Application Presentation TMG Server Can't Browse Web
-
Thursday, September 27, 2012 3:10 PM
Hey guys,
From my TMG server, I cannot get to any web pages. I can ping google.com, so I know I can get to the Internet. Also, we are publishing internal application through this TMG to the outside world. I get the error in the following image:
As far as I know there are no settings that would prohibit web pages from showing. I need to update my TMG server so this is a problem. Windows Update fails too. How can I troubleshoot this? Remember I CAN ping google.com so I know I can get out.
All Replies
-
Thursday, September 27, 2012 4:07 PM
Hi,
I would create a temp rule that allows local host to external on http and https. With All users.
Once you are done then disable the rule.
Regards, Rmknight
-
Friday, September 28, 2012 1:15 AMModerator
Hi,
Thank you for the post.
You may use Nslookup to verify if the DNS setting is correct and then create access rule to allow http/https/DNS from internal/localhost to external.
Regards,
Nick Gu - MSFT
-
Friday, September 28, 2012 8:57 PM
- Make sure you dont have DNS on both adapters, internal and external. According to the ISA Server DNS Best Practices this shouldn’t be done because can cause behaviors like that.
Follow this article and make sure you configure you TMG/ISA accordingly. This will explain in details
- Proposed As Answer by Namrata Thorve Friday, September 28, 2012 8:57 PM
-
Monday, October 01, 2012 4:11 PM
Hello,
I have created the following rule, and still get the same issue (see my first post).
Here is the rule I created..
Allow all outbound traffic from Local Host and Internal to Anywhere for All Users.
-
Monday, October 01, 2012 4:13 PMNslookup works. I can successfully resolve IP Addresses of google.com and other domains. Also, DNS servers are specified on only ONE adapter. I am still having the same original issue (see my first post).
-
Monday, October 01, 2012 4:29 PM
Update: I am getting a LOT of these packets when I look at the Log report:
Denied Connection
Log type: Firewall service
Status: A packet was dropped because Forefront TMG determined that the source IP address is spoofed.
Source: -
Destination: -
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: -
-
Wednesday, October 03, 2012 6:29 PMStill looking for help please.
-
Wednesday, March 06, 2013 9:44 PM
still in need of help.
Here is some information..
The TMG server has a leg on our DMZ network and our Internal server network. It is listening on the DMZ network for web requests. It then sends responses from the internal web servers.
So I have a question.. in TMG, the Internal network should only be the Internal leg's adapter.. and the Perimeter should be the DMZ adapter. Right? Just need to confirm that's correct, because if it isn't I know what the issue might be.
- Edited by uchelp Wednesday, March 06, 2013 10:46 PM
-
Friday, March 15, 2013 3:26 PMbump for answers
-
Saturday, March 16, 2013 3:50 PM
still in need of help.
Here is some information..
The TMG server has a leg on our DMZ network and our Internal server network. It is listening on the DMZ network for web requests. It then sends responses from the internal web servers.
So I have a question.. in TMG, the Internal network should only be the Internal leg's adapter.. and the Perimeter should be the DMZ adapter. Right? Just need to confirm that's correct, because if it isn't I know what the issue might be.
Hello, You are right. I could not understand exactly what is your problem. Can you say pls. You are resoloved your old spoofing problems ?. I checked this is very old post.
-
Wednesday, May 15, 2013 8:53 PM
No. I have still not resolved the inability to connect to the Web. I cannot get Windows Updates because of this. I tried creating a rule in TMG that allows EVERYTHING out from local host, but that didn't work either.
I still get the same error as seen in the first post of this thread.
.png)
