locked
VPN access configuration with ForeFront TMG RRS feed

  • Question

  • I am trying to configure VPN Client access with ForeFront TMG. When I try to add domain groups to allow access to them, under Group column I can only see the SID of the domain group. And the Domain column ends up empty. ForeFront TMG is joined to the domain.

    Can you think of a reason?

    Tuesday, April 13, 2010 3:00 PM

Answers

  • Hi Guys,

    Check if the secure channel is intact. See if you are getting any 5719 events.

    Run Netdiag on the machine to check the DNS resolution for SRVs.

    Check if the DNS has the entries of the SRVs.

    Try logging on as another user.

    Create a share on the TMG, give permission only to one user. Now, go to another client and try to access that folder. Try it otherwise too, creating share on client and accessing via ISA Server. This is to test the authentications.


    Regards, Amit Saxena
    • Marked as answer by James Kilner Tuesday, September 28, 2010 8:00 AM
    Friday, June 11, 2010 4:16 PM

All replies

  • I am trying to configure VPN Client access with ForeFront TMG. When I try to add domain groups to allow access to them, under Group column I can only see the SID of the domain group. And the Domain column ends up empty. ForeFront TMG is joined to the domain.

    Can you think of a reason?


    Hi,

    have a look at the System policy rule if this rule allows Active Directory access and if the option "enable strict RPC compliance" in the system rule is deactivated.


    regards Marc www.nt-faq.de www.it-training-grote.de www.forefront-tmg.de
    Tuesday, April 13, 2010 6:21 PM
  • I can successfully add the domain group to the allowed groups list in VPN Client Access settings window. This means AD access is enabled, right? After I choose the group and click add, the group list only shows the SID of the group, the domain column is empty.
    Tuesday, April 13, 2010 7:09 PM
  • Do you see 5719 Netlogon evets in the event logs on TMG Server?


    Regards.
    Friday, April 30, 2010 2:49 PM
  • Hello

     

    Is your AD domain in 2000 or 2000 mixted mode?

    If so try this fix http://support.microsoft.com/kb/976494

    I had the same issue on Windows 2008 R2 Server on which I tried to install SharePoint 2010


    Senior Solution Architect Capgemini
    Friday, May 14, 2010 9:36 AM
  • I have the same problem. I installed fix above, but I have the same problem.

    I am trying to configure VPN Client access with TMG. When I try to add domain groups to allow access to them, under Group column I can only see the SID of the domain group. And the Domain column ends up empty. ForeFront TMG is joined to the domain.

    • Proposed as answer by JamdownTech Wednesday, October 13, 2010 9:41 AM
    Friday, June 11, 2010 10:33 AM
  • Hi Guys,

    Check if the secure channel is intact. See if you are getting any 5719 events.

    Run Netdiag on the machine to check the DNS resolution for SRVs.

    Check if the DNS has the entries of the SRVs.

    Try logging on as another user.

    Create a share on the TMG, give permission only to one user. Now, go to another client and try to access that folder. Try it otherwise too, creating share on client and accessing via ISA Server. This is to test the authentications.


    Regards, Amit Saxena
    • Marked as answer by James Kilner Tuesday, September 28, 2010 8:00 AM
    Friday, June 11, 2010 4:16 PM
  • Hi Guys

    Had a similar problem check to see if the RPC Filter is disabled, the RPC filter needs to be enabled for TMG to access Active Directory.

     

    Regards

    Wednesday, October 13, 2010 9:51 AM