Introduction: Recently, I worked on a case where we were publishing Exchange CAS (Client Access Servers) servers on TMG. We were seeing some unexpected behavior while using KCD (Kerberos Constrained Delegation) as the Authentication Delegation Method and using a Web Farm in the Publishing Rule. The Scenario was like this. We were publishing the…
Year: 2012
Mac OS Clients fail to access SSL Websites after you enable HTTPS Inspection in Forefront TMG 2010
The concept of HTTPS Inspection (referred to HTTPSi later) was covered in a previous blog article by Yuri Diogenes, which also contains helpful formation about common issues that may occur. If you have missed it, you can find it here. This current article is intended to explain the root cause of a specific issue and…
TMG Event Log IDs
The following Table summarizes the Forefront TMG Event IDs. This table was put into graphs with event information of the Forefront SCOM Management Pack 7.0. We hope you find it useful. Credits to Jan Tiedemann, Microsoft Forefront Sr. Premier Field Engineer, who prepared this table: Message EventIDs Severity Category The Microsoft Firewall failed to log…
NIS & Anti-Malware Info is not updated as expected in Update Center
Today I would like to describe an easy way to solve a small visualization mismatch related to the Update Center of TMG 2010. If you are a Forefront Threat Management Gateway administrator in a country where English regional settings are not used, it could be possible that, when entering the TMG Update Center section, you’re…
Solution for ISA VPN hang after applying MS11-030
We had a lots of customers reporting that after installing MS11-030 ( http://support.microsoft.com/kb/2509553 ), RRAS from time to time started to hang. Typical symptom was that VPN connections were no longer possible; the RRAS service could not even be restarted. Only solution was a full reboot. The good news is that a fix is…
CRM published through ISA/TMG : Save and new button on the form does not work properly, need to click twice on the links in the CRM page
Microsoft’s own Suraj Singh has some great info over on his blog about a couple issues you may see when CRM is published through ISA or TMG. The issue is that when Internet based users would log on to the CRM site, they had to click on links twice in order for them to open. …
Connection owner for a Site-to-Site connection is missing in TMG
Consider the following scenario. You are running an array of more than one TMG Server 2010 and need to establish a VPN Site-to-Site connection. Therefore you will need to define a connection owner. The reason for this is that you need to define a tunnel endpoint in your array. Normally you define the connection owner…
KB: HTTP Redirect in Threat Management Gateway 2010 fails when the Exchange 2010 Edge role is installed
Here’s a new Knowledge Base article we published today. This one talks about an issue where HTTP redirects in TMG 20101 fail if the Exchange Edge role is installed on the same box: ===== Symptoms If you deploy Microsoft Threat Management Gateway 2010 (TMG) and the Exchange 2010 Edge role on the same machine, you…
Rock around the Remote Access Service
The story… one of our customers called in that he had just finished with the migration to TMG and as a last step he wanted to enable VPN Client Access. He did that, but the outcome was unexpected. The TMG array was not reachable through the NLB address anymore. According to the TMG console: the…
Blank User Activity Report if domain or username contains accented characters
Blank User Activity Report if domain or username contains accented characters Administrators creating a User Activity Report for users where the domain or user name contain characters that are not included in the english alphabet, may not be able to see any activity for these users. The report will be generated, but it will not…