setup CA INFO   : ENTRY: SetFwsrvSdToCSP, PID 4644 (0x1224), Current user is Domain\user
14:56:02 ISA setup CA ERROR  : Crypt.Init failed. Error=0x80090016
14:56:02 ISA setup CA ERROR  : SetFwsrvSdToCSP: SetFwsrvSecurityDescriptor. failed, hr=0x80090016

==========================

ive corrected the NTFS permissions on the folder C:\Programdata\microsoft\crypto\rsa\machinekeys.

restarted the server. Protected storage service is running, the server can contact other servers.

Can anyone give me a hint. I need to upgrade the rest of the servers before i can do this in production environment

also attached an image with the error on screen.

Slow upload through TMG

December 7, 2010, 7:00 am
$
0
0

Hi,

I have the same problem that is discussed in this thread:
http://social.technet.microsoft.com/Forums/en-US/ForefrontedgeIA/thread/3871606b-6547-48dd-a79d-053bba72067b

Yuri Diogenes [MSFT] last answer was:"Unfortunetly it is going to take a bit more due the tests that Product Team is currently doing on this. Although we might have a workaround, we are working towards the root cause to fix the issue."

Friday, October 15, 2010 2:12 AM

Is there a fix for this problem?

Anders Månsson Senior Executive Consultant | Design, infrastructure & messaging
MCITP: Enterprise Messaging Administrator MCITP: Enterprise Administrator

TMG 2010 SP2 with Rollup 3 slow download/upload speed

July 14, 2013, 12:40 am
$
0
0

Hi,

I have Service Pack 2 with roll-up update 3. The download speed is constantly limited to 5 Mbps and the upload speed is limited to 1 Mbps. If I use an alternative gateway (Linux), I constantly get 20 Mbps download and 20 Mbps upload

I have turned off Malware Inspection and applied all suggested registry solution plus the script to increase TCP buffer but to no success.

The TMG server (Windows 2008 R2) is installed as a Hyper-V 2012 guest. The alternative gateway (CentOS) is also installed as a Hyper-V 2012 guest. Both are hosted on the same Hyper-V 2012 host. Both are also connected to the same dedicated physical NIC.

Any help would be greatly appreciated.

TMG changes TCP sequence numbers

July 15, 2013, 1:47 am
$
0
0

Hi everyone,

we use the TMG 2010 server as a firewall with two NICs in routing mode. I have observed that the TMG changes the sequence number of outgoing TCP packets. This is problematic for our application. ATM I think the TMG relies on this "feature" for its IPS. Are there other reasons why the TMG would change the sequence number?

Is there a way to turn this off?

What I have tried so far is turning off all IPS/IDS features and disabiling Kernel Mode Forwarding, which had no influence on the sequence numbers.

Thank you,

Moritz

Enabling HTTPS website in TMG2010

July 15, 2013, 2:15 am
$
0
0

Hii

i have setup my TMG2010 in my org. i setup tmg in such way that user can download specific extension , no login access to any site except sites which is allowed by me and with URL filtering. this configuration is working very smooth. Now i want to add a little thing in above configuration i just want to enable HTTPS links when ever user hits HTTPS link he get below error

Error :- Unable to connect Firefox can't establish a connection to the server at developers.google.com.The site could be temporarily unavailable or too busy. Try again in a fewmoments.If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

I want my users can surf on HTTPS sites but cant login and can upload. is this possible????. i have done this for HTTP but now sure about HTTPS

Regard 

Akshay Pate

Akshay Pate Server Administrator

Search

VPN connection problem

July 15, 2013, 3:00 am
$
0
0

We are unable to connect to our network via VPN; users try to connect and the connection status doesn't get any further than :
"Establishing secure connection to vpn.*****.com using 'WAN Miniport (SSTP)'

All other firewall services seem to work fine.

The error log says:

 Operating System      : Windows NT 6.1 Service Pack 1
 Dialer Version        : 7.2.7600.16385
 Connection Name       : TLMI VPN Connection
 All Users/Single User : Single User
 Start Date/Time       : 15/07/2013, 10:43:51
******************************************************************
 Module Name, Time, Log ID, Log Item Name, Other Info
 For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
******************************************************************
[cmdial32] 10:43:51 03 Pre-Init Event CallingProcess = C:\Windows\Explorer.EXE
[cmdial32] 10:43:52 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 10:43:52 06 Pre-Tunnel Event UserName = *********@********.com Domain =  DUNSetting = *** *** Connection Tunnel DeviceName =  TunnelAddress = ****.******.com
[cmdial32] 10:44:15 21 On-Error Event ErrorCode = -2147014836 ErrorSource = RAS

Thanks!!

Marco S

Forefront TMG cannot locate a route to the remote site. As a result, a connection cannot be established. To establish the IPsec site-to-site connection, you must update the routing table.

July 15, 2013, 4:35 am
$
0
0

I'm setting up a site-to-site IPSEC tunnel between Forefront TMG 2010 and Cisco ASA 5512-X. The tunnel initiates fine when there is an interesting traffic coming from the ASA side. Once the tunnel is initiated, the traffic flows both ways.

I can't seem to be able to get the Forefront to initiate the tunnel. On server restart, the following message gets logged in the event log:

"Forefront TMG cannot locate a route to the remote site. As a result, a connection cannot be established. To establish the IPsec site-to-site connection, you must update the routing table."

What exactly do I need in the routing table for Forefront to be able to initiate the tunnel?

TMG 2010 on Hyper-V 2012 Supported

July 10, 2013, 3:26 pm
$
0
0

Is TMG 2010 Supported on Windows Server 2012 Hyper-V Host?

The guest VM would be of course WS2008R2 since TMG 2010 I already saw it is not supported on WS2012.

Are there any issues with this configuration?

 

Eduardo Rojas

Is it possible to create an Addition Receive Connector in TMG on Exchange EDGE Server?

July 8, 2011, 3:44 am
$
0
0

Hi All,

We have TMG and Exchange 2010 edge server installed on the same server.

We have added a additional NIC and want to create another receive connector on the edge server to relay internal email on that NIC.

I have created a "SMTP Route" in TMG to listen on this NIC but in Exchange I see no receive connector created so it is not listening on port 25 on that NIC and IP.

I then tried to create an Receive Connector using the Exchange Console but TMG just overrides and deletes the new receive connector.

any idea?

Thanks

ECL

 

 

 

 

TMG 2010 and Java 7 update 25

July 9, 2013, 1:40 pm
$
0
0

Our company uses an external website for printing barcodes and other various tasks for their manufacturing process.

All of the internal staff connect to a terminal server farm and access the website through there. The request goes through our TMG 2010 servers using integrated authentication.

We recently updated Java to version 7 update 25. Once we did that we have started experiencing various java related headaches with multiple security popups and one that is most concerning being account lockouts when performing certain functions on the website.

We believe we traced it back to Java 7 being the problem and downgraded to Java 6 to workaround the problem. We found numerous articles online about certain versions of Java 7 having integrated windows authentication problems with proxy servers, but they seem to reference them being fixed with u25. Either way, backing out to java 6 fixes it.

Has anyone else seen problems similar to this, and do you have any suggestions on how to resolve it?

Viewing all 3822 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>