Solved

Internal Website displays "Network Access Message: The page cannot be displayed"  on Forefront TMG

Posted on 2010-08-29
12
4,674 Views
Last Modified: 2012-05-10
Hi,

I'm having problems trying to access an internal website from behind a Forefront TMG server. When I try and access this server i'm greeted with "Network Access Message: The page cannot be displayed"

Technical Information (for support personnel)
Error Code: 403 Forbidden. Forefront TMG denied the specified Uniform Resource Locator (URL). (12202)
IP Address: 10.0.0.12
Date: 29/08/2010 14:52:12 [GMT]
Server: SRV-004.mjncomputers.co.uk
Source: proxy

 
0
Comment
Question by:TechLad
  • 6
  • 3
  • 2
  • +1
12 Comments
 
LVL 11

Expert Comment

by:mattibutt
ID: 33553365
have you looked at the IIS configuration like everything is congiured FQDN etc ? have you tried to open as https instead of http
0
 
LVL 5

Expert Comment

by:adaroc
ID: 33553436
0
 

Author Comment

by:TechLad
ID: 33553508
mattibutt:

I've tryed a number of things still no luck. I can access the web server from the TMG computers thats hosting it my typing http://srv-004, however unable to do that on any of the client machines.

unable to access the server my typing srv-004.domain-name.com either
0
 
LVL 11

Assisted Solution

by:mattibutt
mattibutt earned 333 total points
ID: 33553514
i am assuming firewall is not an issue you have your firewall correctly configured?
0
 
LVL 11

Expert Comment

by:mattibutt
ID: 33553518
i think in server 2008 it sets two names one for inernal use and one for external what did you put on external have put it on different ports to see the effect maybe the port is already used by something else
0
 
LVL 11

Expert Comment

by:mattibutt
ID: 33553525
is your dns setting correct try to run nslookup from client machine to check your server dns settings
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 11

Expert Comment

by:mattibutt
ID: 33553569
http://www.computing.net/answers/networking/cant-access-external-website/40133.html
can you have a look at this its basically saying the internal and external address should be different is that correct in your case?
0
 
LVL 76

Accepted Solution

by:
arnold earned 167 total points
ID: 33553612
You might want to exempt the internal traffic from going through the Forefront TMG or configure TMG to allow the traffic originating from the LAN to return through the forefront TMG to the LAN server.
Presumably it is used as a proxy.  Exempt LAN local traffic from going through the proxy and permit direct connection.
0
 

Author Comment

by:TechLad
ID: 33553682
mattibutt:

I did nslookup on a client machine and this is the resualts

C:\Docuements and Settings\admin>nslookup
***carn't find server name for address 10.0.0.10: None-existent domain
***Defualt server's are not available
Defualt Server: unknown
Address: 10.0.0.10

arnold:

How would I be able to try exempting local traffic from passing though the proxy server ? not 100% sure on doing that.
0
 
LVL 11

Assisted Solution

by:mattibutt
mattibutt earned 333 total points
ID: 33553684
seems to me your dns server is not correctly configured try to do the same on server see what happen if you have multiple NIC cards it also causes the problem in 2008 if you run nslookup on server and it also fails then report back
0
 

Author Comment

by:TechLad
ID: 33553766
Yeah I think I can explain most of that becouse I have multipal DNS servers and it was very slow internet access with Forefront as my router has DNS my forefront has DNS and my domain controller has DNS aswell
0
 
LVL 76

Expert Comment

by:arnold
ID: 33554517
Which has the DHCP server? You can configure the DHCP to include the settings for the DNS which should point the LAN systems to the DC/Domain DNS. External DNS does not have a wqy to resolve the localdomain.  You might want to point the forefront DNS to the Domain DNS servers.

Are you using a GPO to set the Proxy on the clients?
Within the same section where you define the proxy option, there is a section where you can exempt the LAN as well as specific sites from going through the proxy.

 
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now