Solved

TMG Only report user IP addresses not user names

Posted on 2011-09-07
9
2,941 Views
Last Modified: 2013-11-16
I have installed TMG 2010 in a domain environment.  The TMG is a domain member. And all users log in to their computers using domain accounts.  But when I look at the user activity it is all anonymous, and the TMG reports give the IP addresses as opposed to the users login IDs.

I am sure I misconfigured something but not sure what, can anyone help.

Thanks
0
Comment
Question by:townsma
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36493908
In order to log user name you need to following:

1. enable require all users to be authenticated from internal network properties ( TMG management console).
2. in the access rule you should remove "all users" from users tab and add the correct groups.

3. on the client side, you need to user webproxy or TMG RW client. not secure name ( default gateway).
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 36494401

Hi


hope below mention solution works for you


This behavior is documented here:

Q

In the daily report I see the IP address of websites visited, and not the resolved name. How can I ensure the name is displayed in the report?

A

Only clients that are configured as Web Proxy clients resolve sites through the ISA Server computer. Other clients handle name resolution themselves, and so the ISA Server computer only knows about the IP address. Ensure that the required clients are configured as Web Proxy clients.

 

From http://technet.microsoft.com/en-us/library/cc302624.aspx

Same applies to ISA 200x and TMG.

Regards,

Osama Mansoor
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36494432
@infoplateform,

In addition to repeating a part of my comment, your answer is irrelevant.
 the author needs the users IDs ( login names) to be logged not the websites names.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 36499305
Hey guys!

You don't need #1 (require all users to authenticate), that should really never need enabled.  MS should in fact (IMO) remove that option from the interface.

Using authenticated Rules (removing All Users) and running Clients as Web Proxy or Firewall Clients is all that is required.

As a side note on that "Require all users to authenticate" thing,... it:

1. Eliminates SecureNAT Clients and makes them impossible, which is not really feasible or practical in the real world.

2. 3rd Party "security" and "reporting" products (like SurfControl) will claim their product won't report correctly without enabling it,...but they are incorrect,...you just need authenticated rules (removing All Users) and that is sufficient.  This was mentioned at the last MVP Summit at MS's HQ.

The technet article quoted above is not entirely correct.  Firewall Clients will also resolve names through the ISA sometimes with some applications,...it can also be configured to always resolve names through the ISA/TMG.   If the setting is placed in the [WSP_Client_App] section then it only applies the the specified Winsock application, but if placed in the [Common Configuration] section it becomes a global Setting.

This can be accomplished right from the GUI of the  ISA/TMG's MMC in the Firewall Client Application Settings section.

The Option is:
NameResolution   =   Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.

Reference:

Firewall client application settings
http://technet.microsoft.com/en-us/library/cc723290.aspx

About Firewall client configuration settings
http://technet.microsoft.com/en-us/library/cc995211.aspx

Is this an example of one Technet article being contradicted by another?,.....yep.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36499858
Thank you pwindell for the correction and the valuable info which you shared with us.
0
 
LVL 6

Author Comment

by:townsma
ID: 36522053
I have had to go overseas on business.  I will return to this problem as soon as I return.  In the meanwhile I apologise for not getting back to you.

BR

Mark
0
 
LVL 38

Expert Comment

by:younghv
ID: 36991238
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 6

Author Comment

by:townsma
ID: 36968927
Agree with the recomendation.  Tried to close it but couldn't.

Thanks
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now