Consider the scenario where we have URL Filtering enabled on TMG 2010 Server and it is not working.
A quick look at the Alerts section in TMG MMC shows:
The failure is due to error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Description: An error occurred while trying to communicate with the Microsoft Reputation Service server. If this Forefront TMG server is chained to an upstream server, verify that the WinHTTP proxy is set to localhost. If this issue persists, check that Internet connectivity is available.
In our case we were able to access the Internet properly and all other settings looked good.
As a troubleshooting step we accessed the MRS Websites https://10.ds.mrs.microsoft.com and https://10.ts.mrs.microsoft.com from TMG Server and we received an error that the certificate is not trusted.
We discovered that the root certificate from “GTE CyberTrust Global Root” was missing from the server.
In order for URL Filtering to work properly we need to have trusted root certificate installed on TMG Server.
After installing “Update for Root Certificates Update” the issue was resolved.
URL Filtering is a cloud based service and must be able to successfully establish an HTTPS connection to the either of the MRS (Microsoft Reputation Service) sites mentioned above.
Junaid Ahmad Jan
Security Support Engineer,
Microsoft CSS Forefront Security Edge Team
Sr. Security Support Escalation Engineer,
thanks for post, but now i have problem with my tmg server
if i try to conenct with 10.ts.mrs.microsoft.com , i recieve error, warning from my IE, adress missmatch, certificate is for portal.ts.mrs. microsoft.com
TMG test conectivity failed connect to 10.ts.mrs.microsoft.com, certificate revoked,