Supporting of Broadcast and Multicast in TMG 2010 !

Similar Messages

• Broadcast and multicasting

  hi,
  I write a client sever apli to broadcast real time information to the internet network. I use multicastSocket. Everything work when i am not connected to the network using my local IP 127.0.0.1. When i am connected to the network i got an ADSL fix IP.
  the server work fine with theseparameter
  InetSocketAddress address ("81.57.195.85",4445);
  socket = new DatagramSocket(address);
  and
  InetAddress group ("225.1.1.1");
  DatagramPacket ....(buf, buf.length, group, 4446);
  socket.send(packet);
  But the client never receive nothing with these parameter
  InetSocketAddress address1("81.57.195.85",4446);
  socket = new MulticastSocket(address1);
  address = InetAddress.getByName("225.1.1.1");
  socket.joinGroup(address);
  packet = new DatagramPacket(buf, buf.length);
  (' i just shownecessaryinformation ')
  So i want to know if it is possible to do braodcast from win98 computer to the internet ?
  if it is possible i would like toknow were i am wrong.
  Thanks

  In a nutshell, no.
  Most properly configured routers intentionally and deliberately block broadcast/multicast messages. Your ISP probably has one in place with the initial intent of shielding you from such... spam, and it just so happens that it goes both ways.
  If you create your own LAN, then your code will work; it will successfully send a message to each computer in that network node (or netmask).

• Hyper-V 2012 and TMG 2010/NLB

  Hi there,
  I have an issue with TMG 2010 on Hyper-V 2012 - the Setup:
  - Windows 2012 Hyper-V
  - TMG 2010 SP2 Rollup 4 running on W2K8 R2
  TMG 2010 (Array Node1) Network
  Internal Interface: 10.0.0.10/24 (Route to 192.168.11.0/24 over 10.0.0.1)
  IntraArray: 192.168.10.10/24
  Perimeter: 10.0.60.10/24 GW 10.0.60.100
  TMG 2010 (Array Node2) Network
  Internal Interface: 10.0.0.11/24 (Route to 192.168.11.0/24 over 10.0.0.1)
  IntraArray: 192.168.10.11/24
  Perimeter: 10.0.60.11/24 GW 10.0.60.100
  Domain Controllers:
  192.168.11.10
  192.168.11.11
  The NICs of the TMG VMs are configured with the correct VLANs and on the Perimeter Interface as well as on the Internal Interface I activate MAC Address Spoofing.
  Once I activate NLB on the Perimeter Interface all works fine. But NLB on the internal Interface does not work - I see that NLB got configured on Array Node 1 but the second one does not get the config nor is able to sync it´s configuration with Array
  Node 1. ALso the Servers are not able to communicate with the Domain Controllers anymore. Once I deactivate MAC Address Spoofing on the internal Interface and remove NLB the Server are able to speak to the Domain Controllers...
  Any suggestions?

  Hi,
  Can I just confirm you are using TMG console to enable NLB?
  Also did you enable set this reg key on both your TMG servers? You need to make sure MAC Spoofing is enabled too.
  HKLM\System\CurrentControlSet\Services\TCPIP\Parameters
  IPEnableRouter RegDword 1
  after enabling the key you may need to reboot both nodes.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Domain functional level 2003 -- 2008 and TMG 2010 (sp2 rollup 2)

  Hi,
  We want to raise our domain and forest functional level from 2003 to 2008. All DC's have been on 2008 or 2008R2 for about two years.
  I cannot find if there is any impact on TMG 2010 sp2 rollup 2. Does anyone know if this will bring any issues?
  Thanks!

  No impact. From a TMG perspective, go ahead.
  Hth, Anders Janson Enfo Zipper

• Exchange 2013 with TMG 2010 and Go Daddy

  Hi all;
  actually I'm new to exchange server 2013 and I need some help:
  recently I installed exchange 2013 in our domain with contains TMG 2010
  what I need is sending emails out.
  currently I can send emails internaly
  I have static IP and TMG and registered domain in Go daddy.
  could someone help me by steps what to do?
  in TMG?
  in Exchange administration?
  in Go Daddy?what records needed and how?
  and should I do any configurations in my DNS?
  please I'm stuck in this.
  Thanks

  Sorry, my fault. Try these links:
  http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
  http://www.isaserver.org/articles-tutorials/configuration-general/publishing-exchange-2013-outlook-web-app-forefront-threat-management-gateway-tmg-2010.html
  CRM Advisor

• Exchange 2010 URL and TMG 2010

  Hi All,
  Would like to know whether can I publish my Exchange OWA through TMG 2010 with the URL on Internal and External the same (Example: mail.contoso.com) and using single-Nic?

  Hi
  With a single NIC deployment, you will only be able to use the web publishing feature of TMG for Exchange. This means be able to publishing OWA, Outlook Anywhere and ActiveSync.
  Same URL for Internal and Public Internet
  100 % you can have same URL for Both and belwo are the DNS changes you many need to do.
  You need to create a Split Brain DNS
  Create a New Primary DNS Zone with the same name as you public Domain
  Add a A record and point that to internal IP address of the Exchanges server OWA
  On the Public Internet Add A record pointing to Public IP address which is used on webpublishing
  TMG - Link
  http://technet.microsoft.com/en-us/library/ee796231.aspx 
  Other Post -
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c38035f8-b975-4c58-99b2-952f3de9db74/configuring-splitbrain-dns

• TMG 2010 Array Brings down the entire internal network

  Ok, so this is a weird as it sounds. 
  We've been working with ISA and TMG since 2004, this is the first time I've seen this kind of behavior. Let me explain the details.
  We implemented 3 TMG 2010 Servers in an Array and 2 EMS Servers on Windows Server 2008 R2. Each TMG Server has 4 NICs (Internal, External, DMZ-Intra-array). At first we wanted to enable them with an F5 Hardware Load Balancer but after weeks of trying to
  make them work together we couldn't (SNAT and routing issues related), so we tried using Windows NLB but had problems with the Multicast configuration using VMWare and after some other battles we decided to first try out just using one TMG Server as the main
  one to try to make it work. The customer we are implementing this is currently using ISA 2006 and they wanted to upgrade to TMG 2010 using basically the same stuff as their ISA had, so we backed up that configuration and imported it into TMG without problems.
  We added the TMG Servers on the EMS configuration and everything replicated just fine.
  Since they already had IPS, Cisco ASAs and Ironports as Proxy they decided to disable NIS, Malware inspection, Flood Mitigation and all those things TMG has for better securing Internet traffic.
  The firewall policy rules are about 100 and they have 3 publishing rules to HTTPS Services. 
  So after making the necessary configuration changes to the TMG infrastructure, we then decided to unplug the ISA Servers, change the TMG servers IP Address to the ISA Server ones and test to see if everything worked just as ISA Server did. However it didn't.
  At first we have issues related to slow internet traffic, after troubleshooting for some time we ended up finding out that the Source IP used by TMG was different that the one ISA was using, even if the same IP was configured in the NIC and the other IPs
  were configured as alternate. We found out after some searching that Windows Server 2008 R2 uses some RFC and manipulates the IP Address on a NIC in a way that 2003 didn't. We found out that we needed to add the other IPs via Netsh int ipv4 add address
  <Interface Name> <ip address> skipassource=true
  After that configuration we got things working fine... for a while, several hours later, servers started losing connectivity, switches stopped responding and the entire network was collapsed! After unplugging the TMG Servers, everything returned back to
  normal.  We though this was a issue related to drivers or something to do with VMWare plataform, so it was decided to reinstall everything on physical servers.
  After some days of reconfiguring again TMG Servers, we made the switch again, unplugged the ISA Servers, configured the TMG with the ISA IP Addresses, did the NETSH thing and then tested out everything and everything worked.
  But again hours later the same behavior appeared once more! Servers and switches stopped responding and the entire network went down once more! Again we unplugged the TMG Servers and everything returned back to normal!
  So here we are, back to square one with no clue on what is causing this behavior on the network. The current physical servers are running HP 3666i 4 multiport 10Gb NICs, we don't know if that has something to do with this. Or the fact the the switch core
  to which the TMG servers are directly connected to is a Nexus 7000 and there is some configuration issues with it against the TMG or something. The TMGs are patched with Service Pack 2 Update Rollup 5.
  We are probably going to open a support case with Microsoft with this issue, but we first wanted to see if anyone else may have had, seen or heard something related to this and has an explanation or ideas on why is this happening.
  I appreciate any replies.
  Thank you all.
  Eduardo Rojas

  Hi, I belive your TMG is virtual and NLB is setup. If so you need to bind the physical swith port with NLB MAK address in multicaste mode. Let's take an example, if your internal NLB physical NIC is connected to swith port 1 and 2 then you need to manually
  bind the NLB MAK to port 1 and 2 like wise for all NLB enabled zone.Read VM ware NLB as they support multicaste in virtual. So do not use unicaste in NLB if it's virtual. All should be okay with the above configuration.

• Error the service FWSRV of TMG 2010 on Windows server 2008 R2 Enterprise

  Please help me about a issue of TMG 2010:
  My company installed TMG 2010 on Windows server 2008 R2 Enterprise but it happen error " Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and
  then start it again. Check for related error messages."
  and " The Firewall service stopped because an application filter module C:\Windows\SYSTEM32\ntdll.dll generated an exception code C0000005 in address 0000000077A72F86 when function CompleteAsyncIO was called. To resolve this error, remove recently
  installed application filters and restart the service."
  I have reinstall but there error also appear again. My company use about 2000 clients access through TMG 2010.
  i have try update windows and TMG latest but can not solved this issue.
  i hope everyone help me as soon as. thank you so much.

   
  HI Luis,
  Not sure whether this will fix your issues however give it a try and let us know so that other can also provide suggestion.
  Disable
  Antivirus
  Monitoring Tools / Hardware Diagnostics tools which comes with Server vendor
  Try -
  http://support.microsoft.com/kb/2649961
  http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2649961&kbln=en-us
  Ensure you have enough space for Log to be stored

• Problem with blocking upload file TMG 2010

  I'm using TMG 2010. I have 3 rules : 
  1/Allow Internet Access : 
  protocols : dns, http, https
  from: loclahost, internal to: External
  2/Allow Protocols :
  protocols : all traffics
  from: localhost, internal to: localhost, internal
  3/Defaul Rule : Block all.
  The problem is : i want to block upload file from internal to external so i've made HTTP filter in Allow Internet Access like this : Config HTTP --> Signature : Search in: Request Header 
   Http header: Content-Type:
   Signature: mutipart/form-data
  Methods : Block method POST
  Unfortunately, it's not work and i dont know why. If i create a rule block web, it's work. Plesase help me. Thanks !

  Hi,
  You could check the following blog to see whether you missed anything.
  How to block Attachment Uploads using Microsoft TMG
  http://www.kuwaitgeekz.com/?p=2248
  (Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Forefront TMG 2010 Error from management console

  Hi,
  I am having a problem connecting to a TMG 2010 array from an installation of TMG management console we are receiving the error 'Refresh Failed' 'Error 0x80070057' ' The Parameter is incorrect'.
  The only article i can find on this error is this http://support.microsoft.com/kb/2591719 which doesn't seem to apply to our setup or this problem but I have applied Service pack 2 anyway but still get same error. The only other thing i can find is
  a few people saying the management console needs to be at the same version as the TMG servers you are trying to connect to but I cannot see how this can be done as when I try to run the service pack on the machine with only the management console I get an
  error as the full installation is not there.

  Hi，
  Firstly, have you found any related information in the event logs?
  Nest, you can check the version of the TMG server from the TMG help menu, TMG system node or using Control Panel. For more detailed information, please refer to the link below:
  How to Determine Which Version of TMG
  Server 2010 Is Installed
  In addition, what hotfix rollup or Server pack have you installed? Please refer to the recommended order below:
  Forefront TMG 2010 Service Pack, Rollup, and
  Version Number Reference
  Best regards,
  Susie

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Login error when publishing OWA 2010 through TMG 2010

  Its configuration publish OWA 2010 with TMG 2010 but when logged through the internet must enter the correct net name: domain.com\administrator and password to login.
  administrator login name or login [email protected] not login. And all the other mailbox account not login.
  This is a picture of my configuration. You do know how to fix it help me okay. Thanks.

  Hi Xuan,
  It depends on your selected authentication method.
  I recommend you refer to the following article, it will give you some hints:
  http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/enabling-forms-based-authentication-external-internal-owa-2010-users-exchange-2010-published-using-forefront-tmg-2010-part2.html
  Please note: Since the website is not hosted by Microsoft, the link may change without
  notice. Microsoft does not guarantee the accuracy of this information. And the
  changes made in the above blog is not supported officially by Microsoft.
  Best regards,
  Niko Cheng
  TechNet Community Support

• TMG 2010 - Webaccess becomes unresponsive

  Our TMG 2010 server is set up in a test situation and is currently only used for outbound Internet access, no inbound connections yet pointing to this route.  We have been struggling with the issue that users using this outbound route will
  loose internet connectivity and we cannot pinpoit the reason. Only restarting the server will fix it, temporarily.
  We have been struggling with this issue for a very long time now, we tried clean installs and a MS TMG specialized partner looked at the installation and deemed it best practise. The only thing he could think of was that HP's teaming software
  for the LAN connection could be the culprit. He changed it to Network Fault Tolerance instead of Transmit Load Balancing. That did not help either.
  The server doesn't show any errors we can work with. only users loosing their internet connectivity.
  Any idea's how to solve this situation? Other option is to pack in this TMG and go for an appliance.
  TIA,
  Fred
  d

  Hi,
  NIC teaming is not recommended for TMG server:
  http://blogs.technet.com/b/keithab/archive/2012/02/15/top-troubleshooting-tips-to-try-before-calling-support-for-isa-tmg.aspx
  If you MUST use NIC teaming try to install the latest drivers/Firmware for the MICs and make sure all SNP setting like Chimney offload, RSS and more matches the NIC and TMG configuration
  regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

• Internet Control by TMG 2010

  
  I have some issue…. on TMG
  I am running DHCP Server from Server. 192.168.0.12win 2008r2
  Running TMG 2010 on another Machine 192.168.0.10win 2008r2
  Domain with exchange Server 192.168.0.3win 2008r2
  Client Getting IP from DHCP Server as follows
  192.168.0.101
  255.255.255.0
  Getaway 192.168.0.10 (TMG for Internet) win 2008r2
  DNS 192.168.0.3 (Domain With Exchange Server) win 2008r2
  Domain Using different Internet direct connection for Exchange
  all client gettiing internet by using DHCP but controlled by TMG Auto Discovery.
  My issues is some client not able to control
  some client you tube blocked but facebook cant close. i did all settings to blcok. but still there is loop hole
  1. Dany Local to External Http https all users online community and urls which is Facebook and prohibited sites
  2. allow local to external all users exclude online community and urls
  but not coltrolled

  Hi,
  According to your description, it seems that you have configured the TMG server as a WPAD server and let the clients use WPAD protocol to obtain proxy information from DHCP server. If I misunderstood anything, please feel free to let me know.
  In these scenario, please make sure that you have add the 252 option for WPAD on DHCP server. In addition, did you configure the DHCP to support WPAD on a per-scope basis or on a per-server basis? If you want all clients to use the same TMG firewall regardless
  of the TMG Firewall Network on which the host is located, you need to make sure that you have configured the DHCP WPAD option as a server-level option. Besides, you can check if any related log on the server side or client side, and you can also capture packets
  to compare the differences.
  Best regards,
  Susie

• Error " This connection is not trusted" on TMG 2010 client computers

  Hi
  I 've HTTPS enabled on tmg 2010. and Generate the Certificate and also import/ install the certificate "Microsoft Forefront TMG HTTPS Inspection Certification Authority" on my TMG Server and also as well as on TMG Client Computers.
  after that when I surf the HTTPS website then getting the error.  " This connection is not trusted" error snapshot is attached...
  Please help me out

  Hi,
  Have you deployed the certificate to clients?
  Please check the steps that enabling HTTPS Inspection under HTTPS Inspection Options
  in the following blog.
  http://technet.microsoft.com/en-us/magazine/ff472472.aspx
  You could take a netmon on the client and see what’s going.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.