TMG Reporting- User activity and Monthly recurring reports are blank.

This one is about few reporting cases; I have worked on last few weeks. I had noticed few things and wanted to share them with all. There are few misconceptions and few things which are not clear about reporting and user activity reports ,which I thought to clear out  here and some troubleshooting to resolve a reporting issue.

As usual I will start with an issue, so we had an environment of EMS server and two firewall nodes of TMG 2010. One of the nodes was acting as reporting server. Problem was that user activity report and monthly recurring report were showing up blank. One time report was working fine. While generating user activity report, we were getting an error

Forefront TMG Error

The operation failed.

Error: 0xc00403ec

The Microsoft Forefront TMG Control service could not be accessed. The error occurred on object 'Reports' of class 'Reports Configuration' in the scope of array 'Array name'

If we try to generate the user activity reports from the Reporting services manager, they were still showing blank results. We checked in event viewer but could not find event related to ISARS and no in TMG for reporting.

Troubleshooting Approach.

We seemed to be facing multiple issues here, so planned to resolve them one by one.

First of all , I wanted to hit the user activity blank report, I have seen many instances where we do not have an access rule that forces users to authenticate while accessing internet. If we won’t ask users to authenticate , we won’t get user information in the logs as well, as a result , pulling out user account based reports will be result less task, as logs would not have users information at all, If we look at the log fields of the TMG live logs, we will find a field call username, if we have access rules which do not
force users to authenticate while accessing internet and have “all users” in the users property of the access rule, then username field would have a value “anonymous” ,hence you can’t fetch reports based on a user as that username was never captured on the TMG server as , we never configured TMG to ask user to send his credentials.

 So what’s the best way regarding this, Best way is to create web access rule with authentication i.e. with either user group based access or have “all authenticated” users in the users property of the access rule.

In our scenario, that’s what I discovered we did not have access rules that were authenticating the user while accessing internet. So we created access rule that will only allow access to internet if user is authenticated i.e. we now had “all authenticated” in the user’s tab of the internet access rule. We could also have entered a user group here but in this scenario TMG admin did not have user groups, so we went with “all authenticated”. 

After that we tested user activity reports from the Reporting services manager and we now had user activity report with results.

Next challenge, was the error we were getting while trying to generate the report from TMG console even from the reporting server itself. But that itself was not a big challenge as we have an Kb article about that, all I had to do was search for the error code we were getting i.e. “0xc00403ec”

Kb article is

Configuring the reg keys did the job in this scenario; we put the reg keys both on EMS as well as on the nodes as we now were getting the reports from the TMG console as well.


Next challenge was the monthly recurring report, weekly and daily recurring reports were working fine, for that I suggested them to configure the monthly recurring report properties, i.e.  set the day to run property to 1 and then we set up the date when it will run the monthly report to next month’s first day e.g. 1st march 2013 so that monthly report will be generated on 1st march. Then we waited till that day and we had our working monthly recurring report as well. We could have set 2nd of the march as well it’s just that we wanted run report as quick as possible property “set the day to run” is different from the date on which report will run.




Comments (1)

  1. Dayan Kannangara says:

    Check Firewall Logging Properties, Log storage format should be selected as SQL Server Express Database

Skip to main content