• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TMG 2010 Blocking ActiveSync?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG 2010 Blocking ActiveSync? Page: [1]
Login
Message << Older Topic   Newer Topic >>
TMG 2010 Blocking ActiveSync? - 7.Feb.2017 1:00:03 PM   
marvinmiller

 

Posts: 66
Joined: 2.Jan.2006
Status: offline
Hi folks!

It's been a LONG time since I was active on this site. In fact, it's a good thing I could remember my credentials because it doesn't look like new registrations work!

Anyway, I'm running TMG 2010 and trying to publish ActiveSync on an Exchange 2010 system.
I've been going through Microsoft's remote connectivity analyzer and have fixed the majority of issues.

One thing I'm still seeing, and I believe this is a TMG 2010 issue, is that the analyzer is reporting this error;

The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.openinjection.com:443/Autodiscover/Autodiscover.xml for user user@domain.com.

The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.

Additional Details

An HTTP 403 forbidden response was received. The response appears to have come from ISA. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>

I don't know what is causing this. When I look at the TMG 2010 logs during this transaction the only things that are denied, and they correspond to the results above, is this;

Denied Connection EDGE 2/7/2017 10:40:31 AM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (13.67.59.89:14540)
Destination: Local Host (70.67.126.209:443)
Request: OPTIONS http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
Filter information: Req ID: 07b08811; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:

Denied Connection EDGE 2/7/2017 10:40:32 AM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (13.67.59.89:14541)
Destination: Local Host (70.67.126.209:443)
Request: POST http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
Filter information: Req ID: 07b08813; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:

Denied Connection EDGE 2/7/2017 10:40:33 AM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (13.67.59.89:14537)
Destination: Local Host (70.67.126.209:80)
Request: GET http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
Filter information: Req ID: 07b08817; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: http
User: anonymous
Additional information
Client agent: Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:

Denied Connection EDGE 2/7/2017 10:40:35 AM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (13.67.59.89:14575)
Destination: Local Host (70.67.126.209:443)
Request: OPTIONS http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
Filter information: Req ID: 07b0881d; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:

Denied Connection EDGE 2/7/2017 10:40:36 AM
Log type: Web Proxy (Reverse)
Status: 12202 Forefront TMG denied the specified Uniform Resource Locator (URL).
Rule: Default rule
Source: External (13.67.59.89:14543)
Destination: Local Host (70.67.126.209:443)
Request: POST http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
Filter information: Req ID: 07b0881f; Compression: client=No, server=No, compress rate=0% decompress rate=0% ; FBA cookie: exists=no, valid=no, updated=no, logged off=no, client type=unknown, user activity=yes
Protocol: https
User: anonymous
Additional information
Client agent: Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:

I would think this should be an easy issue to troubleshoot but I'm starting to loose it after nailing down the issues for the last while. Some help would be appreciated!

_____________________________

Best & thanks;
Marvin
Post #: 1
RE: TMG 2010 Blocking ActiveSync? - 30.May2017 6:47:47 AM   
PatrickM

 

Posts: 111
Joined: 23.May2001
From: Skutskär, Sweden
Status: offline
Hi, its been severals years I used this website to.. miss it really..

When I go to POST http://autodiscover.openinjection.com/Autodiscover/Autodiscover.xml
The "Form logon" page greats me.
I belive that you need to set credentials delegation to "basic authentication" in the publish rule.

I also see that the Rule: "Default rule" blocks the request. so no other rule matches.. and the last one is triggered.

SSL is used for https://autodiscover.openinjection.com/ , just checking! looks good.

-Patrickm

_____________________________

Patrick.M
MCP on Microsoft Proxy 2.0

(in reply to marvinmiller)
Post #: 2
RE: TMG 2010 Blocking ActiveSync? - 30.May2017 9:43:40 PM   
marvinmiller

 

Posts: 66
Joined: 2.Jan.2006
Status: offline
Hi Patrick - I remember you from 'back in the day'

I finally managed to fix it. I looked at the log files on the Android device and it was giving an error something like '550 Communication blocked by IPS'

I don't remember exactly what I did but I started by going into TMG and then turning off NIS and then re-testing. That didn't change anything so I turned it back on. I then went into IP Options Filtering and tried several settings in there. If mmemory serves, turning off Block IP Fragments fixed it.

Nevertheless, thanks for the help and good to see you're still out there!

_____________________________

Best & thanks;
Marvin

(in reply to PatrickM)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG 2010 Blocking ActiveSync? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts