Friday, January 18, 2013 5:05 PM
I've got a customer who has Forefront TMG client installed in addition to our Layered Service Provider (LSP).
I understand Forefront uses a callout LSP while our LSP does all its logic in process. We've found that when both LSPs are installed (even when our LSP is acting as a passthrough), the system starts misbehaving. iTunes is unable to connect to the iTunes store, and other client-server applications crash (sending windows error reports).
Are there any strategies for debugging this or configuration settings that I can suggest to work around this?
Friday, January 18, 2013 6:41 PMOne thing that I have found is that the TMG client doesn't just effect the web browser. It actually intercepts ALL winsocks connections. So it will effect all software that uses an internet connection. To see if the TMG client is the issue disable the client and stop the "Forefront TMG Client Agent Service" Then try again.
To force TMG client to ignore specific software you must configure the exe in Networking -> Networks -> (in the network tasks) Configure forefront TMG client settings. Then add your exe with a Disable 1 or DisableEx 1
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, January 21, 2013 8:10 AM
- Marked As Answer by jdart Thursday, February 07, 2013 4:07 PM
Wednesday, January 23, 2013 6:48 PM
Thanks so much for the reply. This has been incredibly helpful and will probably be marked as the answer.
Disabling the service and client (through the tools) continues to demonstrate the issue, though it also has the same issue in Microsoft's sample LSP. Thanks for the tip though.
The customer is currently adding the exception for the conflicting apps. Hopefully that will resolve the issue, but since you're obviously more savvy at TMG admin work than me, I wanted to ask about another, potential workaround path.
I noticed in http://technet.microsoft.com/en-us/library/bb726965.aspx#EFAA (section on New Packet Filtering Model with Windows Filtering Platform) that Forefront not works with WFP. Are there any switches in the client where I could force it to only use WFP and therefore allow us to uninstall the LSP entirely?
Friday, January 25, 2013 5:11 AMModerator
Thank you for the post.
I found out a tool called Sporder.exe which can be used to prioritize the order of the LSPs: http://msdn.microsoft.com/en-us/library/ms740483(v=vs.85).aspx
You may put your LSP on top of our LSP and see if it works.
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, January 28, 2013 1:42 AM
Monday, January 28, 2013 10:24 PM
Thanks for pointing out Sporder. I haven't previously used that tool but it does look useful for quickly checking ordering issues. I'm actually able to accomplish the reordering by changing the install order which is generally how we've handled the situation when dealing with LSPs that don't pass through properly.
Unfortunately, order does not matter in this situation, with our LSP or the sample one.
Thursday, February 07, 2013 4:14 PMSadly, we weren't able to get a fix the issue with a Disable config, but this was very helpful. Thank you.