TMG Only report user IP addresses not user names

townsma
townsma used Ask the Experts™
on
I have installed TMG 2010 in a domain environment.  The TMG is a domain member. And all users log in to their computers using domain accounts.  But when I look at the user activity it is all anonymous, and the TMG reports give the IP addresses as opposed to the users login IDs.

I am sure I misconfigured something but not sure what, can anyone help.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In order to log user name you need to following:

1. enable require all users to be authenticated from internal network properties ( TMG management console).
2. in the access rule you should remove "all users" from users tab and add the correct groups.

3. on the client side, you need to user webproxy or TMG RW client. not secure name ( default gateway).

Hi


hope below mention solution works for you


This behavior is documented here:

Q

In the daily report I see the IP address of websites visited, and not the resolved name. How can I ensure the name is displayed in the report?

A

Only clients that are configured as Web Proxy clients resolve sites through the ISA Server computer. Other clients handle name resolution themselves, and so the ISA Server computer only knows about the IP address. Ensure that the required clients are configured as Web Proxy clients.

 

From http://technet.microsoft.com/en-us/library/cc302624.aspx

Same applies to ISA 200x and TMG.

Regards,

Osama Mansoor
@infoplateform,

In addition to repeating a part of my comment, your answer is irrelevant.
 the author needs the users IDs ( login names) to be logged not the websites names.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Most Valuable Expert 2011
Commented:
Hey guys!

You don't need #1 (require all users to authenticate), that should really never need enabled.  MS should in fact (IMO) remove that option from the interface.

Using authenticated Rules (removing All Users) and running Clients as Web Proxy or Firewall Clients is all that is required.

As a side note on that "Require all users to authenticate" thing,... it:

1. Eliminates SecureNAT Clients and makes them impossible, which is not really feasible or practical in the real world.

2. 3rd Party "security" and "reporting" products (like SurfControl) will claim their product won't report correctly without enabling it,...but they are incorrect,...you just need authenticated rules (removing All Users) and that is sufficient.  This was mentioned at the last MVP Summit at MS's HQ.

The technet article quoted above is not entirely correct.  Firewall Clients will also resolve names through the ISA sometimes with some applications,...it can also be configured to always resolve names through the ISA/TMG.   If the setting is placed in the [WSP_Client_App] section then it only applies the the specified Winsock application, but if placed in the [Common Configuration] section it becomes a global Setting.

This can be accomplished right from the GUI of the  ISA/TMG's MMC in the Firewall Client Application Settings section.

The Option is:
NameResolution   =   Possible values: L or R. By default, dotted decimal notation or Internet domain names are redirected to the ISA Server computer for name resolution and all other names are resolved on the local computer. When the value is set to R, all names are redirected to the ISA Server computer for resolution. When the value is set to L, all names are resolved on the local computer.

Reference:

Firewall client application settings
http://technet.microsoft.com/en-us/library/cc723290.aspx

About Firewall client configuration settings
http://technet.microsoft.com/en-us/library/cc995211.aspx

Is this an example of one Technet article being contradicted by another?,.....yep.
Thank you pwindell for the correction and the valuable info which you shared with us.

Author

Commented:
I have had to go overseas on business.  I will return to this problem as soon as I return.  In the meanwhile I apologise for not getting back to you.

BR

Mark
Author of the Year 2011
Top Expert 2006

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Author

Commented:
Agree with the recomendation.  Tried to close it but couldn't.

Thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial