[isalist] Re: TMG Client
- From: Jim Harrison <Jim@xxxxxxxxxxxx>
- To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 1 Feb 2012 14:45:04 +0000
Sadly, although fwctool and TMGC both use DHCP, DNS, HTTP and RWS to validate
auto-detection, each one employs slightly different methodology. TMGC received
some changes in response to the WPAD
vulnerability<http://technet.microsoft.com/en-us/security/advisory/945713> that
fwctool did not. There was much discussion about syncing them before ship so
that they would behave identically (and thus avoid your confusion), but
unfortunately, fwctool failed to make the cut.
WPAD operation and the TMG settings that affect it are described in the TMG
book in chapter 15 and Appx C.
99 times out of 10, the problem you describe is name resolution (usually a lack
of proper domain suffix).
You need to ensure that your array "DNS name" is properly set :
[cid:image001.png@01CCE0AB.B458F520]
..and that each protected network has the TMGC settings configured for the DNS
suffix it serves:
[cid:image002.png@01CCE0AB.B458F520]
Network Monitor has built-in filters designed specifically to help you
troubleshoot such issues.
Bear in mind that
Jim
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Ball, Dan
Sent: Thursday, January 26, 2012 11:59
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] TMG Client
Is there any particular reason why the TMG client would come up with "Failed to
detect Forefront TMG" Immediately upon pressing the Detect Now button, but when
running the "fwctool testautodetect" command it shows a success? I have a few
computers doing that. Setting it manually works.
Other related posts:
