TMG 2010 Web Proxy Port

Todas las respuestas

• jueves, 10 de mayo de 2012 8:27

   

   
  

  0

  Hi,

  is the website http://data.earthmineaustralia.com:8080/ hosted at your premises? If this is a website that you or one of your users is accessing on the internet through the TMG server, then there is no problem as the site does have a problem. When accessing your URL I also get a nice Jetty error, stating NOT_FOUND:

  HTTP ERROR 404
  Problem accessing /. Reason: 
  
      NOT_FOUND
  
  
  --------------------------------------------------------------------------------
  Powered by Jetty://
  

  
  

  ---

  Dirk Van den Berghe

  • Responder
  • Citar

   
• lunes, 14 de mayo de 2012 6:13

  Moderador

   

   
  

  0

  Hi,

  Thank you for the post.

  As far as I know, TMG listens for Web Proxy Client requests on 8080. If you manually configure web proxy client, check the Use a proxy server for your LAN option and enter the hostname or IP address of your TMG proxy and specify the port on which the web proxy listener is configured (port 8080 by default).

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• lunes, 14 de mayo de 2012 7:26

   

   
  

  0
  I am still convinced that the issue is related to the target website. It just is not functional. It does not sound like a TMG issue if the target website is not located behind the TMG in question.

  ---

  Dirk Van den Berghe

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 1:24

  Moderador

   

   
  

  0

  Hi Anthony,

  Do you have any update about this issue?

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 1:55

   

   
  

  0

  Hi Nick/Dirk,

  Sorry for the delay. The server isn't hosted by us. It is used for a service, although the URL I gave returns a Jetty error that is fine because a web app should be sending a specific URL to retreive the data.

  To confirm I setup a Apache server on my home computer running Apache on port 8080. Connected to the page fine without the web proxy turned on and got the default apache "It works" page. Turned the proxy on and it failed. To be sure I created a new protocol for TCP port 8080 and added that to the rule allowing out going internet access

  Failed Connection Attempt SVW-BNE-TMG-01 16/05/2012 11:52:49 AM 
  Log type: Firewall service 
  Status: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
  Rule: Allow Web Access Internal to External All Auth Users 
  Source: Internal (10.1.1.60:59683) 
  Destination: External (60-241-34-1.static.tpgi.com.au 60.241.34.1:8080) 
  Protocol: TCP 8080 
  User: SERVICES\awaye 
   Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 21078ms Original Client IP: 10.1.1.60
  Client agent: firefox.exe:3:6.1
   

  I'm a little perplexed as to why it won't work.
  

  Thanks

  Anthony

  • Editado Anthony Waye miércoles, 16 de mayo de 2012 1:56
  • Editado Anthony Waye miércoles, 16 de mayo de 2012 1:57
  •  
  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 2:14

  Moderador

   

   
  

  0

  Hi Anthony,

  Thank you for  the quick response.

  Does this issue occur to all the websites when using web proxy client? If yes, I think you should check the web proxy settings as per: http://technet.microsoft.com/en-us/library/cc441571.aspx

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 2:42

   

   
  

  0

  Hi Nick,

  The proxy is fine other than when we try to access pages on port 8080. As far as I can see the rule is OK as well.

  The only errors TMG is reporting are errors with people exceeding the # of connections available from the one I.P as well as some random compression warnings for specific websites. Nothing seems out of the ordinary. All our computers are running the TMG Client and browsers are configured using WPAD so there shouldn't be any crazy configuring between clients.

  Thanks

  Anthony

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 3:06

  Moderador

   

   
  

  0

  Hi Anthony,

  Thank you for the update.

  Just for test, please create an access rule only allow the http/https(ensure the web proxy filter is selected in http protocol) protocols from internal to external for all users and move up to this rule to the top, does it work? If not, what is live logging tell? Would you please also output the web proxy settings on: Networking/networks/internal properties/web proxy ?

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 3:23

   

   
  

  0

  Internal Properties

  Addresses

  10.1.1.1 - 10.1.1.254

  10.1.10.1 - 10.1.10.254

  10.2.1.1 - 10.2.1.254

  10.3.1.1 - 10.3.1.254

  10.4.1.1 - 10.4.1.254

  10.5.1.1 - 10.5.1.254

  10.6.1.1 - 10.6.1.254

  10.7.1.1 - 10.7.1.254

  172.16.60.1 - 172.16.60.254

  Domain

  *.services.esriaustralia.com.au

  *.esriaustralia.com.au

  *.earthmineaustralia.com

  Web Browser

  Bypass proxy for web servers in this network - ticked

  Directly access computers specified in the domains tab - ticked

  Directly access computers specified in the address tab - ticked

  Directly access these servers or domains:

  10.1.1.1 - 10.1.1.254

  If forefront TMG is unavailable, use this backup route to connect to the internet - Direct Access

  Auto Discovery

  Enabled on port 80

  Forefront TMG Client

  Enable Forefront TMG Client support for this network - ticked

  Automatically detect settings - ticked

  Web Proxy

  Enable Web Proxy client connections for this network - ticked

  Enable HTTP - Ticked and port 8080

  Authentication - Integrated

  Number of connections - Unlimited

  CARP & NLB

  Both disabled

  This is the rule I just created for testing

  

  Failed Connection Attempt SVW-BNE-TMG-01 16/05/2012 1:23:24 PM 
  Log type: Web Proxy (Forward) 
  Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
  Rule: Allow all 
  Source: Internal (10.1.1.60:62885) 
  Destination: External (116.240.195.132:8080) 
  Request: GET http://data.earthmineaustralia.com:8080/map/ 
  Filter information: Req ID: 0a21e10c; Compression: client=No, server=No, compress rate=0% decompress rate=0% 
  Protocol: http 
  User: anonymous 
   Additional information 
  Client agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
  Object source: Internet (Source is the Internet. Object was added to the cache.)
  Cache info: 0x0
  Processing time: 63328 MIME type:  

  Still no joy :(

  Thanks

  Anthony

  • Editado Anthony Waye miércoles, 16 de mayo de 2012 3:24
  •  
  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 3:33

  Moderador

   

   
  

  0

  Hi,

  Domain
  *.services.esriaustralia.com.au
  *.esriaustralia.com.au
  *.earthmineaustralia.com

  -Please remove the above entries and test.

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• miércoles, 16 de mayo de 2012 3:58

   

   
  

  0

  Hi,

  Domain
  *.services.esriaustralia.com.au
  *.esriaustralia.com.au
  *.earthmineaustralia.com

  -Please remove the above entries and test.

  Regards,

  ---

  Nick Gu - MSFT

  Done. Same error.

  Failed Connection Attempt SVW-BNE-TMG-01 16/05/2012 1:56:23 PM 
  Log type: Web Proxy (Forward) 
  Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.  
  Rule: Allow all 
  Source: Internal (10.1.1.60:63941) 
  Destination: External (116.240.195.132:8080) 
  Request: GET http://data.earthmineaustralia.com:8080/map/ 
  Filter information: Req ID: 0a230ffd; Compression: client=No, server=No, compress rate=0% decompress rate=0% 
  Protocol: http 
  User: anonymous 
   Additional information 
  Client agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0
  Object source: Internet (Source is the Internet. Object was added to the cache.)
  Cache info: 0x0
  Processing time: 64047 MIME type:  

  The odd thing is when I try to connect to my instance at home I get a different type of error. It appears to be failing on the default rule instead of failing on the Allow All rule like the above.

  Denied Connection SVW-BNE-TMG-01 16/05/2012 1:58:01 PM 
  Log type: Firewall service 
  Status: Access is denied.  
  Rule: Default rule 
  Source: Internal (10.1.1.60:64086) 
  Destination: External (60-241-34-1.static.tpgi.com.au 60.241.34.1:8080) 
  Protocol: HTTP Proxy 
  User: SERVICES\awaye 
   Additional information 
  Number of bytes sent: 0 Number of bytes received: 0
  Processing time: 0ms Original Client IP: 10.1.1.60
  Client agent: firefox.exe:3:6.1
   

  Thanks

  Anthony

  • Responder
  • Citar

   
• viernes, 18 de mayo de 2012 8:54

  Moderador

   

   
  

  0

  Hi Anthony,

  Do you have tried other web site? is it the same error?

  Regards,

  ---

  Nick Gu - MSFT

  • Responder
  • Citar

   
• miércoles, 06 de junio de 2012 6:10

   

   
  

  0

  Hi Anthony,

  Do you have tried other web site? is it the same error?

  Regards,

  ---

  Nick Gu - MSFT

  Oh Nick sorry I didn't see you replied! Yes this same problem happens on any website hosted on port 8080. When the proxy is disabled on the client machine the website is accessible.

  Thanks

  Anthony

  • Responder
  • Citar