ISA BPA 7 and Forefront TMG for Windows Essential Business Server

  • Article

If you are running Forefront TMG for Windows Essential Business Server (EBS) and you have problems you may find it useful to use the ISA Best Practices Analyzer version 7 (announced earlier in the blog post http://blogs.technet.com/isablog/archive/2009/05/06/announcing-the-availability-of-isa-tmg-best-practices-analyzer-version-7.aspx) and more specifically the ISA Data Packager which is able to gather diagnostic data while reproducing a problem.

 

More specifically you may want to have a look at the Firewall and Webproxy log files created when reproducing the problem. If your server is running in production the log snippet may contain a lot of clients going through TMG. So you load the file into for instance Excel to be able to filter the data in the file.

 

Then you start looking at the IP addresses to find the log entries you are interested in… which look kind of interesting, here’s an example:

 

c0a8b12c-ffff-0000-0000-000000000000

 

The format is IPv6 but you are not running IPv6 as Forefront TMG for EBS is not supporting it… so what is it? It is an IPv4 address in the shape of a IPv6 address and the reason for this is to prepare for future IPv6 support although Forefront TMG for EBS do not support IPv6 currently. The logging query function in the Forefront TMG MMC as well as the Reporting engine converts these addresses to IPv4 format, the issue does only occur when extracting log data directly from the database.

 

You can convert the IP address to “classical IPv4” as follows, take the first eight characters in the address and convert from hex to dec using for instance Calculator as follows:

 

c0 = 192

a8 = 168

b1 = 177

2c = 44

 

resulting in the IPv4 address 192.168.177.44.

 

If you would like to do this programmatically when querying the logs yourself you can use this SQL function.

 

NOTE: This function is provided as-is without expressed or implied warranty. Use at your own risk.

 

CREATE FUNCTION [dbo].[fnIpAddressToText]

(

    @Ipv6Address [uniqueidentifier]

)

RETURNS varchar(40) AS

BEGIN

    DECLARE @strInAddress varchar(40)

    DECLARE @strOutAddress varchar(40)

    SET @strInAddress = LOWER(CONVERT(varchar(40), @Ipv6Address))

    SET @strOutAddress = ''

    IF (SUBSTRING(@strInAddress, 10, 4) = 'ffff')

    BEGIN

        -- ipv4 (hex to int conversion)

        DECLARE @IsNum int, @ZERO int, @IsAlpa int

        set @ZERO = ASCII('0')

        set @IsNum = ASCII('9')

        set @IsAlpa = ASCII('a') - 10

        DECLARE @intH int, @intL int

        SET @intH = ASCII(SUBSTRING(@strInAddress, 1, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 2, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 3, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 4, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 5, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 6, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL) + '.'

        SET @intH = ASCII(SUBSTRING(@strInAddress, 7, 1))

        IF (@intH <= @IsNum) SET @intH = @intH - @ZERO ELSE SET @intH = @intH - @IsAlpa

        SET @intL = ASCII(SUBSTRING(@strInAddress, 8, 1))

        IF (@intL <= @IsNum) SET @intL = @intL - @ZERO ELSE SET @intL = @intL - @IsAlpa

        SET @strOutAddress = @strOutAddress + CONVERT(varchar(3), @intH * 16 + @intL)

    END

    ELSE

    BEGIN

        -- ipv6

        SET @strOutAddress = @strOutAddress + SUBSTRING(@strInAddress, 1, 4) + ':'

                                        + SUBSTRING(@strInAddress, 5, 4) + ':'

                                        + SUBSTRING(@strInAddress, 10, 4) + ':'

                                        + SUBSTRING(@strInAddress, 15, 4) + ':'

                                        + SUBSTRING(@strInAddress, 20, 4) + ':'

                                        + SUBSTRING(@strInAddress, 25, 4) + ':'

                                        + SUBSTRING(@strInAddress, 29, 4) + ':'

                                        + SUBSTRING(@strInAddress, 33, 4)

    END

    ---- guid sample '6F9619FF-8B86-D011-B42D-FFF34FC964FF'

    RETURN @strOutAddress

END

 

Anders Janson

Senior Support Engineer

Microsoft CSS Forefront Edge Team