venerdì 25 giugno 2010 09:47
I have installed TMG std. Also running Forefront and Exchange EDGE.
Two NICS, one WAN (WAN IP config no DNS configured), and LAN (with DNS settings for internal DNS servers)
NIC Binding order is set correctly.
Clients are SecureNAT.
HTTPS inspection, caching etc etc is disable.
Also added the site to Bypass lists.
Everything is working ok, except one website that we use as a QA system.
The website is answerring fast at first connection attempt, but after first load, timeouts, slowdowns etc appear.
This is a SSL website, and connecting from my home computers (Same ISP), the website runs perfectly.
Our old ISA2006 Server did not have this problem.
If I Connect directly (without using TMG), the site works perfectly.
This is a JSP website, and all other websites works perfectly.
I the logs I get the following connecting to the website.
Log type: Firewall service Status: The operation completed successfully. Rule: XXXX Source: Internal (XXXXX:33227) Destination: External (XXXXX) Protocol: HTTPS Closed Connection XXX 25.06.2010 11:32:55 Log type: Firewall service Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. Rule: XXX Source: Internal (XXXXX:33227) Destination: External (XXXXX) Protocol: HTTPS
Problems appear in both IE7, IE8 and Firefox. From 2003, 2008, 2008R2, VISTA, XP and Win7 clients.
The Strange thing is, sometimes, it suddenly work for a couple of minutes, then becomes slow again.....
I feel like Im banging my head against a wall, and cant figure it out..
Please advise........ :)
Tutte le risposte
venerdì 25 giugno 2010 16:01
Since this is a SSL website, the best way will be to take a fiddler/httpwatch log with a netmon on the client & webserver & live logging and netmon on the tmg server, both nic.
A closed/initiated connection is just a stateful monitoring of tmg, telling you that it saw a fin or syn etc.
I am unable to makeout if if its public or your published website. If you have published the site, you can use the cert with pvt key to decrypt the ssl netmon traffic. use this: http://nmdecrypt.codeplex.com/ YOu will need to have complete SSL Handshake to decrypt the trafic.
follow the http get from client to tmg and tmg to webserver, obeserver the replies, timeouts etc. you will get the point of failure.
Regards, Amit Saxena. Keep Walking!
- Proposto come risposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator martedì 29 giugno 2010 03:06
- Contrassegnato come risposta Nick Gu - MSFTMicrosoft Contingent Staff, Moderator giovedì 1 luglio 2010 01:39