כניסה
 
עמוד הביתספריהלמדהורדותאיתר וטיפל בבעיותקהילהפורומים
משאבים למומחי מחשוב >
TMG 2010 Network config and web publishing

Answered TMG 2010 Network config and web publishing

  • יום שישי 12 מרץ 2010 13:34
     
     
    היכנס כדי להצביע
    0
    Hi , installed TMG on 2008R2 domain joined server, network is basic, the server is sat behind a firewall and as this is a test lab the network is a basic 255.255.255.0/24

    I have two nics in the server as I have  createa a web listener.
    Nic one named internal config: IP 192.168.0.9, no gateway set and DNS points to the insternal DNS

    Nic two  named External config: IP 192.168.0.250, gatewat is the firewall 192.168.0.1, DNS point to internal and external
    Within the networks the type - internal is configured for the entire subnet range being used.

    On the nwtwork setup wizard i have defined the network as an edge fire wall. I tried to make it to a back firewall but i would not sabe the config.

    I created a OWA publishing rule and associated it with the listener. From the server itself I run the rule tet and it connects fine
    When i run the traffic sim, specify the source to be and external address and url to be the external url the result fails with Denied Traffic, Rulne name : default rule, rule order 21
    From external to internal
    network rule name :noe, Protocol Https, both nwtwork relationship and application filer are blank. When i look at the rule its the last one which stops all traffic

    When I look in alerts i get the following

    Alert Information
    Description: The Web Proxy filter failed to bind its socket to 192.168.0.250 port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
    The failure is due to error: An attempt was made to access a socket in a way forbidden by its access permissions.


    The Web Proxy filter failed to bind its socket to 192.168.0.9 port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
    The failure is due to error: An attempt was made to access a socket in a way forbidden by its access permissions.


    The Web Proxy filter failed to bind its socket to 127.0.0.1 port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
    The failure is due to error: An attempt was made to access a socket in a way forbidden by its access permissions. 

    Can anyone offer some advice its driving me crazy.
    Must be a NIC or name resolution issue?
    Cheers

     

כל התגובות

  • יום שישי 12 מרץ 2010 13:40
     
     
    היכנס כדי להצביע
    0
    ok turning off web access policy removed the web proxy filter errors. Although now I still cannot get any published resources. The firewall is configured to pass any https traffic the the .250 nic on the server
     
  • יום ראשון 14 מרץ 2010 10:31
     
     
    היכנס כדי להצביע
    0
    its better post your question here:

    Mohammad Saeed Abdelaziz | MCSE 2003 | MCTS:OCS, Exchange2007 | CCNP | UC Voice Specialist
     
  • יום שלישי 16 מרץ 2010 07:46
    מנחה דיון
     
     הצעה לתשובה
    היכנס כדי להצביע
    0

    Hi,

     

    Thank you for the post.

     

    According to the description, I think you may mis-configure the network setting on TMG. There cannot be two network adapters in the same subnet. Please refer to the following sample to correct your configuration.

     

    Internal address: 192.168.1.0/24

    Internal DNS:192.168.1.1

    External address:10.0.0.1/8

    Firewall address:10.0.0.10

     

    Nic one named Internal config: IP 192.168.1.10, no gateway; DNS 192.168.1.1
    Nic two named External config: IP 10.0.0.1, gateway 10.0.0.10; no DNS

     

    Regards,

    Nick Gu - MSFT
     
  • יום שלישי 16 מרץ 2010 07:55
     
     תשובה
    היכנס כדי להצביע
    0
    Thanks for the advice guys.
    Having removed IIS things headed in the right direction.
    All i needed to do then was make sure that the name resolution worked correctly and got OWA working.

    Not sure on the nic config but I have the web listener configured for the .250 address with port fowarding on the external FW and seems to work well.

    I have now configured Outlook anywhere in a similar fashion and that seems to work to.
    Just need to sort out OCS address book and the jobs a good one.