Skip to main content
Sign In |
Agile Concepts

Aamir Qureshi's Blog

Go SearchAdvanced Search
Agile Concepts
Aamir Qureshi's Blog
About Agile Concepts
  

Tags
Architecture
Authentication Authorization
Availability
Best Practices
Blogs
Branding
Chatter
Collaboration
Compliance
Consulting
Database Management
Deployment
Development
Disaster Recovery
Error Troubleshooting
Extranet
SharePoint Farm
Governance
Hardware
High Availability
Software Updates
How To
Browser
IIS - Internet Information Server
Information Architecture
Internet
Intranet
Kerberos
Identity Store
Migration Upgrade
Monitoring
MVP
Network
Noise
NTLM
Office 2007
Operations
Optimization
Organizational Behavior
Performance
Permissions
Rant
Reporting
SDPS - SharePoint Deployment & Planning Service
Search
Security
Service Packs
Site Template
SLA - Service Level Agreements
Solution Accelerators
SQL
SSL - Secure Socket Layer
SSP - Shared Services Provider
SSRS SQL Server Reporting Services
Strange
Tools Utilities
Training
User Profiles
Virtualization
WCM
Server Role
Server OS
Workflow
WSS
PKI Certificate Services
Cheat Sheet
Directory Services
System Center
ForeFront
FIM Forefront Identity Manager
SharePoint 2010
Other Blogs
There are no items in this list.
Links
Photos
Archive
Archive (Calendar)
Agile Concepts > Blogs > Aamir Qureshi's Blog > Agile Posts > TMG - Web Publishing

12/31/2009

TMG - Web Publishing

You may have a perfectly valid http web publishing rule that TMG seems to be ignoring and denying processing with Rule “None – see Result Code” and Result Code logged is 0xc0040050 FWX_E_TCPIP_DROP_IP_NOT_LOCALLY_DESINED and applying default rule to

 

Denied Connection

Log type: Firewall service

Status: An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists. 

Rule: None - see Result Code

Protocol: HTTP

Destination Port: 80

Additional information

Number of bytes sent: 0 Number of bytes received: 0

Processing time: 0ms Original Client IP: <IP Address>

 

You will notice port is 80 but request is not going anywhere (denied). For a published site on default port (80) with a host header (most SharePoint implementation), you may wonder if host header info is being wiped out or rewritten.  

 

Examining the Windows Application Event Log, you will notice following warnings as well.

 

Log Name:         Application

Source:             Microsoft Forefront TMG Web Proxy

Event ID:          14148

Task Category: None

Level:               Warning

Keywords:         Classic

User:                N/A

Computer:      TMGFWHost.example.com

 

Description:

The Web Proxy filter failed to bind its socket to <Internal NIC IP> port 443. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.

 

Description:

The Web Proxy filter failed to bind its socket to <Internal NIC IP> port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.

 

CAUSE

TMG stopped processing http rule when Web Server running on port 80 on the TMG Server. In other words, the ports used by TMG Web Proxy Filter (Web Listener) must not be used by IIS running. The error messages you will get include:

 

SOLUTION:

Stop the IIS on TMG Host (iisreset /stop).

Restart “Microsoft Forefront TMG Firewall”

 

It’s not a good idea to host the Web Sites on the same server where you running TMG.

 

Posted at 4:03 PM by Aamir M. Qureshi | Category: Authentication Authorization; Best Practices; Deployment; Error Troubleshooting; IIS - Internet Information Server; Internet; Network; Security; ForeFront | Permalink | Email this Post | Comments (1)

Comments

ever heard from UAG?

Hi,

i hope your "solution" is not your mention anymore.

If i use a Microsoft UAG on my TMG i have an IIS Online, and i cant stop this Service :-) ..

Regards
at 3/1/2011 6:52 AM

Add Comment
Items on this list require content approval. Your submission will not appear in public views until approved by someone with proper rights. More information on content approval.

Title


Body *


Rate this Post

5 - High, 1 - Low

URL

Type the Web address: (Click here to test)  
Type the description: 
Attachments
© 2008 Agile Concepts - All rights reserved!