Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
What is : 13 The data is invalid

Answered What is : 13 The data is invalid

  • Friday, February 01, 2013 10:39 AM
     
     
    Sign In to Vote
    0

    In our sites we have a software program called Milestone, this program is for security camera's. When we try to make connection with the camera's we get this error in our forefront and the stream for the camera's don't go open:

    Failed Connection Attempt FOBE00990001 1/02/2013 11:22:44
    Log type: Web Proxy (Forward)
    Status: 13 The data is invalid. 
    Source: Local Host (10.0.xx.200:10534)
    Destination: 10.0.xx.30:80
    Request: 
    Filter information: Req ID: 0e28d85e 
    User: anonymous
     Additional information
    Object source: (No source information is available.)
    Cache info: 0x0
    Processing time: 0 MIME type: 

    I already disabled HTTP compresion, malware inspection, web proxy and I allowed alle outbound traffic between the internal/external and external/internal network. Also I inspected the traffic with wireshark and network monitor but can't see anything in it. I'm searching for 5 days and I can't find a solution, because this error doesn't tell anything.

    How can I solve this?

     

All Replies

  • Friday, February 01, 2013 11:11 AM
     
     Answered
    Sign In to Vote
    0

    Two things:

    1. make sure that TMG is up to date

    2. create a custom protocol definition for HTTP without the HTTP filter attached and use it only for specific destinations (cameras). Follow these guidelines to create the rules (and do note the order): http://blogs.technet.com/b/isablog/archive/2006/09/25/why-do-i-need-a-deny-rule-to-make-an-allow-rule-for-a-custom-protocol-work-correctly.aspx

    Hth, Anders Janson Enfo Zipper

    • Marked As Answer by StijnS Tuesday, February 12, 2013 9:48 AM
    •  
     
  • Friday, February 01, 2013 1:26 PM
     
     
    Sign In to Vote
    0

    I tried this solution but it don't work. When I turn off the firewall service everything works, but when I turn back on I get the same error. The intrusion detection is also turned off.

     
  • Monday, February 04, 2013 7:55 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    If you want to make connection with the camera from TMG server, you should add localhost in the From tab of the access rule. If the issue still retains, I suggest you open a case to troubleshooting this complex issue.

    Regards,

    Nick Gu - MSFT

     
  • Tuesday, February 05, 2013 10:33 AM
     
     
    Sign In to Vote
    0
    Also this don't work.
     
  • Tuesday, February 05, 2013 12:06 PM
     
     
    Sign In to Vote
    0

    Can you please provide a description on how this is set up? Where is TMG, where is the client trying to access the cameras, where are the camers?

    Like this (for example, I don't have a clue how your setup looks like)

    Internet

     I

    TMG - DMZ with cameras 

     I

    Internal network - Clients

    Making an assumption here, if the cameras and clients trying to access the cameras both are on the internal network, why do you pass the traffic through TMG? I don't know if this is the case, please correct me otherwise.

    Hth, Anders Janson Enfo Zipper

     
  • Wednesday, February 06, 2013 7:36 AM
     
     
    Sign In to Vote
    0
     
  • Wednesday, February 06, 2013 2:07 PM
     
     
    Sign In to Vote
    0
    I found a solution. The service for viewing the camera's was on port 80. For some reason the firewall blocks streaming on port 80. So I changed the service to port 2080 and this fixed the problem. The mystery is, why blocks the firewall steaming on port 80?
     
  • Thursday, February 07, 2013 10:38 AM
     
     
    Sign In to Vote
    0

    I assume that you created a new protocol definition for port 2080 then? If so that definition does not have the HTTP filter bound to it, right?

    If I am right in this assumption, then the allow, deny, allow solution I recommended above should work since the core issue in that case is that the stream from the cameras in some way does not conform to the RFC's. TMG is very strict about that.

    Hth, Anders Janson Enfo Zipper

     
  • Thursday, February 07, 2013 1:37 PM
     
     
    Sign In to Vote
    0

    Hi Anders,

    I readed your article you send me, but I don't see how I can make a custom protocol. How I should configure this?
    What I already did is, create custom http protocol and didn't select any application filters. I put in the firewall an allow from the internal network to the camera's and from the camera's to the internal. This isn't working.

    • Edited by StijnS Thursday, February 07, 2013 1:54 PM
    •  
     
  • Monday, February 11, 2013 2:38 PM
     
     
    Sign In to Vote
    0

    This applies if you are using a port/protocol that is already defined in TMG such as port 80/HTTP.

    Follow the instructions in the link I provided. Take careful note of the order of the rules, you are creating two new access rules with this setup. You need to place the two rules before the first occurence of a regular outbound HTTP access rule (or outbound rule that contains HTTP as protocol).

    Look at the table in the link provided, that is what you are aiming for. I assume that you have more rules than that in your TMG but if you just look at rules for HTTP, then that is what it should look like.

    Hth, Anders Janson Enfo Zipper