Microsoft Forefront TMG

Posted on 2011-10-17
Last Modified: 2012-06-27
i can ping the external ip address via the TMG but when i try ping the name i get cannot find host. but when i tracert the external ip address i get the following error on the firewall....

Denied Connection RX-TMG01-S 2011/10/17 03:08:13 PM
Log type: Firewall service
Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.  
Rule: None - see Result Code
Source: Local Host (
Destination: External (***.***.***.***:137)
Protocol: NetBios Name Service
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP:

Denied Connection RX-TMG01-S 2011/10/17 04:15:51 PM
Log type: Firewall service
Status: Access is denied.  
Rule: Default rule
Source: Internal (
Destination: External (***.***.***.***:137)
Protocol: NetBios Name Service
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP:
Question by:Raubex_IT
    LVL 23

    Expert Comment

    by:Suliman Abu Kharroub
    First issue (DNS): It depends on how the client machine configured to resolve names, to which DNS server the client points ? does this DNS server has a record for that name ?

    Second issue (tracert):
    simply it is an information massage not error message, Tracert pings each node on the path and returns the result, when it pings the internal interface of TMG server ( the first node in the path), it shows the message and that's expected; because the IP header shows that this packet is targeted to the external IP and should be come from the external interface not the internal.
    LVL 4

    Accepted Solution

    This is a DNS issue when you try to ping or tracert using name. Ensure that an A record points to the IP address of the TMG server and that TMG server is set to lookup the internal DNS server that is being queried. As for the tracert and ping response, try them from a remote machine instead of TMG. If you still do not get results, you might have to change the system policy to allow ICMP and Tracert diagnostics.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Cannot connect to Domain Controller 4 79
    Freshly setup Server2012 DNS issues 14 37
    DNS Host A record or CName 3 45
    DNS records 18 60
    ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
    Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now