TheGeezer2010
asked on
TMG 2010 Standard - web publishing rule not processed
Help please !!
Have configured a TMG 2010 server in a DMZ (domain-joined) with number 1 rule as ActiveSync web publishing rule, pointing to an Exchange 2010 CAS Array Farm, using an HTTPS Web Listener. The problem is that when I test this, the traffic is denied by the DEFAULT rule and the Web Publising rule is never evaluated. Since this contains details of how the clients should authenticate, the clients are unable to access the CAS Array.
The exact same config works fine on another TMG in a DMZ with the same rules, listeners etc.
The Certs are fine - the config is in sync, the Coonectivity verifiers are all green, the rule when tested shows all green.
The strange things are :-
The default deny says Denied Traffic
- destination URL host name could not be resolved
The protocol says : BranchCache-Advertise ???
Checked the internal URL can be reolved to the exchange CAS Array.
The web publishing rule is set up for HTTPS traffic redirected to 443, basic authentication (checked IIS VS also match this). Looks to me that this rule is not being invoked (Simulations shows "This Web publishing rule was skipped for this packet.") because the traffic is shown in the simulation as BranchCache-Advertise instead of HTTPS ??
Anyone come across this and/or have suggestions/solutions please ?
Have configured a TMG 2010 server in a DMZ (domain-joined) with number 1 rule as ActiveSync web publishing rule, pointing to an Exchange 2010 CAS Array Farm, using an HTTPS Web Listener. The problem is that when I test this, the traffic is denied by the DEFAULT rule and the Web Publising rule is never evaluated. Since this contains details of how the clients should authenticate, the clients are unable to access the CAS Array.
The exact same config works fine on another TMG in a DMZ with the same rules, listeners etc.
The Certs are fine - the config is in sync, the Coonectivity verifiers are all green, the rule when tested shows all green.
The strange things are :-
The default deny says Denied Traffic
- destination URL host name could not be resolved
The protocol says : BranchCache-Advertise ???
Checked the internal URL can be reolved to the exchange CAS Array.
The web publishing rule is set up for HTTPS traffic redirected to 443, basic authentication (checked IIS VS also match this). Looks to me that this rule is not being invoked (Simulations shows "This Web publishing rule was skipped for this packet.") because the traffic is shown in the simulation as BranchCache-Advertise instead of HTTPS ??
Anyone come across this and/or have suggestions/solutions please ?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Self-resolved but have raised another related ticket
ASKER