Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Forefront TMG server blocking WinRM traffic on port 5985

Answered Forefront TMG server blocking WinRM traffic on port 5985

  • Thursday, December 06, 2012 11:52 PM
     
     
    Sign In to Vote
    0

    My Forefront TMG 2010 server shows "Target computer not accessible" under the Manageability column of Server 2012 Datacenter Server Manager.  The TMG server is a VM running Server 2008 R2.  I cannot Telnet to the machine on port 5985. 

    I have added the Hyper-V host to the list of Remote Management Computers, and have tried creating an Access Rule for HTTP traffic on port 5985.  When triggering a refresh from the Server 2012 Server Manager while using TMG to log traffic from the Hyper-V host, the packets destined for the TMG are blocked by the Default Rule.  So, it doesn't seem to care that the Hyper-V host is in the Remote Management Computers list, and my rule attempt isn't working.

    Does anyone have any suggestions?

    Thanks in advance.

     

All Replies

  • Friday, December 07, 2012 5:57 AM
     
     
    Sign In to Vote
    0

    Hi,

    WINRM / QUICKCONFIG has been set on the TMG Server?:
    http://clintboessen.blogspot.de/2010/01/what-is-winrm.html
    The Firewall policy rule allows protocol TCP 5985 direction outbound from the CLIENT to LOCALHOST for ALL USERS?

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

     
  • Saturday, December 08, 2012 1:34 PM
     
     
    Sign In to Vote
    0

    Hi Marc.

    Thanks you for your reply.  I have read many of your posts related to TMG and ISA.

    • WINRM /QUICKCONFIG was the first thing that I did when Server Manager was unable to gather info from any of my servers
    • I read Clint's post
    • I am not sure about this one.  The TMG server is the only one with a problem, and its Windows Firewall is under the control of TMG.  Would you please point me at the right place to check.

    Testing with WinRS shows that the TMG server is not reachable, and that it is unable to successfully execute a WinRS command.

     
  • Saturday, December 08, 2012 3:24 PM
     
     Answered
    Sign In to Vote
    1

    Hi,

    I tried to reproduce your issue in my testlab and here is the result how I configured TMG for Remote Management:
    http://www.it-training-grote.de/download/WSRM-TMG.pdf

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    • Marked As Answer by CJADuva Saturday, December 08, 2012 6:26 PM
    •  
     
  • Saturday, December 08, 2012 6:25 PM
     
     
    Sign In to Vote
    0

    Thank you very much, Marc.

    I was actually very close.  My mistake was that when I defined the WinRM protocol, I had set the direction as Inbound.  Why would it be outbound?

    My rule also directed the traffic to the TMG server name instead of localhost.

    My Server 2012 Server Manager is very happy now!

     
  • Saturday, December 08, 2012 6:34 PM
     
     
    Sign In to Vote
    1

    Hi,

    protocol definitions are always in direction outbound when you want to access ressource on the Internet from internal clients or from internal clients to the TMG Server.
    Protocol definitions with direction inbound are used for Server- and Webserver publishing rules when you want to allow clients on the Internet to access internal ressources

    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

     
  • Saturday, December 08, 2012 8:06 PM
     
     
    Sign In to Vote
    0

    Hi Marc.

    Thanks again!