Friday, February 15, 2013 12:28 AM
I'm evaluating Forefront TMG using Firewall and Proxy, with the Back Firewall template, I have one adapter connected to an internal network with internet access, and another connected to an internal network with no internet access.
Everything appears to be working ok, except during a test logged in as a client, I searched Google for www.myspace.com. When I click on this link it takes me to a page that has the below information:
* Error Code 64: Host not available
* Background: The gateway or proxy server lost connection to the Web Server.
* Source: Remote server
I ran netmon on the TMG server, and found the following response from the HTTP GET request
Http: Response, HTTP/1.1, Status: Moved temporarily, URL: /
StatusCode: 302, Moved temporarily
Reason: Moved Temporarily
I have searched the web for a fix, but have not found anything that has fixed my issue. I have tried the following:
1. Installed SP1
2. Added reg value (even though this was for ISA server) HKLM\System\CurrentControlSet\Services\TCPIP\Parameters\EnablePMTUDiscovery and set to 1
I did find one post that looks related to what I am experiencing, however, the fix applies to a different version to what I am using, and am unsure of what steps I would need to take on the version I am using:
I'd like to be able to solve this issue before actually considering putting this product into production.
I appreciate any assistance.
Friday, February 15, 2013 4:01 PM
I literally have the exact same problem. I have a TMG with an outgoing rule to allow HTTP and HTTPS with no restrictions and want to test general browsing before I lock it down but I get the same Error Code 64: Host not available error on accessing myspace.com. Now obviously not having access to myspace isn't a big deal but it's obvious that there could be other websites effected which I haven't yet tested. I also tried that registry setting, rebooted the server hoping that would work but no luck! I've removed it now.
I ran a netmon when I tried to access myspace. The key info that came back seems to be....
HTTP:Request, GET http://www.myspace.com/
HTTP:Response, HTTP/1.1, Status: Moved temporarily, URL: /
HTTP:Response, HTTP/1.1, Status: Bad gateway, URL: http://www.myspace.com/
Now Bad Gateway is obviously bad but not sure really where to go from here. Why are other sites not affected, or at least my general browsing but this website it? An guidance would be appreciated.
- Edited by Benjamin Owens Friday, February 15, 2013 4:02 PM
Friday, February 15, 2013 4:24 PMSo without a TMG server and routing straight out to the web, going to myspace.com, or at least typing in myspace.com and pressing enter works. It sends you to https://new.myspace.com/ instead though. So maybe a redirect issue? I tried another website which does a redirection and that errors too! But with a different error :-( . The error is
- Error Code 11004: Host not found
Monday, February 18, 2013 2:30 AM
Yeah I initially thought it was a redirection issue, or maybe it's just limited to http to https.. the other site with redirection you tested.. was that http to https?
Monday, February 18, 2013 11:24 AMHope you don't mind but I've posted this on experts exchange. I've tried this on several servers, ISA and TMG with same outcome. Question how to get around the issue with TMG and ISA servers. I'll post an given answer.
Monday, February 18, 2013 9:30 PMNo worries. Are you able to provide the link so I can monitor any replies. I'm also a member on that site.
Wednesday, February 20, 2013 2:56 AM
OK well I've just been informed by our MS reseller that Forefront TMG (and several other Forefront products) is no longer available for purchase effective the start of this year, so I don't really need an answer on this issue any more, as I won't be able to implement the product anyway.
Do you still want this post open?
Wednesday, February 20, 2013 6:36 AMModerator
Thank you for the post.
Is there any other device(router or upstream proxy server) between TMG server and ISP? You may also refer to this thread: http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/293ccb3b-1148-4d75-b2da-33e3ddc0d339/
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 1:49 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 8:56 AM