TMG URL Filtering fails

TMG URL Filtering fails

  • Comments 1
  • Likes

 

Introduction

Consider the scenario where we have URL Filtering enabled on TMG 2010 Server and it is not working.

Troubleshooting

A quick look at the Alerts section in TMG MMC shows:

The failure is due to error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Description: An error occurred while trying to communicate with the Microsoft Reputation Service server. If this Forefront TMG server is chained to an upstream server, verify that the WinHTTP proxy is set to localhost. If this issue persists, check that Internet connectivity is available.

In our case we were able to access the Internet properly and all other settings looked good.

As a troubleshooting step we accessed the MRS Websites https://10.ds.mrs.microsoft.com and https://10.ts.mrs.microsoft.com from TMG Server and we received an error that the certificate is not trusted.

We discovered that the root certificate from “GTE CyberTrust Global Root” was missing from the server.

In order for URL Filtering to work properly we need to have trusted root certificate installed on TMG Server.

After installing “Update for Root Certificates Update” the issue was resolved.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2B8E-4C51-8F4B-727CE25CC2C5

Conclusion:

URL Filtering is a cloud based service and must be able to successfully establish an HTTPS connection to the either of the MRS (Microsoft Reputation Service) sites mentioned above.

http://technet.microsoft.com/en-us/library/ee869543.aspx

Authors

Junaid Ahmad Jan

Security Support Engineer,

Microsoft CSS Forefront Security Edge Team

Technical Reviewer

Richard Barker

Sr. Security Support Escalation Engineer,

Microsoft CSS Forefront Security Edge Team

Comments
  • thanks for post, but now i have problem with my tmg server

    if i try to conenct with 10.ts.mrs.microsoft.com , i recieve error, warning from my IE, adress missmatch, certificate is for portal.ts.mrs. microsoft.com  

    TMG  test conectivity failed connect to 10.ts.mrs.microsoft.com, certificate revoked,

    pls help

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment