• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

"Automatically Detect Settings" in IE doesn't work.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> "Automatically Detect Settings" in IE doesn't work. Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
"Automatically Detect Settings" in IE doesn't... - 18.Nov.2009 6:11:02 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
I've just installed TMG 2010 RTM on a Windows 2008 R2 server. When I use the "Automatically Detect Settings" in IE it can't find the TMG. When checking autodiscovery with "fwctool.exe testautodiscover" it doesn't report problems. Also the TMG client autodiscovery works without problems. Setting the proxy settings in IE manually does work too. Entering the url "http://wpad/wpad.dat" in IE results in downloading the wpad.dat file. However, as soon as I use "Automatically Detect Settings" in IE it fails. Can someone help me how to resolve this issue?
Post #: 1
RE: "Automatically Detect Settings" in IE doe... - 18.Nov.2009 3:26:54 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Are you using DNS for autodiscovery?  If so, you will need to configure your DNS server to respond to this request.

http://tmgblog.richardhicks.com/2009/06/16/dns-security-enhancements-and-web-proxy-auto-discovery/

You will also need to enable autodiscovery on the properties for the Internal network (or whichever network your clients are on).

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to dmutsaers)
Post #: 2
RE: "Automatically Detect Settings" in IE doe... - 18.Nov.2009 5:34:34 PM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Yes, both are enabled. I can ping wpad and download the file from http://wpad/wpad.dat

(in reply to richardhicks)
Post #: 3
RE: "Automatically Detect Settings" in IE doe... - 19.Nov.2009 1:47:56 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
I suspect that the wpad.dat hasn't been correctly created by TMG. Here's an excerpt:

DirectNames=new MakeNames();
cDirectNames=6;
HttpPort="8080";
cNodes=1;
function MakeProxies(){
this[0]=new Node("x.x.x.102",1330137453,1.000000);

This ip address changes every reboot and is the RAS Adapter IP address. Shouldn't this be the internal LAN address?

< Message edited by dmutsaers -- 21.Nov.2009 2:27:42 AM >

(in reply to dmutsaers)
Post #: 4
RE: "Automatically Detect Settings" in IE doe... - 20.Nov.2009 12:24:53 PM   
richardhicks

 

Posts: 477
Joined: 20.Jan.2009
From: Southern California
Status: offline
Correct...that should definitely be the IP address of the Internal network interface of your TMG firewall.  You have enabled the web proxy listener on the Internal network, correct? 

_____________________________

Richard Hicks - Forefront MVP
http://tmgblog.richardhicks.com/
http://directaccess.richardhicks.com/

(in reply to dmutsaers)
Post #: 5
RE: "Automatically Detect Settings" in IE doe... - 20.Nov.2009 3:42:10 PM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
of course...

(in reply to richardhicks)
Post #: 6
RE: "Automatically Detect Settings" in IE doe... - 21.Nov.2009 2:27:08 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
TMG LDAP requests are initiated from the RRAS adapter:

x.x.x.208 = TMG RRAS Adapter
x.x.x.11 = DC
x.x.x.51 = Client

Denied Connection TMG 11/21/2009 8:11:18 AM
Log type: Firewall service
Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.
Rule: None - see Result Code
Source: Local Host (x.x.x.208:21411)
Destination: Internal (x.x.x.11:389)
Protocol: LDAP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: x.x.x.208

Denied Connection TMG 11/21/2009 8:12:00 AM
Log type: Firewall service
Status: The action cannot be performed because the session is not authenticated.
Rule: Allow Web Access for All Users
Source: Internal (x.x.x.51:51605)
Destination: External (213.199.164.110:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: x.x.x.51

< Message edited by dmutsaers -- 21.Nov.2009 2:36:24 AM >

(in reply to richardhicks)
Post #: 7
RE: "Automatically Detect Settings" in IE doe... - 22.Nov.2009 3:35:14 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
If I disable RRAS it correctly creates a proxy on the internal LAN:

DirectNames=new MakeNames();
cDirectNames=6;
HttpPort="8080";
cNodes=1;
function MakeProxies(){
this[0]=new Node("x.x.x.1",1330137453,1.000000);

(in reply to richardhicks)
Post #: 8
RE: "Automatically Detect Settings" in IE doe... - 22.Nov.2009 8:17:36 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
How have you got the NICs configured?

http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dmutsaers)
Post #: 9
RE: "Automatically Detect Settings" in IE doe... - 23.Nov.2009 1:35:34 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Yes, I've configured the network interfaces as described in the article. However, I configure dns on all network interfaces (pointing to the internal interface).
This is a recommendation from ISA Best Practice Analyzer.

(in reply to Jason Jones)
Post #: 10
RE: "Automatically Detect Settings" in IE doe... - 23.Nov.2009 6:31:41 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
quote:

ORIGINAL: dmutsaers

Yes, I've configured the network interfaces as described in the article. However, I configure dns on all network interfaces (pointing to the internal interface).
This is a recommendation from ISA Best Practice Analyzer.
[/quote

Nope, the BPA is bit dumb in this respect

You should only have DNS configured on the internal interface.

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dmutsaers)
Post #: 11
RE: "Automatically Detect Settings" in IE doe... - 23.Nov.2009 3:47:07 PM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Well, all has been configured as supposed to, but IE configured with "Automatically Detect Settings" directs proxy requests to the RRAS adapter, not the Internal adapter.

< Message edited by dmutsaers -- 24.Nov.2009 4:37:03 AM >

(in reply to Jason Jones)
Post #: 12
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 4:05:16 AM   
Emptyone

 

Posts: 12
Joined: 11.May2003
Status: offline
Got the same problem on our TMG server

(in reply to dmutsaers)
Post #: 13
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 4:37:50 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Glad I'm not the only one...

(in reply to Emptyone)
Post #: 14
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 8:09:11 AM   
adimcev

 

Posts: 380
Joined: 19.Oct.2008
Status: offline
Are you using DHCP address assignment for VPN clients ?

I was using a static pool, and I did not see this.
However when I've switched to DHCP, the IP address from the RAS interface was used in the wpad.dat.

At a glance, looks like a bug to me...

Thanks,
Adrian

_____________________________

Blog: http://www.carbonwind.net/blog

Get Our ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to dmutsaers)
Post #: 15
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 9:05:30 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Yes,

I'm using DHCP for VPN clients...

(in reply to adimcev)
Post #: 16
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 12:40:37 PM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
When assigning a static address pool for VPN clients it works as expected...

(in reply to dmutsaers)
Post #: 17
RE: "Automatically Detect Settings" in IE doe... - 24.Nov.2009 3:36:05 PM   
adimcev

 

Posts: 380
Joined: 19.Oct.2008
Status: offline
You can try to contact Microsoft's support to see what they say about this. If it's a bug, they should not charge you.
And temporarily to use an workaround, either with the static address pool or place Wpad.dat (and Wspad.dat) on another server.
http://technet.microsoft.com/en-us/library/cc995261.aspx

Thanks,
Adrian

_____________________________

Blog: http://www.carbonwind.net/blog

Get Our ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to dmutsaers)
Post #: 18
RE: "Automatically Detect Settings" in IE doe... - 25.Nov.2009 4:33:51 AM   
awj

 

Posts: 107
Joined: 26.Feb.2004
From: UK
Status: offline
Same problem and same setup scenario here too so i think this is definately a bug.

(in reply to dmutsaers)
Post #: 19
RE: "Automatically Detect Settings" in IE doe... - 1.Dec.2009 11:04:08 AM   
dmutsaers

 

Posts: 105
Joined: 1.Aug.2003
From: The Netherlands
Status: offline
Did anyone contact Microsoft about this?

(in reply to awj)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> "Automatically Detect Settings" in IE doesn't work. Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts