none
SNAT Client often get error "403 forbidden" and "404 not found"

    Question

  • If use the SNAT, i often encoutered the error "403 forbidden nginx/0.7.62" or "404 not found nginx/0.7.62",
    if refresh the website, and can access it again.
    Sometimes return ftp or SMTP information when access internet website, such as,
      "220 xxx Microsoft ESMTP MAIL Service ready at Fri, 17 Dec 2010 11:42:19 +0800"
    If use the Proxy mode, all web site can be accessed very well.
    If i do some smtp test, such as "telnet xxx.xxx.xxx.xxx 25", sometimes will return the http information insteal of smtp information.

    From the TMG Log, i found some strange records,
    Such as, i access http://www.isacn.org/bbs/index.php?act=Help, the destiantion shoud be 61.139.126.5,
    but sometimes it will be changed to other ip addess, and return different error.

        Allowed Connection TMG 12/17/2010 8:29:28 AM
        Log type: Web Proxy (Forward)
        Status: 502 Bad Gateway
        Rule: Internet
        Source: intranet (10.10.23.33:54644)
        Destination: external (61.191.62.60:80)
        Request: GET http://61.191.62.60/bbs/index.php?act=Help
        Filter information: Req ID: 12accb28
        Protocol: http
        User: anonymous
        Additional information
        Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; aff-kingsoft-ciba1)
        Object source: Internet (Source is the Internet. Object was added to the cache.)
        Cache info: 0x40000000 (Response should not be cached.)
        Processing time: 31 MIME type: text/html


        Allowed Connection TMG 12/17/2010 8:35:24 AM
        Log type: Web Proxy (Forward)
        Status: 404 Not Found
        Rule: Internet
        Source: intranet (10.10.23.33:54663)
        Destination: external (63.66.78.10:80)
        Request: GET http://63.66.78.10/bbs/index.php?act=Help
        Filter information: Req ID: 12ad0aa9
        Protocol: http
        User: anonymous
        Additional information
        Client agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; aff-kingsoft-ciba1)
        Object source: Internet (Source is the Internet. Object was added to the cache.)
        Cache info: 0x40000000 (Response should not be cached.)
        Processing time: 312 MIME type: text/html

     

    Friday, December 17, 2010 3:53 AM

Answers

  • Hi,

    strange. Did you checked the DNS Server settings if external names are resolved correctly? Same behaviour at the TMG server itself?
    Are you using Webchaining or webcaching?


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Friday, December 17, 2010 8:45 AM
  • Fortunately, i found out the reason, it was caused by Mcafee Anti-virus on TMG server, after deleted the Mcafee software, it runs very well, not found any problem for a year.

    • Edited by atong Friday, June 01, 2012 3:48 AM
    • Marked as answer by atong Friday, June 01, 2012 3:48 AM
    Friday, June 01, 2012 3:44 AM

All replies

  • Hi,

    if you are using SNAT, you must use Firewall Policy rules which are allowed for "All users". SNAT doesn't support user authentication.
    http://technet.microsoft.com/en-us/library/bb794787.aspx


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Friday, December 17, 2010 5:03 AM
  • I am using SNAT and allowed for "All users".
    Sometimes i access a website, but was retured another content, even smtp connection information.
    I access http://www.isacn.org/bbs/index.php?act=Help, sometimes was redirect to http://xxx.xxx.xxx.xxx/bbs/index.php?act=Help, the ip address is not fixed.
    Not only http://www.isacn.org/bbs/index.php?act=Help has this problem, all web sites have same chance.

    Friday, December 17, 2010 7:55 AM
  • Hi,

    strange. Did you checked the DNS Server settings if external names are resolved correctly? Same behaviour at the TMG server itself?
    Are you using Webchaining or webcaching?


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    Friday, December 17, 2010 8:45 AM
  • Hi atong,

    Do you have any update about this issue?

    Regards,

     


    Nick Gu - MSFT
    Tuesday, December 21, 2010 3:39 AM
    Moderator
  • After reboot the TMG Server, it can work very well for a some days, and today this error happen again.

    Wednesday, December 29, 2010 5:19 AM
  • Hi Atong,

    have you had a solution for the above issue. I'm facing a very similar problem since I have migrated from ISA to TMG 2010. Internally there is no issues accessing company websites and internet. On the TMG server accessing internet timesout. externally clients cannot access websites hosted on the TMG as it times out. a reboot of the server fixes the issue but after a week, same issue.

    Tried restarting the DNS services/IIS but it's not the resolution. I'm a bit stuck and trying to understand how sometimes all works fine and then less than a minute all times out.

    This was not an issue when I had ISA and the TMG settings are identical. Cannot seem to find any error logs in event viewer. Only error that i get is Denied: 12202 FTMG denied the specified URL. this error happens after the web site tried to load it self. The web site will try for sometime and then monitoring the specific IP in TMG I came across the above error.

    Any suggestions to how to find the culprit. I do not want to reboot the server every week :)

    Wednesday, October 12, 2011 5:27 AM
  • Fortunately, i found out the reason, it was caused by Mcafee Anti-virus on TMG server, after deleted the Mcafee software, it runs very well, not found any problem for a year.

    • Edited by atong Friday, June 01, 2012 3:48 AM
    • Marked as answer by atong Friday, June 01, 2012 3:48 AM
    Friday, June 01, 2012 3:44 AM