Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

TMG keeps stopping all inbound traffic

microsoft.public.security.forefront






Speedup My PC
Reply
  #1 (permalink)  
Old 01-12-2009
Arch Willingham
 

Posts: n/a
TMG keeps stopping all inbound traffic
Every few days, the TMG server will stop accepting most inbound traffic but
especially SMTP. Once I restart it, it lets it flow again. Any idea why?

Shown below are two very small section of the logs. I cut out three places
where th SMTP transactions are gettign blocked before I restart it and two
where they get through after I restart it.

Does anyone have any good ideas?

Thanks!

Arch


Bad section

Client Agent Authenticated Client Service Referring Server Destination Host
Name Transport HTTP Method Filter Information MIME Type Object Source Cache
Information Error Information Source Port Bidirectional Network Interface
Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original
Client IP GMT Log Time Authentication Server Log Time Client IP Destination
IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client
Username Source Network Destination Network URL Server Name Log Record Type
Malware Inspection Action Malware Inspection Result Threat Name Threat Level
Content Delivery Method Malware Inspection Duration (msec)

- TCP - - - 0x0 0x0 53011 0 0 0 64.86.201.104 01/09/2009 4:43:21
PM - 01/09/2009 11:43:21 AM 64.86.201.104 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 53011 0 0 0 64.86.201.104 01/09/2009 4:43:23
PM - 01/09/2009 11:43:23 AM 64.86.201.104 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 55259 0 0 0 98.172.30.113 01/09/2009 4:43:27
PM - 01/09/2009 11:43:27 AM 98.172.30.113 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0


Good section

Client Agent Authenticated Client Service Referring Server Destination Host
Name Transport HTTP Method Filter Information MIME Type Object Source Cache
Information Error Information Source Port Bidirectional Network Interface
Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original
Client IP GMT Log Time Authentication Server Log Time Client IP Destination
IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client
Username Source Network Destination Network URL Server Name Log Record Type
Malware Inspection Action Malware Inspection Result Threat Name Threat Level
Content Delivery Method Malware Inspection Duration (msec)
- TCP - - - 0x0 0x0 14380 15 0 0 189.105.209.111 01/09/2009 4:46:09
PM - 01/09/2009 11:46:09 AM 189.105.209.111 192.168.1.1 25 SMTP Server
Initiated Connection SMTP Mail Server SMTP Server SMTP Server(1) 0x0
ERROR_SUCCESS External Internal - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 20934 827 8091 456 66.18.49.218 01/09/2009
4:46:13 PM - 01/09/2009 11:46:13 AM 66.18.49.218 192.168.1.1 25 SMTP Server
Closed Connection SMTP Mail Server SMTP Server SMTP Server(1) 0x80074e24
FWX_E_CONNECTION_KILLED External Internal - TMGSRVR Firewall - 0


Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-12-2009
Jens Baier
 

Posts: n/a
Re: TMG keeps stopping all inbound traffic
Hi,

> Every few days, the TMG server will stop accepting most inbound traffic
> but especially SMTP. Once I restart it, it lets it flow again. Any idea
> why?


it seems to be that TMD doesn't recognized the SMTP conenction as an SMTP
connection so that the default policy rule applies.
Is there another SMTP Service running on ISA server which collide with the
SMTP Server publishing?
Because TMG is a beta version my only recommodation at this time is to try
to reinstall the SMTP Server Publishing rule. If this doesn't work try it
with a TMG reinstallation.

--
Gruss Jens
www.it-training-grote.de/blog
www.it-training-grote.de
www.nt-faq.de

Reply With Quote
  #3 (permalink)  
Old 01-20-2009
 

Join Date: Jan 2009
Posts: 1
rannam is on a distinguished road
Thanks: 0
Thanked 0 Times in 0 Posts
Re: TMG keeps stopping all inbound traffic
the TMG server will stop accepting most inbound traffic but
Quote:
Originally Posted by Arch Willingham View Post
Every few days, the TMG server will stop accepting most inbound traffic but
especially SMTP. Once I restart it, it lets it flow again. Any idea why?

Shown below are two very small section of the logs. I cut out three places
where th SMTP transactions are gettign blocked before I restart it and two
where they get through after I restart it.

Does anyone have any good ideas?

Thanks!

Arch


Bad section

Client Agent Authenticated Client Service Referring Server Destination Host
Name Transport HTTP Method Filter Information MIME Type Object Source Cache
Information Error Information Source Port Bidirectional Network Interface
Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original
Client IP GMT Log Time Authentication Server Log Time Client IP Destination
IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client
Username Source Network Destination Network URL Server Name Log Record Type
Malware Inspection Action Malware Inspection Result Threat Name Threat Level
Content Delivery Method Malware Inspection Duration (msec)

- TCP - - - 0x0 0x0 53011 0 0 0 64.86.201.104 01/09/2009 4:43:21
PM - 01/09/2009 11:43:21 AM 64.86.201.104 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 53011 0 0 0 64.86.201.104 01/09/2009 4:43:23
PM - 01/09/2009 11:43:23 AM 64.86.201.104 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 55259 0 0 0 98.172.30.113 01/09/2009 4:43:27
PM - 01/09/2009 11:43:27 AM 98.172.30.113 66.129.4.206 25 SMTP Denied
Connection Default rule 0xc004000d FWX_E_POLICY_RULES_DENIED External
Local Host - TMGSRVR Firewall - 0


Good section

Client Agent Authenticated Client Service Referring Server Destination Host
Name Transport HTTP Method Filter Information MIME Type Object Source Cache
Information Error Information Source Port Bidirectional Network Interface
Raw IP Header Raw Payload Processing Time Bytes Sent Bytes Received Original
Client IP GMT Log Time Authentication Server Log Time Client IP Destination
IP Destination Port Protocol Action Rule Result Code HTTP Status Code Client
Username Source Network Destination Network URL Server Name Log Record Type
Malware Inspection Action Malware Inspection Result Threat Name Threat Level
Content Delivery Method Malware Inspection Duration (msec)
- TCP - - - 0x0 0x0 14380 15 0 0 189.105.209.111 01/09/2009 4:46:09
PM - 01/09/2009 11:46:09 AM 189.105.209.111 192.168.1.1 25 SMTP Server
Initiated Connection SMTP Mail Server SMTP Server SMTP Server(1) 0x0
ERROR_SUCCESS External Internal - TMGSRVR Firewall - 0
- TCP - - - 0x0 0x0 20934 827 8091 456 66.18.49.218 01/09/2009
4:46:13 PM - 01/09/2009 11:46:13 AM 66.18.49.218 192.168.1.1 25 SMTP Server
Closed Connection SMTP Mail Server SMTP Server SMTP Server(1) 0x80074e24
FWX_E_CONNECTION_KILLED External Internal - TMGSRVR Firewall - 0
Reply With Quote
  #4 (permalink)  
Old 02-11-2009
Arch Willingham
 

Posts: n/a
Re: TMG keeps stopping all inbound traffic
OK guys....I took all y'all said and did this.

1. I exported my rules from TMG.
2. I did a brand new installation of the operating system and made sure no
antivirus stuff got installed.
3. I installed the new Beta 2
4. I imported my old rules

About 24 hrs later, it did it again. It turns out that I don't think its
just SMTP its blocking...its all DNS requests too. I can teminal server in
(using the sever's IP address), restart the TMG service and WHAM...it starts
resolving DNS and letting SMTP stuff on in.

A few errors come up but nothign that seems related.

Any ideas?

Thanks!

Arch



"Jens Baier" <jensbaier@passport.com> wrote in message
news:enDn8WIdJHA.1328@TK2MSFTNGP02.phx.gbl...
> Hi,
>
>> Every few days, the TMG server will stop accepting most inbound traffic
>> but especially SMTP. Once I restart it, it lets it flow again. Any idea
>> why?

>
> it seems to be that TMD doesn't recognized the SMTP conenction as an SMTP
> connection so that the default policy rule applies.
> Is there another SMTP Service running on ISA server which collide with the
> SMTP Server publishing?
> Because TMG is a beta version my only recommodation at this time is to try
> to reinstall the SMTP Server Publishing rule. If this doesn't work try it
> with a TMG reinstallation.
>
> --
> Gruss Jens
> www.it-training-grote.de/blog
> www.it-training-grote.de
> www.nt-faq.de
>



Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Inbound Call center Profit Book 1.1 Bizsoft Business Software Feed 0 08-04-2008 03:10
Windows firewall. inbound connections that do not have an exceptio grapebird715 microsoft.public.windows.vista.security 2 05-06-2008 15:44
Inbound VPN on Vista Home Premium?? MP microsoft.public.windows.vista.networking sharing 1 01-11-2008 18:23
Inbound Emails Not Downloading Automatically Jim and Lila microsoft.public.windows.vista.mail 1 11-25-2007 16:36
RAS Create New Inbound Connnection Joe microsoft.public.windows.vista.networking sharing 1 11-09-2007 00:48




All times are GMT +1. The time now is 14:29.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120