Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TMG Only report user IP addresses not user names

Posted on 2011-09-07
9
Medium Priority
?
3,080 Views
Last Modified: 2013-11-16
I have installed TMG 2010 in a domain environment.  The TMG is a domain member. And all users log in to their computers using domain accounts.  But when I look at the user activity it is all anonymous, and the TMG reports give the IP addresses as opposed to the users login IDs.

I am sure I misconfigured something but not sure what, can anyone help.

Thanks
0
Comment
Question by:townsma
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36493908
In order to log user name you need to following:

1. enable require all users to be authenticated from internal network properties ( TMG management console).
2. in the access rule you should remove "all users" from users tab and add the correct groups.

3. on the client side, you need to user webproxy or TMG RW client. not secure name ( default gateway).
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 36494401

Hi


hope below mention solution works for you


This behavior is documented here:

Q

In the daily report I see the IP address of websites visited, and not the resolved name. How can I ensure the name is displayed in the report?

A

Only clients that are configured as Web Proxy clients resolve sites through the ISA Server computer. Other clients handle name resolution themselves, and so the ISA Server computer only knows about the IP address. Ensure that the required clients are configured as Web Proxy clients.

 

From http://technet.microsoft.com/en-us/library/cc302624.aspx

Same applies to ISA 200x and TMG.

Regards,

Osama Mansoor
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36494432
@infoplateform,

In addition to repeating a part of my comment, your answer is irrelevant.
 the author needs the users IDs ( login names) to be logged not the websites names.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 36499305
Hey guys!

You don't need #1 (require all users to authenticate), that should really never need enabled.  MS should in fact (IMO) remove that option from the interface.

Using authenticated Rules (removing All Users) and running Clients as Web Proxy or Firewall Clients is all that is required.

As a side note on that "Require all users to authenticate" thing,... it:

1. Eliminates SecureNAT Clients and makes them impossible, which is not really feasible or practical in the real world.

2. 3rd Party "security" and "reporting" products (like SurfControl) will claim their product won't report correctly without enabling it,...but they are incorrect,...you just need authenticated rules (removing All Users) and that is sufficient.  This was mentioned at the last MVP Summit at MS's HQ.

The technet article quoted above is not entirely correct.  Firewall Clients will also resolve names through the ISA sometimes with some applications,...it can also be configured to always resolve names through the ISA/TMG.   If the setting is placed in the [WSP_Client_App] section then it only applies the the specified Winsock application, but if placed in the [Common Configuration] section it becomes a global Setting.

This can be accomplished right from the GUI of the  ISA/TMG's MMC in the Firewall Client Application Settings section.

The Option is:
NameResolution   =   Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.

Reference:

Firewall client application settings
http://technet.microsoft.com/en-us/library/cc723290.aspx

About Firewall client configuration settings
http://technet.microsoft.com/en-us/library/cc995211.aspx

Is this an example of one Technet article being contradicted by another?,.....yep.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36499858
Thank you pwindell for the correction and the valuable info which you shared with us.
0
 
LVL 6

Author Comment

by:townsma
ID: 36522053
I have had to go overseas on business.  I will return to this problem as soon as I return.  In the meanwhile I apologise for not getting back to you.

BR

Mark
0
 
LVL 38

Expert Comment

by:younghv
ID: 36991238
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 6

Author Comment

by:townsma
ID: 36968927
Agree with the recomendation.  Tried to close it but couldn't.

Thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question