TMG was built on a different IP to the ISA server, ISA was turned off and the IP changed on TMG. I changed the various registry entries on TMG to ensure the new IP was correct and also on the array network object.
TMG has the correct network adapter settings i.e. DNS on internal, gateway on external, network binding with internal at the top, external at the bottom.
Clients were slow to bring up the default web page when starting IE but once it was up IE was generally fine.
I installed Chrome as a test and it worked perfectly fine, no problems and very fast browsing.
On TMG I have enabled:
Web browser: Bypass proxy for Web Servers in this network Direct access for computers specified in the domains tab Direct access for computers specificed in the Addresses tab
Web proxy: Enable WebProxy client connections - port 8080
Forefront TMG Client:
Enabled TMG client configuration - hostname.domain.com Automatically detect settings - off Use config script - on, default Use a web proxy server - on, hostname.domain.com
Auto discovery: Publish - port 8080
Windows hosts have the TMG client installed.
WPAD is configured on the DHCP server and clients can download the file and the array.script
The sort of issues I am experiencing are:
With automatically detect settings enabled clients take 10-20 seconds to load the home page
With it turned off they load the home page instantly but not all sites seem to work, some take a very long time to load up whereas on Chrome the issue doesn't exist.
On some sites, links do not work correctly e.g. a link to download a file instead of launching the dialog box to save the file IE goes to a blank screen
Sometimes sites don't load at all and you get a blank white screen with 'done' in the status bar. You have to close IE and start again.
A tab on IE is fine but when you open another tab you can't browse on that tab, just a white page
Things I have tried:
Resetting IE settings CHecked DNS (although I know this is fine because Chrome doesn't have any issues.) Ran a trace to see what the client is doing - all communication seems to be with TMG so no routing issues
I have used ISA and TMG for years wihout any issues and I'm not sure where else to look.
My only remaining thought is that IE8 just doesn't play nicely with TMG which seems a long stretch as many people must have been using it.
Other networks on the same Internet connection seem to work just fine.
It seems to be something specific to how IE works with TMG or the workstations perhaps.
People are saying that once IE is running it is fine until they launch a second tab or a link opens a new window. That window or tab then typically doesn't work and you get a blank page.
I should add that I have SP2 for TMG and have tried IE9 which is slightly better but sometimes pages don't load fully or hyperlinks result in a blank page.
Also, everything worked fine on ISA 2006, the only real changes are the ISP, TMG2010 and the name of the server in WPAD.
To elaborate on the configuration a bit, outbound NAT uses a specified IP address, not the network adapter default. This is because the ISP is running MPLS to give us failover to another Internet connection.
The networks that are accessing the Internet fine are not on this MPLS network, they access through a sub interface on the ISP router.
Is it likely that the fact I am using a different source IP for outbound traffic to the default IP of the external network adapter be a cause for these problems?
When accessing websites that take a long time to load, logging on TMG is showing up a lot of these messages:
"A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer."
I understand the message but not why it is happening with IE and not with Chrome.
< Message edited by dgunner -- 22.Dec.2011 4:25:02 AM >