Announcement

Collapse
No announcement yet.

TMG, and web sites

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TMG, and web sites

    Our existing TMG server (running TMG 2010 on Win2k8 r2) was set up by a consultant. I've subsequently modified it to publish CRM and ADFS, but I'm not really up to speed on it.

    The hardware initially used isn't really up to the task, so we're moving it to a new server, and I've been given the job.

    In that we're also renaming the server I can't just export the config of the old one and import it on the new, so I've reinstalled from scratch and have recreated all the rules etc.

    The problem is that web traffic isn't getting through from external to our Exchange, CRM and ADFS servers.

    I've confirmed (several times) that the listeners and rules are all the same. I've loaded the certificates. I've confirmed the network settings. Rather than list everything ... If I can find it - I've confirmed that they match.

    But I must have missed something.

    When I watch the logging on the old server I see the incoming connection initiated, and then it passes on to the firewall rules. When I then shutdown the old server and start up the new and watch it on the new server I see the incoming connection initiated, and then a few seconds later the connection is closed.

    In other words - the connection is initiated and then nothing happens.

    Can someone (anyone) point me at something to try?

  • #2
    Re: TMG, and web sites

    I feel your pain!
    I replaced all of our DMZ ISA 2004/2006 servers with TMG recently and just couldn't get them to work (all they did was just proxy the OWA and rpc/https traffic). Part of the problem was we found one of the MAC addresses was hard coded on the perimeter firewall causing grief.
    Can you access the internal sites ok from the ISA server locally ok?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: TMG, and web sites

      How ... interesting.

      Out of desperation I ran the TMG Best Practices Analyzer on the old box and compared it to the results from the new.

      That lead me to discover that there were a whole slew of UAG services installed on the new server which weren't on the old one.

      A (not so quick) uninstall of UAG and a reload of the TMG config I'd built today and surprise surprise - it works.

      And the lesson? Check the install media you're handed and be sure it is what you've been told it is! lol

      Thanks for sharing the misery Andy - it's nice to have company!

      Comment


      • #4
        Re: TMG, and web sites

        Glad you fixed it!
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: TMG, and web sites

          If you had UAG installed, you should manage it from UAG and not from the TMG interface.
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment

          Working...
          X