[Webinar] Learn how to a build a cloud-first strategyRegister Now


Forefront TMG 2010 Troubleshooting Tools

Published on
14,437 Points
2 Endorsements
Last Modified:
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the initiated or trained, looking at the log files or reading the output from a set of trace files created from the 'repro' tool within the best practice analyser is sufficient; and fairly easy to do if you understand what you are looking at.

For the less knowledgeable - or for those who do not have the time to deep-dive and work it out for themselves - there is diagnostic logging, a new option that works really well in Forefront TMG 2010.

This brief article walks through the diagnostic logging routine and brings together a sample view of what can be picked up from it including the sequencing of events.

Diagnostic logging is disabled by default - it stands to reason that it takes up a fair bit of processing power and storage so should only be used when troubleshooting a specific issue rather than leaving it running all the time.

To enable the function, open the FTMG GUI, select Troubleshooting and then the Diagnostic Logging tab along the top on the right-hand-side.  Open the task pane on the far right and click enable diagnostic logging.

FTMG will now commence its inspection of events that take place and attempt to put them into an intelligible framework but note that you will NOT see anything appear on the screen. It is also noteworthy that you should try and undertake this activity when normal traffic is light or even out of normal working hours, if possible. In the meantime, try and recreate the event that you are trying to investigate or the scenario that you wish to be enlightened on. Once recreation has taken place or, after a short period of time driven by your storage really, disable the diagnostic logging option. Again, nothing will appear on the screen at this time, everything is held in the log ready for recall.

Click Show All then stand back..... you should now be looking at a fairly lengthy output of events that the FTMG server has undertaken during that period.

I have attached a Word document that contains a number of screenshots of these steps and some sample test-bed outputs for convenience.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Join & Write a Comment

This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month