I finally fixed that problem. I noticed that the extension on the PDF file was very odd: instead of ".pdf" it's ".DocServer". So I changed the HTTP filter to "Allow all extensions" and that worked. Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Monday, May 16, 2011 1:10 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 Thanks for the idea, Jim. Unfortunately disabling compression didn't fix the problem. Same error as before. :( Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Saturday, May 14, 2011 1:13 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 Here's the filtered and reordered capture (Wireshark can't do that, either; neener-neener-boo-boo :)). It seems that the response form the Web server upsets TMG somehow. It's not possible to say exactly how this upsets TMG without a tracefile, but you may be able to resolve this by disabling compression if you have it enabled; the client indicates acceptance of compressed data in frame 7, so TMG may be trying to compress it back to the client. From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Friday, May 13, 2011 9:25 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 Here is the whole capture. 172.17.201.24 is the address of my PC. 170.115.248.137 is the address of the remote web server. This download worked when we were using ISA. It still works for these folks when they access the site from home. Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Friday, May 13, 2011 10:03 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 Actually, I'd need to see the capture itself, although it seems pretty clear that: 1. There is another (NAT) device upstream from TMG (TMG IPAddr = 172.17.201.24; WebSvr IPAddr = 170.115.248.137) 2. The WebSvr failed the request (frame 452) From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Friday, May 13, 2011 6:50 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 He's trying to download PDFs from a City of Philadelphia website. The URL is http://philadox.phila.gov/picris/servlet/ecs.servlet.DocServer. To get there, though, you have to have a username and password. I went there (using his credentials) and tried to download a PDF. I got the same error. I did the Netmon capture, as per your instructions. Below is the traffic between my computer and the remote server. Let me know what you see and if you need something more (like maybe the whole Netmon capture file, or this conversation in an Excel file, or anything else). 441 5/13/2011 9:34 1.225792 172.17.201.24 170.115.248.137 TCP TCP:Flags=......S., SrcPort=49490, DstPort=HTTP(80), PayloadLen=0, Seq=26693, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192 {TCP:168, IPv4:167} 442 5/13/2011 9:34 1.226298 170.115.248.137 172.17.201.24 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=49490, PayloadLen=0, Seq=3946482666, Ack=26694, Win=8192 ( Negotiated scale factor 0x8 ) = 2097152 {TCP:168, IPv4:167} 443 5/13/2011 9:34 1.22644 172.17.201.24 170.115.248.137 TCP TCP:Flags=......S., SrcPort=49491, DstPort=HTTP(80), PayloadLen=0, Seq=705015745, Ack=0, Win=8192 ( Negotiating scale factor 0x2 ) = 8192 {TCP:169, IPv4:167} 444 5/13/2011 9:34 1.226862 170.115.248.137 172.17.201.24 TCP TCP:Flags=...A..S., SrcPort=HTTP(80), DstPort=49491, PayloadLen=0, Seq=2744969049, Ack=705015746, Win=8192 ( Negotiated scale factor 0x8 ) = 2097152 {TCP:169, IPv4:167} 445 5/13/2011 9:34 1.227025 172.17.201.24 170.115.248.137 TCP TCP:Flags=...A...., SrcPort=49490, DstPort=HTTP(80), PayloadLen=0, Seq=26694, Ack=3946482667, Win=365 (scale factor 0x2) = 1460 {TCP:168, IPv4:167} 446 5/13/2011 9:34 1.228155 172.17.201.24 170.115.248.137 TCP TCP:Flags=...A...., SrcPort=49491, DstPort=HTTP(80), PayloadLen=0, Seq=705015746, Ack=2744969050, Win=365 (scale factor 0x2) = 1460 {TCP:169, IPv4:167} 447 5/13/2011 9:34 1.229617 172.17.201.24 170.115.248.137 HTTP HTTP:Request, POST /picris/servlet/ecs.servlet.DocServer {HTTP:170, TCP:169, IPv4:167} 452 5/13/2011 9:34 1.345096 170.115.248.137 172.17.201.24 HTTP HTTP:Response, HTTP/1.1, Status: Internal server error, URL: /picris/servlet/ecs.servlet.DocServer {HTTP:170, TCP:169, IPv4:167} 453 5/13/2011 9:34 1.345096 170.115.248.137 172.17.201.24 TCP TCP:[Continuation to #452]Flags=...A...., SrcPort=HTTP(80), DstPort=49491, PayloadLen=1460, Seq=2744970510 - 2744971970, Ack=705016330, Win=256 (scale factor 0x8) = 65536 {TCP:169, IPv4:167} 454 5/13/2011 9:34 1.346642 172.17.201.24 170.115.248.137 TCP TCP:Flags=...A...., SrcPort=49491, DstPort=HTTP(80), PayloadLen=0, Seq=705016330, Ack=2744971970, Win=16425 (scale factor 0x2) = 65700 {TCP:169, IPv4:167} 455 5/13/2011 9:34 1.346729 170.115.248.137 172.17.201.24 TCP TCP:[Continuation to #452]Flags=...AP..F, SrcPort=HTTP(80), DstPort=49491, PayloadLen=1330, Seq=2744971970 - 2744973301, Ack=705016330, Win=256 (scale factor 0x8) = 65536 {TCP:169, IPv4:167} 456 5/13/2011 9:34 1.348033 172.17.201.24 170.115.248.137 TCP TCP:Flags=...A...., SrcPort=49491, DstPort=HTTP(80), PayloadLen=0, Seq=705016330, Ack=2744973301, Win=16092 (scale factor 0x2) = 64368 {TCP:169, IPv4:167} 457 5/13/2011 9:34 1.348428 172.17.201.24 170.115.248.137 TCP TCP:Flags=...A...F, SrcPort=49491, DstPort=HTTP(80), PayloadLen=0, Seq=705016330, Ack=2744973301, Win=16092 (scale factor 0x2) = 64368 {TCP:169, IPv4:167} 458 5/13/2011 9:34 1.348518 170.115.248.137 172.17.201.24 TCP TCP:Flags=...A...., SrcPort=HTTP(80), DstPort=49491, PayloadLen=0, Seq=2744973301, Ack=705016331, Win=256 (scale factor 0x8) = 65536 {TCP:169, IPv4:167} From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, May 12, 2011 12:51 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 You should install Netmon 3.4 on the TMG and run it from an elevated cmd window using the following command: md c:\NetmonCaps nmcap /capture /network * /file c:\NetmonCaps\Capture.chn:100M ..before he runs the process to failure. This way, you'll be able to see the internal and external conversations as they happen. Wireshark can't do that... :) From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Wednesday, May 11, 2011 10:28 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 OK, let me try to get the series of steps from the user. I just watched the console while he went through a series of clicks from his computer (remote to me) to get to the object he wanted to download. Once I have that, I'll post back. Thanks, Rob From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Wednesday, May 11, 2011 11:10 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Error 87 "87" is the result-code and it means something about the request or response failed to process correctly. You have to identify "what it is" first. What is the web site URL? From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Wednesday, May 11, 2011 6:56 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Error 87 Using TMG Standard. Not caching, not using Firewall Client. I have a user trying to download a form from a City of Philadelphia website. It worked before we upgraded from ISA to TMG. Now when he tries to download the form, it fails. When I monitor his activity, I don't get a Result Code when it fails. All I get is an Action of "Failed Connection Attempt" and an HTTP Status Code of "87 The parameter is incorrect." What's going on? How can I work around this? Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC