We are in the midst of a transition from Exchange 2007 to Exchange 2010. So we have two sets of rules to enable external access through our TMG 2010 server, rules for the people whose mailboxes are still on Exchange 2007 and rules for those now on Exchange 2010. After a lot of messing about, we got everything working acceptably. Everything has been stable for a few weeks. Then, a couple of days ago, we started having this odd problem. If a user's mailbox is still on Exchange 2007, everything works normally. But if a user's mailbox is on Exchange 2010, s/he can connect to OWA normally, but when s/he tries to open anything in the "Options" menu (e.g., Set Automatic Replies or Change Your Password), s/he gets a TMG error page that says "Network Access Message: The page cannot be displayed" and further down it says "Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)" I monitored it on the TMG console and got several errors. I've pasted some in at the end of this email. We are not aware of any changes to our TMG rules or our Exchange 2010 servers. (Well, with one exception: I was working with MS PSS on an unrelated TMG issue. The MS tech created two new rules right at the top of the stack, and then later that day was when the problem started. However, if I disable those two rules, the OWA problem still exists. So I don't THINK those rules have anything to do with this problem.) Why is TMG suddenly interfering here? Or would you say that the problem is originating on the Exchange server? Thanks for any input, Rob Here's one error: Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method Filter Information MIME Type Object Source Cache Information Error Information Source Port Session Type Bidirectional Network Interface Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original Client IP GMT Log Time Authentication Server UAG Array Id UAG Version UAG Module Id UAG Id UAG Severity UAG Type UAG Event Name UAG Session Id UAG Trunk Name UAG Service Name UAG Error Code Internal Service Info Log Field Client Application SHA1 Hash Client Application Trust State Client Application Internal Name Client Application Product Name Client Application Product Version Client Application File Version Client Application Original File Name Client FQDN URL Categorization Reason Forefront TMG Client Version URL Destination Host Name Log Time Client IP Destination IP Destination Port Protocol Action Overridden Rule NIS Scan Result NIS Signature NIS Application Protocol Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name URL Category Log Record Type Malware Inspection Action Malware Inspection Result Threat Name Threat Level Content Delivery Method Malware Inspection Duration (msec) NAT Address Client Application Path Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Yes Reverse Proxy webmail.afsc.org TCP GET Req ID: 0dad9a43; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=private, user activity=yes 0x0 0x0 11667 Web Proxy - - - 1 3391 873 - 6/6/2012 2:46:59 PM 0 0 0 0 - - - - - - - - webmail.afsc.org 6/6/2012 10:46:59 AM 209.120.230.110 209.120.230.118 443 https Denied Connection Inspected Default rule 12202 Forefront TMG denied the specified Uniform Resource Locator (URL). anonymous External Local Host http://webmail.afsc.org/ecp/?rfr=owa&p=Organize/AutomaticReplies.slab PHL-TMG2 - Web Proxy Filter 0 - - Here's another: Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method Filter Information MIME Type Object Source Cache Information Error Information Source Port Session Type Bidirectional Network Interface Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original Client IP GMT Log Time Authentication Server UAG Array Id UAG Version UAG Module Id UAG Id UAG Severity UAG Type UAG Event Name UAG Session Id UAG Trunk Name UAG Service Name UAG Error Code Internal Service Info Log Field Client Application SHA1 Hash Client Application Trust State Client Application Internal Name Client Application Product Name Client Application Product Version Client Application File Version Client Application Original File Name Client FQDN URL Categorization Reason Forefront TMG Client Version URL Destination Host Name Log Time Client IP Destination IP Destination Port Protocol Action Overridden Rule NIS Scan Result NIS Signature NIS Application Protocol Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name URL Category Log Record Type Malware Inspection Action Malware Inspection Result Threat Name Threat Level Content Delivery Method Malware Inspection Duration (msec) NAT Address Client Application Path Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) Yes Reverse Proxy https://webmail.afsc.org/owa/ webmail.afsc.org TCP GET Req ID: 0dad99e4; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=private, user activity=no text/html; charset=UTF-8 Internet 0x610c0000 0x582 15653 - - - 9984 712 860 - 6/6/2012 2:46:59 PM 0 0 0 0 - - - - - - - - webmail.afsc.org 6/6/2012 10:46:59 AM 209.120.230.110 172.17.200.117 443 https Failed Connection Attempt Inspected Outlook Web Access 10054 An existing connection was forcibly closed by the remote host. afsc\rmoore External Local Host http://webmail.afsc.org/owa/ev.owa?UA=0&oeh=1&ns=PendingRequest&ev=PendingNotificationRequest&canary=hBU7-81RBU2DB0XkmaeH0WUbeH2KF88Ie_NQtORBsJALoLmDClmusrEUeQBTxSvw3yevmb-0Q7Q. PHL-TMG2 - Web Proxy Filter 0 - - I got several of these that are almost identical, except for a file name: Client Agent Authenticated Client Service Referring Server Destination Host Name Transport HTTP Method Filter Information MIME Type Object Source Cache Information Error Information Source Port Session Type Bidirectional Network Interface Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original Client IP GMT Log Time Authentication Server UAG Array Id UAG Version UAG Module Id UAG Id UAG Severity UAG Type UAG Event Name UAG Session Id UAG Trunk Name UAG Service Name UAG Error Code Internal Service Info Log Field Client Application SHA1 Hash Client Application Trust State Client Application Internal Name Client Application Product Name Client Application Product Version Client Application File Version Client Application Original File Name Client FQDN URL Categorization Reason Forefront TMG Client Version URL Destination Host Name Log Time Client IP Destination IP Destination Port Protocol Action Overridden Rule NIS Scan Result NIS Signature NIS Application Protocol Rule Result Code HTTP Status Code Client Username Source Network Destination Network URL Server Name URL Category Log Record Type Malware Inspection Action Malware Inspection Result Threat Name Threat Level Content Delivery Method Malware Inspection Duration (msec) NAT Address Client Application Path Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; MS-RTC EA 2; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) No Reverse Proxy https://webmail.afsc.org/ecp/?rfr=owa&p=Organize/AutomaticReplies.slab webmail.afsc.org TCP GET Req ID: 0dad9a45; Compression: client=Yes, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=yes, valid=yes, updated=no, logged off=no, client type=private, user activity=no 0x0 0x80 18515 - - - 1 28774 1032 - 6/6/2012 2:46:59 PM 0 0 0 0 - - - - - - - - 6/6/2012 10:46:59 AM 209.120.230.110 209.120.230.118 443 https Failed Connection Attempt 12210 An Internet Server API (ISAPI) filter has finished handling the request. Contact your system administrator. anonymous http://webmail.afsc.org/Wbo-CB10098D-AA05-4CA8-A009-E17E9C19A0A3/logo.png PHL-TMG2 Unknown Web Proxy Filter 0 - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Helpdesk: 800-500-AFSC