Solved

TMG Only report user IP addresses not user names

Posted on 2011-09-07
9
3,000 Views
Last Modified: 2013-11-16
I have installed TMG 2010 in a domain environment.  The TMG is a domain member. And all users log in to their computers using domain accounts.  But when I look at the user activity it is all anonymous, and the TMG reports give the IP addresses as opposed to the users login IDs.

I am sure I misconfigured something but not sure what, can anyone help.

Thanks
0
Comment
Question by:townsma
9 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36493908
In order to log user name you need to following:

1. enable require all users to be authenticated from internal network properties ( TMG management console).
2. in the access rule you should remove "all users" from users tab and add the correct groups.

3. on the client side, you need to user webproxy or TMG RW client. not secure name ( default gateway).
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 36494401

Hi


hope below mention solution works for you


This behavior is documented here:

Q

In the daily report I see the IP address of websites visited, and not the resolved name. How can I ensure the name is displayed in the report?

A

Only clients that are configured as Web Proxy clients resolve sites through the ISA Server computer. Other clients handle name resolution themselves, and so the ISA Server computer only knows about the IP address. Ensure that the required clients are configured as Web Proxy clients.

 

From http://technet.microsoft.com/en-us/library/cc302624.aspx

Same applies to ISA 200x and TMG.

Regards,

Osama Mansoor
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36494432
@infoplateform,

In addition to repeating a part of my comment, your answer is irrelevant.
 the author needs the users IDs ( login names) to be logged not the websites names.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 36499305
Hey guys!

You don't need #1 (require all users to authenticate), that should really never need enabled.  MS should in fact (IMO) remove that option from the interface.

Using authenticated Rules (removing All Users) and running Clients as Web Proxy or Firewall Clients is all that is required.

As a side note on that "Require all users to authenticate" thing,... it:

1. Eliminates SecureNAT Clients and makes them impossible, which is not really feasible or practical in the real world.

2. 3rd Party "security" and "reporting" products (like SurfControl) will claim their product won't report correctly without enabling it,...but they are incorrect,...you just need authenticated rules (removing All Users) and that is sufficient.  This was mentioned at the last MVP Summit at MS's HQ.

The technet article quoted above is not entirely correct.  Firewall Clients will also resolve names through the ISA sometimes with some applications,...it can also be configured to always resolve names through the ISA/TMG.   If the setting is placed in the [WSP_Client_App] section then it only applies the the specified Winsock application, but if placed in the [Common Configuration] section it becomes a global Setting.

This can be accomplished right from the GUI of the  ISA/TMG's MMC in the Firewall Client Application Settings section.

The Option is:
NameResolution   =   Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.

Reference:

Firewall client application settings
http://technet.microsoft.com/en-us/library/cc723290.aspx

About Firewall client configuration settings
http://technet.microsoft.com/en-us/library/cc995211.aspx

Is this an example of one Technet article being contradicted by another?,.....yep.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36499858
Thank you pwindell for the correction and the valuable info which you shared with us.
0
 
LVL 6

Author Comment

by:townsma
ID: 36522053
I have had to go overseas on business.  I will return to this problem as soon as I return.  In the meanwhile I apologise for not getting back to you.

BR

Mark
0
 
LVL 38

Expert Comment

by:younghv
ID: 36991238
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 
LVL 6

Author Comment

by:townsma
ID: 36968927
Agree with the recomendation.  Tried to close it but couldn't.

Thanks
0

Featured Post

Active Directory Webinar

We all know we need to protect and secure our privileges, but where to start? Join Experts Exchange and ManageEngine on Tuesday, April 11, 2017 10:00 AM PDT to learn how to track and secure privileged users in Active Directory.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Russian pop up ad virus 8 152
Automated IT tasks 4 149
I have hard drive locked by Ransomware. How can I safely pull off a file to examine? 6 159
Ransome Ware Question 10 160
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question