Skype TMG 2010 problem
Dear Sir
I have a problem configuring my TMG 2010 proxy allowing skype to go through while HTTPS inspection is on.
I execlude *.skype.com, *.skype.net from the inspection process, but still i couldn't connect, morover when I disable HTTPS inspection feature it's work just fine.
regards,
guys any one have the same problem!?
Similar Messages
-
Problem with blocking upload file TMG 2010
I'm using TMG 2010. I have 3 rules :
1/Allow Internet Access :
protocols : dns, http, https
from: loclahost, internal to: External
2/Allow Protocols :
protocols : all traffics
from: localhost, internal to: localhost, internal
3/Defaul Rule : Block all.
The problem is : i want to block upload file from internal to external so i've made HTTP filter in Allow Internet Access like this : Config HTTP --> Signature : Search in: Request Header
Http header: Content-Type:
Signature: mutipart/form-data
Methods : Block method POST
Unfortunately, it's not work and i dont know why. If i create a rule block web, it's work. Plesase help me. Thanks !Hi,
You could check the following blog to see whether you missed anything.
How to block Attachment Uploads using Microsoft TMG
http://www.kuwaitgeekz.com/?p=2248
(Note: Microsoft provides third-party contact information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
TMG 2010 report problem Operation has timed out
Hello.
I stuck and i'm really need assistance
We has a TMG 2010 RTM version and i decide to update it to latest rollup and SP (dumb head)
So at now we have TMG 2010 SP2 rollup 4.
Before i update TMG reports work fine but at now reports not working at all.
When i try execute a report ( or shedule daily or weekly report) i have same issue
Error 31289:
The report "Daily" could not be generated. Report Server error information: The report Daily could not be generated. Report Server error information: The operation has timed out.
The error occurred on object 'Reports' of class 'Reports Configuration' in the scope of array 'TMG`
I read all guidliness( include this http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-to-use-SQL-Server-2008-Express-Reporting-Services.html) and not find something useful.
Settings correct, and i not changed any settings.
And at now my ideas end i ask your help.That would be expected as the RAT key does not exist by default on a TMG system. You will need to create it and the subkeys referenced along with the values.
Create as described in the article.
Hth, Anders Janson Enfo Zipper -
Forefront TMG 2010 Error from management console
Hi,
I am having a problem connecting to a TMG 2010 array from an installation of TMG management console we are receiving the error 'Refresh Failed' 'Error 0x80070057' ' The Parameter is incorrect'.
The only article i can find on this error is this http://support.microsoft.com/kb/2591719 which doesn't seem to apply to our setup or this problem but I have applied Service pack 2 anyway but still get same error. The only other thing i can find is
a few people saying the management console needs to be at the same version as the TMG servers you are trying to connect to but I cannot see how this can be done as when I try to run the service pack on the machine with only the management console I get an
error as the full installation is not there.Hi,
Firstly, have you found any related information in the event logs?
Nest, you can check the version of the TMG server from the TMG help menu, TMG system node or using Control Panel. For more detailed information, please refer to the link below:
How to Determine Which Version of TMG
Server 2010 Is Installed
In addition, what hotfix rollup or Server pack have you installed? Please refer to the recommended order below:
Forefront TMG 2010 Service Pack, Rollup, and
Version Number Reference
Best regards,
Susie -
Hi,
I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
My setup is as follows:
outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
password is selected in the publishing rules.
Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
set in AD.
If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
and change my password using the correct URL. However if I point my browser at
http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
The only recent changes made are:
- Disabling SSL 3.0 and enabling TLS (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
- Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
If I try to use ldp.exe on the inner TMG, I get the error in the pic below
Thanks
IT Support/EverythingHi,
You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
TMG 2010 – FBA, troubleshooting the change password feature
http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
Best Regards,
Joyce -
The main issue is that the external Lync clients can't connect to the Lync server. The reason this happens is blocked ports on TMG.<o:p></o:p>
There is Non-web server publishing rules setup allowing inbound connection from public ip to Lyncedge server's external ip using tcp ports: 443, 444, 445, 5061, 50000-59999 (inbound).<o:p></o:p>
All the rules use to work fine and the external Lync clients were connecting fine, but now when i test the ports on the public ip, using
web tools (like checkmyports.net) I am getting "Port is Closed" for all of them.
What is not allowing the ports to be open?<o:p></o:p>
Nothing has been changed on the TMG server. The other rules (Activesync and OWA access) on the TMG work with no problem.<o:p></o:p>
Any help would be greatly appreciated!<o:p></o:p>Hi,
Thank your for your post here.
Please double check your configuration via the article below:
http://ucbeacon.blogspot.com/2013/03/configure-forefront-tmg-2010-as-reverse.html
Please also check the TMG live logging.
Best Regards
Quan Gu -
Unable to install Forfront TMG 2010 on Server 2008 R2 with SP1
Hi I am Installing TMG 2010 on Server 2008R2 with service pack 1 ... then I am getting the error as below snapshot...kindly help me out
Hi Deepak
THanks a lot for your quick responce . Please find below logs which I 've find from C:\Windows\Temp. there are three text file in this folder. here I 've paste three files content as below
14:14:02 INFO: Installer activated, command-line=''
14:14:02 INFO: Expanded full extraction path of SQL Express 2008 SP1 Package is 'C:\Windows\temp\{196A1AC7-AE04-46AA-8CB3-196D6F4760C0}'.
14:14:02 INFO: Install scenario
14:14:02 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
14:14:02 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
14:14:02 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
14:14:02 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
14:14:02 ERROR: CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
14:14:02 INFO: CSSEInstaller::Prepare: Failed to get the instace id of MSFW
14:14:02 ERROR: CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
14:14:02 INFO: CSSEInstaller::Prepare: Failed to get the instace id of ISARS
14:14:02 INFO: CMsiAttendantInstaller::Prepare: Upgrade code is not set
14:14:02 INFO: CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
14:14:02 INFO: Installing ISA (Core components)...
14:14:02 INFO: CFirewallInstaller: Activating installation, command line args = '-I "F:\FPC\MS_FPC_Server.msi "WRAPPER=1 ARPSYSTEMCOMPONENT=1 MEDIAPACKAGEPATH=\FPC\ REBOOT=ReallySuppress'
14:14:16 ERROR: Setup failed. Error returned: 0x643
14:14:16 ERROR: CBasicInstaller: Install failed, hr=0x80070643
14:14:16 ERROR: Installation failed. hr = 0x80070643
14:14:16 ERROR: Installation failed, hr=0x80070643
14:14:16 ERROR: InstallProducts: Install ISA (Core components) failed, hr=0x80070643
14:14:26 ERROR: Wrapper: Install failed, hr = 0x80070643
14:14:26 ERROR: Wrapper: DoSetup failed, hr = 0x80070643
14:14:26 ERROR: Wrapper: DoSetup failed, hr = 80070643
14:14:26 ERROR: Setup of ISA failed. Return value: SETUP_ERROR_ISA
IInd File
14:14:10 ISA setup CA INFO : ENTRY: ValidateSKU, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:10 ISA setup CA INFO : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
14:14:10 ISA setup CA INFO : This is EE installation
14:14:10 ISA setup CA INFO : EXIT: ValidateSKU, Custom Action succeeded
14:14:10 ISA setup CA INFO : ENTRY: SetServerServiceRunning, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:10 ISA setup CA INFO : Service lanmanserver is running
14:14:10 ISA setup CA INFO : EXIT: SetServerServiceRunning, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: PropertyAssign, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : FW Services feature state: -1
14:14:11 ISA setup CA INFO : EXIT: PropertyAssign, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: SetDotNetInstalledProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : EXIT: SetDotNetInstalledProperty, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: SetRebootRequiredBeforeInstallationProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : CheckExistValue failed. key = PendingFileRenameOperations.
14:14:11 ISA setup CA INFO : FOpenKey failed. key = SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.
14:14:11 ISA setup CA INFO : FOpenKey failed. key = SOFTWARE\Microsoft\Updates.
14:14:11 ISA setup CA INFO : EXIT: SetRebootRequiredBeforeInstallationProperty, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: SetISARegistrySettingsForCOM, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : VerifyPropertyEqualValue: Property Sku =
14:14:11 ISA setup CA INFO : EXIT: SetISARegistrySettingsForCOM, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: Set_RrasIsVpn, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : RRAS is configured as VPN.
14:14:11 ISA setup CA INFO : EXIT: Set_RrasIsVpn, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: EE_ValidatePropertiesSyntax, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : Checking the length of properties
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ENTERPRISE_NAME length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ENTERPRISE_DESCR length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property STORAGESERVICE_ACCOUNT length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property STORAGESERVICE_PWD length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property STORAGESERVER_CONNECT_ACCOUNT length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property STORAGESERVER_CONNECT_PWD length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ARRAY_NAME length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ARRAY_DESCR length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ARRAY_DNS_NAME length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property REPLICATION_SOURCE_PATH length < 260
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property ARRAY_ENTERPRISEPOLICY length < 300
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property CLIENT_CERTIFICATE_FULLPATH length < 260
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property SERVER_CERTIFICATE_FULLPATH length < 260
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property SERVER_CERTIFICATE_PASSWORD length < 32
14:14:11 ISA setup CA INFO : VerifyPropertyLength: Property FULLPATHANSWERFILE length < 260
14:14:11 ISA setup CA INFO : Length of all properties is correct
14:14:11 ISA setup CA INFO : Checking the syntax of some properties
14:14:11 ISA setup CA INFO : Syntax condition of all properties is correct
14:14:11 ISA setup CA INFO : Checking the syntax of the MSIPROP_ARRAY_INTERNALNET properties
14:14:11 ISA setup CA INFO : Syntax of the properties internal range property is correct
14:14:11 ISA setup CA INFO : Checking the syntax of the property ARRAY_INTERNALNET_ENT_NETS
14:14:11 ISA setup CA INFO : Syntax of the property ARRAY_INTERNALNET_ENT_NETS is correct
14:14:11 ISA setup CA INFO : Checking the syntax of the property INTRA_ARRAY_ADDRESS_IP
14:14:11 ISA setup CA INFO : Checking the syntax of the property HOST_ID
14:14:11 ISA setup CA INFO : Checking the existance of files in properties
14:14:11 ISA setup CA INFO : All properties that contain files exist
14:14:11 ISA setup CA INFO : EXIT: EE_ValidatePropertiesSyntax, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: ValidateRDPAddressType, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : TMG remote installation uses IPV4 connection
14:14:11 ISA setup CA INFO : EXIT: ValidateRDPAddressType, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: GetEnvParams, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : The machine does not belong to any domain
14:14:11 ISA setup CA INFO : EXIT: GetEnvParams, Custom Action succeeded
14:14:11 ISA setup CA INFO : ENTRY: CalculateFirstDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:11 ISA setup CA INFO : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']
14:14:11 ISA setup CA INFO : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
14:14:11 ISA setup CA INFO : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
14:14:11 ISA setup CA INFO : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
14:14:11 ISA setup CA INFO : First Dialog in the flow: FirstDialog = InstallWelcome
14:14:11 ISA setup CA INFO : EXIT: CalculateFirstDialog, Custom Action succeeded
14:14:13 ISA setup CA INFO : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:13 ISA setup CA INFO : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
14:14:13 ISA setup CA INFO : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
14:14:13 ISA setup CA INFO : Next dialog in the flow is: NextDialog = LicenseAgreement
14:14:13 ISA setup CA INFO : EXIT: CalculateNextDialog, Custom Action succeeded
14:14:15 ISA setup CA INFO : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:15 ISA setup CA INFO : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
14:14:15 ISA setup CA INFO : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']/Dialog[@name='CustomerInformation']
14:14:15 ISA setup CA INFO : Next dialog in the flow is: NextDialog = CustomerInformation
14:14:15 ISA setup CA INFO : EXIT: CalculateNextDialog, Custom Action succeeded
14:14:16 ISA setup CA INFO : ENTRY: ValidatePIDGenX, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
14:14:16 ISA setup CA INFO : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
14:14:16 ISA setup CA ERROR : LoadLibrary(F:\FPC\Program Files\Microsoft ISA Server\msfpcPidGenX.dll) failed, ec=193
14:14:16 ISA setup CA ERROR : Setup failed while validating Product ID.
14:14:16 ISA setup CA ERROR : (Error 28021) Setup failed while validating Product ID.
14:14:16 ISA setup CA ERROR : EXIT: ValidatePIDGenX, Custom Action failed (0x643)
IIIrd File
Logging stopped: 4/7/2014 14:14:16 ===
MSI (c) (E4:34) [14:14:16:224]: Note: 1: 1708
MSI (c) (E4:34) [14:14:16:224]: Product: Microsoft Forefront Threat Management Gateway EE -- Installation operation failed.
MSI (c) (E4:34) [14:14:16:224]: Windows Installer installed the product. Product Name: Microsoft Forefront Threat Management Gateway EE . Product Version: 7.0.7734. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status:
1603.
MSI (c) (E4:34) [14:14:16:224]: Grabbed execution mutex.
MSI (c) (E4:34) [14:14:16:224]: Cleaning up uninstalled install packages, if any exist
MSI (c) (E4:34) [14:14:16:224]: MainEngineThread is returning 1603
=== Verbose logging stopped: 4/7/2014 14:14:16 ===
Below error Code I got from Application Event
Product: Microsoft Forefront Threat Management Gateway EE -- Setup failed while validating Product ID.
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events
cannot be delivered through this filter until the problem is corrected. -
Publis a monitoring camera through TMG 2010
Hi, I have a monitoring IP-camera inside my LAN what I want to publish through TMG 2010 to access from outside. The camera has a build in webserver running (currently) on port 80. Insuide the LAN (no restrictions) everybody who has a login to the cam can
watch. So the cam is working pretty well. Now I created a web publishing rule in TMG 2010 for the Cam but it seems not to be enough. I easily can connect to the log-on screen of the cam, I can log in, but than I get an empty (black) picture(Cam healthy light
on the screen is yellow instead of green, means the video is not working)! No stream is visible. The cam should not use any other (additional) ports, I checked that by using wireshark. What can be the problem that TMG blocks the stream?Hi,
As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark
the answer as you wish.
BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
Best regards,
Susie -
]TMG 2010 SP2 Rollup 5 - None Available Worker threads
Hi Guys,
We're experiencing some problems with our TMG 2010 Array (SP2 Rollup 5 ),and the first thing I can see is that the "Available Worker Threads" are 0 many times during the day. How can debug further this issue to know the root cause?'
Best Regards
Federico Giampietri Latamsupport IT Infrastructure ServicesHi,
>>"Available Worker Threads" are 0 many times during the day.
Could you see any other abnormal symptom in TMG?
The issue in the KB below has a symptom that "The Available Worker Threads counter in the Forefront TMG Firewall Service may suddenly decrease to zero". But this has been fixed in Rollup 5. If you still have the same issue after
installing Rollup 5, you may need to open a case with Microsoft.
FIX: Server that's running Forefront Threat Management Gateway 2010 stops accepting all new connections and becomes unresponsive
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hi all,
I upgrade from ISA server 2006 to TMG 2010 . In the ISA server we using forward proxy from authenticate and nonautheticated users . But after I upgrade to TMG 2010 nonautheticated users which try use proxy , the proxy return access denied.... in the proxy
is setting all users ... How I set for nonautheticated user ?
thanx
FalconHi,
Proxy traffic always needs the session to be authenticated. Only secure NAT client can work as unauthenticated sessions.
For your problem, change all the client gateway to TMG and put an anonymous access rule. -
TMG 2010 Array Brings down the entire internal network
Ok, so this is a weird as it sounds.
We've been working with ISA and TMG since 2004, this is the first time I've seen this kind of behavior. Let me explain the details.
We implemented 3 TMG 2010 Servers in an Array and 2 EMS Servers on Windows Server 2008 R2. Each TMG Server has 4 NICs (Internal, External, DMZ-Intra-array). At first we wanted to enable them with an F5 Hardware Load Balancer but after weeks of trying to
make them work together we couldn't (SNAT and routing issues related), so we tried using Windows NLB but had problems with the Multicast configuration using VMWare and after some other battles we decided to first try out just using one TMG Server as the main
one to try to make it work. The customer we are implementing this is currently using ISA 2006 and they wanted to upgrade to TMG 2010 using basically the same stuff as their ISA had, so we backed up that configuration and imported it into TMG without problems.
We added the TMG Servers on the EMS configuration and everything replicated just fine.
Since they already had IPS, Cisco ASAs and Ironports as Proxy they decided to disable NIS, Malware inspection, Flood Mitigation and all those things TMG has for better securing Internet traffic.
The firewall policy rules are about 100 and they have 3 publishing rules to HTTPS Services.
So after making the necessary configuration changes to the TMG infrastructure, we then decided to unplug the ISA Servers, change the TMG servers IP Address to the ISA Server ones and test to see if everything worked just as ISA Server did. However it didn't.
At first we have issues related to slow internet traffic, after troubleshooting for some time we ended up finding out that the Source IP used by TMG was different that the one ISA was using, even if the same IP was configured in the NIC and the other IPs
were configured as alternate. We found out after some searching that Windows Server 2008 R2 uses some RFC and manipulates the IP Address on a NIC in a way that 2003 didn't. We found out that we needed to add the other IPs via Netsh int ipv4 add address
<Interface Name> <ip address> skipassource=true
After that configuration we got things working fine... for a while, several hours later, servers started losing connectivity, switches stopped responding and the entire network was collapsed! After unplugging the TMG Servers, everything returned back to
normal. We though this was a issue related to drivers or something to do with VMWare plataform, so it was decided to reinstall everything on physical servers.
After some days of reconfiguring again TMG Servers, we made the switch again, unplugged the ISA Servers, configured the TMG with the ISA IP Addresses, did the NETSH thing and then tested out everything and everything worked.
But again hours later the same behavior appeared once more! Servers and switches stopped responding and the entire network went down once more! Again we unplugged the TMG Servers and everything returned back to normal!
So here we are, back to square one with no clue on what is causing this behavior on the network. The current physical servers are running HP 3666i 4 multiport 10Gb NICs, we don't know if that has something to do with this. Or the fact the the switch core
to which the TMG servers are directly connected to is a Nexus 7000 and there is some configuration issues with it against the TMG or something. The TMGs are patched with Service Pack 2 Update Rollup 5.
We are probably going to open a support case with Microsoft with this issue, but we first wanted to see if anyone else may have had, seen or heard something related to this and has an explanation or ideas on why is this happening.
I appreciate any replies.
Thank you all.
Eduardo RojasHi, I belive your TMG is virtual and NLB is setup. If so you need to bind the physical swith port with NLB MAK address in multicaste mode. Let's take an example, if your internal NLB physical NIC is connected to swith port 1 and 2 then you need to manually
bind the NLB MAK to port 1 and 2 like wise for all NLB enabled zone.Read VM ware NLB as they support multicaste in virtual. So do not use unicaste in NLB if it's virtual. All should be okay with the above configuration. -
Lync 2013 clients behind TMG 2010
Hi
My escenario is as follow
Lync Client 2013 --> TMG 2010 --> ISP Router (without fillter ports)
I have a problema with this escenario because TMG drop me the voice calls and sudendly drop me the connection with the server.In TMG i created the following rullo
From internal to external, and URL Set (*.microsoftonline.com,
*.microsoftonline-p.com , *.onmicrosoft.com, sharepoint.com, *.outlook.com )
Protocols: http, htpps, RTP, SIP, Sip Server, Sips, Sips Server,
50040-50059 TCP Outbound
50000-50019 UDP Send Receive
3478 UDP Send Receive
59999 UDP Send Receive
50020-50039 UDP Send Receive
So what is the problema with this TMG 2010 (with all updates, SPs and rollouts)
ThanksHi,
The following blog might help.
http://www.jaapwesselius.com/2012/12/21/publish-lync-2013-services-in-tmg-2010/
(Note: Microsoft provides third-party contact information to help you find technical support. This contact
information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
hyper link of public image(hyperlink or image) can not be saved on windows server 2012 and sharepoint 2010 problem, is this a bug?
thanks for any reply.
RosoneIt is not a bug, you might be using IE in Windows server 2012 and and browser might be restricting your site actions to respond properly.
Check this in a different browser or access site in a differ OS.
Adnan Amin MCT, SharePoint Architect | If you find this post useful kindly please mark it as an answer. -
Error the service FWSRV of TMG 2010 on Windows server 2008 R2 Enterprise
Please help me about a issue of TMG 2010:
My company installed TMG 2010 on Windows server 2008 R2 Enterprise but it happen error " Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and
then start it again. Check for related error messages."
and " The Firewall service stopped because an application filter module C:\Windows\SYSTEM32\ntdll.dll generated an exception code C0000005 in address 0000000077A72F86 when function CompleteAsyncIO was called. To resolve this error, remove recently
installed application filters and restart the service."
I have reinstall but there error also appear again. My company use about 2000 clients access through TMG 2010.
i have try update windows and TMG latest but can not solved this issue.
i hope everyone help me as soon as. thank you so much.
HI Luis,
Not sure whether this will fix your issues however give it a try and let us know so that other can also provide suggestion.
Disable
Antivirus
Monitoring Tools / Hardware Diagnostics tools which comes with Server vendor
Try -
http://support.microsoft.com/kb/2649961
http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2649961&kbln=en-us
Ensure you have enough space for Log to be stored -
How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN on my Internal CAS Server. However as the OWA page is published through
Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first
instance when it is opened from TMG.Hi,
Thank you for the post.
To modify the http header, please refer to this blog:
http://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/
Regards,
Nick Gu - MSFT
Maybe you are looking for
-
Error in FB60 - Additional account assignment required for field BSEG-HBKID
Hi Experts While posting an Invoice for a particular company code in FB60, we are facing the following error : "Additional account assignment required for field BSEG-HBKID" Message no. F5A122 Diagnosis Additional account assignment has to be carried
-
7k vPC best practice with multiple line cards?
I have a pair of 7k's that have a single line card with a 2 port vPC linked to a pair of 5k's, another 2 port vPC linked to the layer 3 VDC and a 4 port vPC used for peer link. I recently added an additional line card to the 7k's and want to add red
-
Hello all, I have created a transformation in version 7.0. When I want to transport it, I can not find it in the transformations collector. Pls help. Thank you
-
hi All, i have created a jar file for my Application jar cvf Myjar.jar manifest.txt *.class *.PNG when i i opened , the appln will be opened but the image (PNG) is not displayed , but it is in jar file how to solve it please if you know thanks vinoth
-
Links in Faded div are invisible but still clickable
I am using Dreamweaver CS3 with the Spry 1.6.1 updater installed. I have an AP Div that is initially hidden. Using Dreamweaver's Behaviors Panel to add Effects, I have successfully made that div fade in when a button is clicked. I then fade it away w