[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3094
  • Last Modified:

TMG Only report user IP addresses not user names

I have installed TMG 2010 in a domain environment.  The TMG is a domain member. And all users log in to their computers using domain accounts.  But when I look at the user activity it is all anonymous, and the TMG reports give the IP addresses as opposed to the users login IDs.

I am sure I misconfigured something but not sure what, can anyone help.

Thanks
0
townsma
Asked:
townsma
1 Solution
 
Suliman Abu KharroubIT Consultant Commented:
In order to log user name you need to following:

1. enable require all users to be authenticated from internal network properties ( TMG management console).
2. in the access rule you should remove "all users" from users tab and add the correct groups.

3. on the client side, you need to user webproxy or TMG RW client. not secure name ( default gateway).
0
 
infoplateformCommented:

Hi


hope below mention solution works for you


This behavior is documented here:

Q

In the daily report I see the IP address of websites visited, and not the resolved name. How can I ensure the name is displayed in the report?

A

Only clients that are configured as Web Proxy clients resolve sites through the ISA Server computer. Other clients handle name resolution themselves, and so the ISA Server computer only knows about the IP address. Ensure that the required clients are configured as Web Proxy clients.

 

From http://technet.microsoft.com/en-us/library/cc302624.aspx

Same applies to ISA 200x and TMG.

Regards,

Osama Mansoor
0
 
Suliman Abu KharroubIT Consultant Commented:
@infoplateform,

In addition to repeating a part of my comment, your answer is irrelevant.
 the author needs the users IDs ( login names) to be logged not the websites names.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
pwindellCommented:
Hey guys!

You don't need #1 (require all users to authenticate), that should really never need enabled.  MS should in fact (IMO) remove that option from the interface.

Using authenticated Rules (removing All Users) and running Clients as Web Proxy or Firewall Clients is all that is required.

As a side note on that "Require all users to authenticate" thing,... it:

1. Eliminates SecureNAT Clients and makes them impossible, which is not really feasible or practical in the real world.

2. 3rd Party "security" and "reporting" products (like SurfControl) will claim their product won't report correctly without enabling it,...but they are incorrect,...you just need authenticated rules (removing All Users) and that is sufficient.  This was mentioned at the last MVP Summit at MS's HQ.

The technet article quoted above is not entirely correct.  Firewall Clients will also resolve names through the ISA sometimes with some applications,...it can also be configured to always resolve names through the ISA/TMG.   If the setting is placed in the [WSP_Client_App] section then it only applies the the specified Winsock application, but if placed in the [Common Configuration] section it becomes a global Setting.

This can be accomplished right from the GUI of the  ISA/TMG's MMC in the Firewall Client Application Settings section.

The Option is:
NameResolution   =   Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.

Reference:

Firewall client application settings
http://technet.microsoft.com/en-us/library/cc723290.aspx

About Firewall client configuration settings
http://technet.microsoft.com/en-us/library/cc995211.aspx

Is this an example of one Technet article being contradicted by another?,.....yep.
0
 
Suliman Abu KharroubIT Consultant Commented:
Thank you pwindell for the correction and the valuable info which you shared with us.
0
 
townsmaAuthor Commented:
I have had to go overseas on business.  I will return to this problem as soon as I return.  In the meanwhile I apologise for not getting back to you.

BR

Mark
0
 
younghvCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
townsmaAuthor Commented:
Agree with the recomendation.  Tried to close it but couldn't.

Thanks
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now