Accedi
 
HomeLibraryRisorseFormazioneDownloadSupportoCommunityForumBlog
Risorse per professionisti IT >
TMG Problems with one Single SSL website

Bloccato TMG Problems with one Single SSL website

  • venerdì 25 giugno 2010 09:47
     
     
    Registrati per votare
    0

    Hello.

    I have installed TMG std. Also running Forefront and Exchange EDGE.

    Two NICS, one WAN (WAN IP config no DNS configured), and LAN (with DNS settings for internal DNS servers)

    NIC Binding order is set correctly.

    Clients are SecureNAT.

    HTTPS inspection, caching etc etc is disable.

    Also added the site to Bypass lists.

    Everything is working ok, except one website that we use as a QA system.
    The website is answerring fast at first connection attempt, but after first load, timeouts, slowdowns etc appear.

    This is  a SSL website, and connecting from my home computers (Same ISP), the website runs perfectly.

    Our old ISA2006 Server did not have this problem.

    If I Connect directly (without using TMG), the site works perfectly.

    This is a JSP website, and all other websites works perfectly.

    I the logs I get the following connecting to the website.

    Log type: Firewall service
    Status: The operation completed successfully.
    Rule: XXXX
    Source: Internal (XXXXX:33227)
    Destination: External (XXXXX)
    Protocol: HTTPS

    Closed Connection XXX 25.06.2010 11:32:55
    Log type: Firewall service
    Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
    Rule: XXX
    Source: Internal (XXXXX:33227)
    Destination: External (XXXXX)
    Protocol: HTTPS

     

    Problems appear in both IE7, IE8 and Firefox. From 2003, 2008, 2008R2, VISTA, XP and Win7 clients.

    The Strange thing is, sometimes, it suddenly work for a couple of minutes, then becomes slow again.....

    I feel like Im banging my head against a wall, and cant figure it out..

    Please advise........ :)

     

    Tommy Evensen
       

    Tutte le risposte

    • venerdì 25 giugno 2010 16:01
       
       Con risposta
      Registrati per votare
      0

      Since this is a SSL website, the best way will be to take a fiddler/httpwatch log with a netmon on the client & webserver & live logging and netmon on the tmg server, both nic.

      A closed/initiated connection is just a stateful monitoring of tmg, telling you that it saw a fin or syn etc.

      I am unable to makeout if if its public or your published website. If you have published the site, you can use the cert with pvt key to decrypt the ssl netmon traffic. use this: http://nmdecrypt.codeplex.com/ YOu will need to have complete SSL Handshake to decrypt the trafic.

      follow the http get from client to tmg and tmg to webserver, obeserver the replies, timeouts etc. you will get the point of failure.

      Regards, Amit Saxena. Keep Walking!