We help IT Professionals succeed at work.

bypassing TMG for website "session is not authenticated" error

Medium Priority
1,449 Views
Last Modified: 2012-05-12
Hi all,

im having trouble bypassing TMG for a website that has problems when it goes through TMG

i used to have my rules for all authenticated users, before changing it to my active directory security groups
now all my other data goes through fine

ive tried bypassing this website on the TMG directly and ive bypassed it on the client aswell, and the tmg is jsut comign back with session is not authenticated

well its not even supposed to worry about that is it, its supposed to be bypassed
and the odd time it did mange to get through i got no data received errors :|

anyone know how to diagnose whats going on further?
also the require all users to authenticate box is unchecked

Thanks
Comment
Watch Question

Most Valuable Expert 2011
Commented:
You have to understand what "bypass" means.  It does not mean you stop using the TMG,...it only means you stop using the Web Proxy Service of the TMG,...assuming you aren't running a signle-nic TMG as simply a caching server.  The Firewall Service or the SecureNAT Service has to pick it up from there.

Author

Commented:
ok right, glad you cleared that up for me, was wondering about that, so the proxy service isnt used, so none of the web access rules are applied?

i tried creating a web access rule to allow all traffic to this site for "all users" but i get the same message session not authenticated

all users does not need authentication though does it? it means everyone?

just seen just before i get the not authenticated error it i get an allowed error saying "status 302 moved temporarily", wheres it moved?

the traffic thats denied is https (i have made sure the rule i created allows http and https)

Thanks
Most Valuable Expert 2011
Commented:
ok right, glad you cleared that up for me, was wondering about that, so the proxy service isnt used,

No it means the "web proxy service" isn't used.   The Firewall Service is also a proxying service,...it is a Winsock Proxy Service (as opposed to the other being a CERN Compliant Web Proxy Service).

so none of the web access rules are applied?

There is not such thing as a "web access rule",...access rules are just access rules.  All three services can use them if they are anonymous,...if they are not anonymous then only the Web Proxy and Firewall (Winsock) Service can use them.  

all users does not need authentication though does it? it means everyone?

That is correct.

At this point I really can't give anything specific to the problem.  All I can do it try to help you under stand how TMG works (and doesn't work) in hopes you would spot the problem on your own.

Since you have kept this "problem website" a complete secret to everyone there is no way to test against it from one of our ISA or TMGs.

Author

Commented:
ok i get you, im not sure im allowed to give this sites name out, as we are a subcontractor of this site and our staff use their web app for customer data.

i have manged to get it working though!
i created a rule that allowed all outbound traffic to the problem sites domain and its IP address, that got me to the cert validation failure, of which i didnt have a certificate installed on my machine to get past this bit

i got a machine with a cert then it got so far and then was hit with a diagnose connection problem page, so i bypassed the site via the users machine and it got past that last bit, (this was the problem websites solution) and i had to put it in format www.subdomain.domain.com that was the only way it would let it pass.

to me it sounds like the problem site hosting this web application havent set some things up properly, i know they havent even set up dns correctly as www. doesnt work for one of their subdomains and has to be domain. instead.

bet either way the users have access so thats all sorted
Most Valuable Expert 2011

Commented:
Ok,..sounds good.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.