lunedì 12 marzo 2012 10:12
we have FTMG 2010 SP1 Standard on Windows Server 2008 R2 SP1. we have around 2200 Users at Present in a single location. (we are university in India)
Basic with all users required authentication and web proxy has been configured.
HTTPS Inspection is disabled. Malware inspection and Url Filtering is enabled.
what is happening is some of the users are getting below error message when they tried to access the internet using their id and password.
If you believe you are getting this message by mistake, try contacting your administrator or Helpdesk.
Technical Information (for support personnel)
- Error Code: 403 Forbidden. Forefront TMG denied the specified Uniform Resource Locator (URL). (12232)
- IP Address: 10.30.10.252
- Date: 3/12/2012 10:04:38 AM [GMT]
- Server: ISA.pdpu.ac.in
- Source: proxy
pls help if anybody has solution. we have do the migration two days ago from ISA 2006.
Tutte le risposte
lunedì 12 marzo 2012 15:24
martedì 13 marzo 2012 05:33Moderatore
Thank you for the post.
What is the firewall client type of the problematic machines? And what is TMG logging tell?
Nick Gu - MSFT
martedì 13 marzo 2012 09:14
Thanks for the reply.
There are only two Firewall Policy Rule created. One for Allowing Ping to the local host and one for taking Remote Desktop of local host.
The Firewall Client type is Web Proxy as all of our users uses Browser based Proxy Settings for accessing Internet. Only 4 to 8 users are facing such problem others are easily accessing the internet.
I have captured the log as below while trying to access the internet using one of the problematic user.
Denied Connection ISA 3/13/2012 2:28:32 PM
Log type: Web Proxy (Forward)
Status: 12209 Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
Source: Internal (10.30.37.234:1573)
Request: GET http://www.google.co.in/
Filter information: Req ID: 0b5179f4; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Client agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
As per the log it is showing that because of no authentication is provided it has been consider that request as anonymous and blocked it but i have provided the users credential who is facing the problem.
martedì 13 marzo 2012 15:35
Hello again, try to uncheck the "Enforce strict RPC compliance" option Active Directory authentication section that you will find in the system policy and then check results.
mercoledì 14 marzo 2012 12:28
thanks for the reply
i have done the settings but it still not works. if i tried with other users who are able to access the internet from the browser it allows me but only users who are getting this problem not able to access yet.
giovedì 15 marzo 2012 05:59Moderatore
Thank you for the update.
It seems like user credential issue. Did these problematic users belong to the same group of those worked users? If possible, would you please recreated these users and see if it works.
Nick Gu - MSFT