"Automatically Detect Settings" in IE doesn't work. (Full Version)

All Forums >> [Threat Management Gateway (TMG) 2010] >> General



Message

dmutsaers -> "Automatically Detect Settings" in IE doesn't work. (18.Nov.2009 6:11:02 AM)

I've just installed TMG 2010 RTM on a Windows 2008 R2 server. When I use the "Automatically Detect Settings" in IE it can't find the TMG. When checking autodiscovery with "fwctool.exe testautodiscover" it doesn't report problems. Also the TMG client autodiscovery works without problems. Setting the proxy settings in IE manually does work too. Entering the url "http://wpad/wpad.dat" in IE results in downloading the wpad.dat file. However, as soon as I use "Automatically Detect Settings" in IE it fails. Can someone help me how to resolve this issue?



richardhicks -> RE: "Automatically Detect Settings" in IE doesn't work. (18.Nov.2009 3:26:54 PM)

Are you using DNS for autodiscovery?  If so, you will need to configure your DNS server to respond to this request.

http://tmgblog.richardhicks.com/2009/06/16/dns-security-enhancements-and-web-proxy-auto-discovery/

You will also need to enable autodiscovery on the properties for the Internal network (or whichever network your clients are on).



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (18.Nov.2009 5:34:34 PM)

Yes, both are enabled. I can ping wpad and download the file from http://wpad/wpad.dat



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (19.Nov.2009 1:47:56 AM)

I suspect that the wpad.dat hasn't been correctly created by TMG. Here's an excerpt:

DirectNames=new MakeNames();
cDirectNames=6;
HttpPort="8080";
cNodes=1;
function MakeProxies(){
this[0]=new Node("x.x.x.102",1330137453,1.000000);

This ip address changes every reboot and is the RAS Adapter IP address. Shouldn't this be the internal LAN address?



richardhicks -> RE: "Automatically Detect Settings" in IE doesn't work. (20.Nov.2009 12:24:53 PM)

Correct...that should definitely be the IP address of the Internal network interface of your TMG firewall.  You have enabled the web proxy listener on the Internal network, correct? 



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (20.Nov.2009 3:42:10 PM)

of course...



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (21.Nov.2009 2:27:08 AM)

TMG LDAP requests are initiated from the RRAS adapter:

x.x.x.208 = TMG RRAS Adapter
x.x.x.11 = DC
x.x.x.51 = Client

Denied Connection TMG 11/21/2009 8:11:18 AM
Log type: Firewall service
Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.
Rule: None - see Result Code
Source: Local Host (x.x.x.208:21411)
Destination: Internal (x.x.x.11:389)
Protocol: LDAP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: x.x.x.208

Denied Connection TMG 11/21/2009 8:12:00 AM
Log type: Firewall service
Status: The action cannot be performed because the session is not authenticated.
Rule: Allow Web Access for All Users
Source: Internal (x.x.x.51:51605)
Destination: External (213.199.164.110:80)
Protocol: HTTP
Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: x.x.x.51



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (22.Nov.2009 3:35:14 AM)

If I disable RRAS it correctly creates a proxy on the internal LAN:

DirectNames=new MakeNames();
cDirectNames=6;
HttpPort="8080";
cNodes=1;
function MakeProxies(){
this[0]=new Node("x.x.x.1",1330137453,1.000000);



Jason Jones -> RE: "Automatically Detect Settings" in IE doesn't work. (22.Nov.2009 8:17:36 PM)

How have you got the NICs configured?

http://blog.msfirewall.org.uk/2008/06/isa-servers-recommeded-network-card.html

Cheers

JJ



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (23.Nov.2009 1:35:34 AM)

Yes, I've configured the network interfaces as described in the article. However, I configure dns on all network interfaces (pointing to the internal interface).
This is a recommendation from ISA Best Practice Analyzer.



Jason Jones -> RE: "Automatically Detect Settings" in IE doesn't work. (23.Nov.2009 6:31:41 AM)

quote:

ORIGINAL: dmutsaers

Yes, I've configured the network interfaces as described in the article. However, I configure dns on all network interfaces (pointing to the internal interface).
This is a recommendation from ISA Best Practice Analyzer.
[/quote

Nope, the BPA is bit dumb in this respect [:)]

You should only have DNS configured on the internal interface.

Cheers

JJ



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (23.Nov.2009 3:47:07 PM)

Well, all has been configured as supposed to, but IE configured with "Automatically Detect Settings" directs proxy requests to the RRAS adapter, not the Internal adapter.



Emptyone -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 4:05:16 AM)

Got the same problem on our TMG server



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 4:37:50 AM)

Glad I'm not the only one...



adimcev -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 8:09:11 AM)

Are you using DHCP address assignment for VPN clients ?

I was using a static pool, and I did not see this.
However when I've switched to DHCP, the IP address from the RAS interface was used in the wpad.dat.

At a glance, looks like a bug to me...

Thanks,
Adrian



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 9:05:30 AM)

Yes,

I'm using DHCP for VPN clients...



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 12:40:37 PM)

When assigning a static address pool for VPN clients it works as expected...



adimcev -> RE: "Automatically Detect Settings" in IE doesn't work. (24.Nov.2009 3:36:05 PM)

You can try to contact Microsoft's support to see what they say about this. If it's a bug, they should not charge you.
And temporarily to use an workaround, either with the static address pool or place Wpad.dat (and Wspad.dat) on another server.
http://technet.microsoft.com/en-us/library/cc995261.aspx

Thanks,
Adrian



awj -> RE: "Automatically Detect Settings" in IE doesn't work. (25.Nov.2009 4:33:51 AM)

Same problem and same setup scenario here too so i think this is definately a bug.



dmutsaers -> RE: "Automatically Detect Settings" in IE doesn't work. (1.Dec.2009 11:04:08 AM)

Did anyone contact Microsoft about this?



Page: [1] 2   next >   >>