=====Microsoft ISA/TMG - Miscellaneous=====
[[http://www.microsoft.com/isaserver/default.mspx|Microsoft Internet Security and Acceleration Server 2006]] \\
[[http://www.microsoft.com/technet/isa/default.mspx|Internet Security and Acceleration (ISA) Server TechCenter]] \\
[[http://www.microsoft.com/technet/isa/downloads/2006/tools/default.mspx|Microsoft ISA Server 2006 Tools]] \\
[[http://www.microsoft.com/technet/isa/2006/firewall_client_share.mspx|How to Distribute Firewall Client for ISA Server]] \\
[[http://www.microsoft.com/technet/isa/2006/auto_discovery.mspx|Automatic Detection Concepts in ISA Server 2006]] \\
[[http://www.isaserver.org/|ISAserver.org]] \\
[[http://www.isatools.org/|Jim Harrison's ISA Tools Repository]] \\
[[http://www.isascripts.org/|ISAscripts.org]] - Scripts to manage Microsoft ISA Server. \\
====TMG 2010 end of support====
[[http://tmgblog.richardhicks.com/2012/09/12/forefront-tmg-2010-end-of-life-statement/|Richard Hicks' Forefront TMG Blog - Forefront TMG 2010 End of Life Statement]] \\
[[http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx|Microsoft - Server & Cloud Blog - Important Changes to Forefront Product Roadmaps]] \\
=====Blogs=====
[[http://blog.msfirewall.org.uk/|Me, Myself and ISA Blog]] en de TMG versie:[[http://blog.msedge.org.uk/|Closer to the Edge Blog]] \\
=====Blogposts/Articles=====
[[http://blogs.technet.com/shawnt/archive/2008/01/04/isa-server-2006-cache-q-a.aspx|ISA Server 2006 Cache Q&A]] \\
[[http://blogs.microsoft.nl/blogs/premierfieldengineering/archive/2009/05/25/isa-discovery-via-dns-een-weetje.aspx|ISA discovery via DNS – een weetje!]] describes wpad and the HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList to which wpad was added with patch [[http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx|MS09-008]], see also [[http://support.microsoft.com/kb/968732/en-us|Microsoft Support - Changes to DNS server behavior after you install the security update for DNS server (KB968732)]] \\
[[http://www.isaserver.org/tutorials/LDAP-Pre-authentication-ISA-2006-Firewalls-Part3.html|ISAserver.org - LDAP Pre-authentication with ISA 2006 Firewalls: Using LDAP to Pre-authenticate OWA Access (Part 3)]] \\
====TMG 2010====
[[http://technet.microsoft.com/en-us/magazine/ff472472.aspx|TechNet Magazine > Home > Issues > 2010 > March > Using Microsoft Forefront TMG 2010 as a Secure Web Gateway]] \\
[[http://blogs.technet.com/b/isablog/archive/2012/04/12/nis-amp-anti-malware-info-is-not-updated-as-expected-in-update-center.aspx|TechNet Blogs » Forefront TMG Product Team Blog » NIS & Anti-Malware Info is not updated as expected in Update Center]] \\
=====Documentation=====
[[http://technet.microsoft.com/en-us/library/ff717843.aspx|Microsoft TechNet - Installing Forefront TMG Service Packs]] \\
[[http://blogs.technet.com/b/isablog/archive/2010/02/02/forefront-tmg-2010-web-protection-services-licensing.aspx|TechNet Blogs » Forefront TMG Product Team Blog » Forefront TMG 2010 Web Protection Services Licensing]] \\
TMG 2010: \\
[[http://technet.microsoft.com/library/ff355324.aspx|Microsoft TechNet - Forefront Threat Management Gateway (TMG) 2010]] \\
=====Licensing/Subscriptions======
====TMG 2010====
[[http://blogs.technet.com/b/isablog/archive/2010/02/02/forefront-tmg-2010-web-protection-services-licensing.aspx|TechNet Blogs » Forefront TMG Product Team Blog » Forefront TMG 2010 Web Protection Services Licensing]] \\
[[http://www.microsoft.com/forefront/tr/tr/ImportedContent/forefront/en/us/suite-pricing-licensing.aspx|Microsoft - Forefront Protection Suite Pricing and Licensing]] \\
[[http://support.microsoft.com/kb/2793998/en-us|Microsoft TechNet - License extension for End-of-Life Antigen and Forefront products]] \\
=====MS KB Articles=====
====ISA 2006====
[[http://support.microsoft.com/kb/943462/en-us|List of problems that are fixed in Internet Security and Acceleration Server 2006 Service Pack 1]] \\
====TMG 2010====
[[http://social.technet.microsoft.com/wiki/contents/articles/1995.list-of-build-numbers-for-microsoft-forefront-threat-management-gateway-tmg.aspx|Wiki > TechNet Articles > List of Build Numbers for Microsoft Forefront Threat Management Gateway (TMG)]] \\
**SP1** \\
[[http://support.microsoft.com/kb/981324/en-us|List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1]] \\
[[http://support.microsoft.com/kb/2288910/en-us|Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1]] \\
[[http://support.microsoft.com/kb/2433623/en-us|Software Update 1 Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1]] \\
[[http://support.microsoft.com/kb/2475183/en-us|Software Update 1 Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1]] \\
[[http://support.microsoft.com/kb/2498770/en-us|Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1]] \\
[[http://support.microsoft.com/kb/2517957/en-us|Software Update 1 Rollup 4 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1]] \\
**SP2** \\
[[http://support.microsoft.com/kb/2555840/en-us|Microsoft Forefront Threat Management Gateway 2010 Service Pack 2]]\\
[[http://support.microsoft.com/kb/2649961/en-us|Rollup 1 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2]] \\
[[http://support.microsoft.com/kb/2689195/en-us|Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2]] \\
=====Setting ISA Client Exceptions per application======
To disable the ISA Client for a specific application, do the following: \\
- Create an Application.ini in C:\Documents and Settings\All Users\Application Data\Microsoft\Firewall Client 2004\.
- Add the following per application:[application.exe]
Disable=1
Source for this and other options: [[http://www.microsoft.com/technet/isa/2006/clients.mspx|Internal Client Concepts in ISA Server 2006]] \\
=====Java (upload) applets, port -1 and ISA Server 2006=====
Ran across a Java applet that accepts files via drag and drop and then uploads these files to the website.
When that traffic passed through an MS ISA 2006 SP0 proxy server the following was shown in the log: \\
Failed Connection Attempt ISA 30-1-2009 10:41:56
Log type: Web Proxy (Forward)
Status: 12005 The Uniform Resource Locator (URL) is invalid. The request was not entered correctly. Enter the correct URL and try again.
Rule:
Source: Internal (10.x.x.x)
Destination: (10.x.x.x:8080)
Request: POST http://www.website.com:-1/virtualdir/uploadservlet
Filter information: Req ID: 05024d14; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol:
User: anonymous
Additional information
Client agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_11
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
When not using the proxy, the site works fine. From [[http://java.sun.com/j2se/1.4.2/docs/api/java/net/URL.html|Class Java.Net.URL]]: "Specifying a port number of -1 indicates that the URL should use the default port for the protocol." This doesn't seem to work when the traffic goes through ISA 2006. On the [[http://bugs.sun.com/bugdatabase/|Sun bugdatabase]] more bugs are listed when using Java with an ISA server, so this could be a Java bug.\\
=====HTTPFilter=====
[[http://www.freelists.org/post/isalist/HTTP-Filter-rejecting-some-requests,2|FreeLists - [ISAserver.org Discussion List] - RE: HTTP Filter rejecting some requests]] describes that a URL with spaces (%20) in it can cause problems with the Verify normalization HTTPFilter option in ISA Server. If you monitor the connection in the ISA management console you'll see "Error message = 12217 The request was rejected" and "Blocked by the HTTP security filter: URL normalization was not complete after one pass." \\
[[http://technet.microsoft.com/en-us/library/cc302627.aspx|Microsoft TechNet - HTTP Filtering in ISA Server 2004]] \\
[[http://blog.techgalaxy.net/archives/2521|Alexander's Blog - Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator.]] \\
=====ISA and SAN certificates=====
[[http://itbloggen.se/cs/blogs/kent_nordstrom/archive/2008/05/15/isa-2006-and-san-certificates.aspx|Kent Nordstrom - ISA 2006 and SAN Certificates]] \\
[[http://blogs.technet.com/b/isablog/archive/2007/08/29/certificates-with-multiple-san-entries-may-break-isa-server-web-publishing.aspx|Forefront TMG (ISA Server) Product Team Blog - Certificates with Multiple SAN Entries May Break ISA Server Web Publishing]] \\
[[http://social.technet.microsoft.com/forums/en-US/exchangesvrdeploy/thread/b2e587cf-83b4-4aee-9daa-edff4427eaf1/|Microsoft Exchange Server Forums - Unable to publish CAS with ISA 2006 if certificates with subject alternative names are used]] \\
[[http://www.isaserver.org/tutorials/Implementing-Troubleshooting-Certificate-Deployment-ISA-Server-2006.html|ISAserver.org - Implementing and Troubleshooting Certificate Deployment in ISA Server 2006]] \\
=====(Expired) Password Change TMG/ISA published OWA=====
Follow [[http://technet.microsoft.com/en-us/library/cc984426.aspx|Microsoft TechNet - Forefront TMG - Configuring the change password feature]], ignore 6a, b and c for setting customized HTML forms. Don't forget the script from [[http://support.microsoft.com/kb/957859/en-us|Microsoft Support - The "change password" feature does not work as expected after you install ISA Server 2006 Service Pack 1 or if you use Microsoft Threat Management Gateway 2010]] \\