Hello,
I have set up the following mini virtual network of servers:
Name: ARRAY1
Role: TMG Array member #1
NIC 1: 10.1.128.1/255.255.0.0 DNS: 10.1.128.3
NIC 2: External Public IP for Internet #1
Name: ARRAY2
Role: TMG Array member #2
NIC 1: 10.1.128.2/255.255.0.0 DNS: 10.1.128.3
NIC 2: External Public IP for Internet #2
Name: DC
Role: ADDS server, DNS server
NIC 1: 10.1.128.3/255.255.0.0 Default Gateway: 10.1.128.1 DNS: 10.1.128.3 (self)
Name: EMS
Role: EMS Server
NIC 1: 10.1.128.4/255.255.0.0 Default Gateway: NONE. DNS: 10.1.128.3 (self)
DNS Entry for the actual array called "TMGArray" points to 10.1.128.4.
Name: VM1
Role: Windows 7 Client
NIC 1: 10.1.128.5/255.255.0.0 Default Gateway: 10.1.128.4 DNS: 10.1.128.3
Independent internet connectivity on the two ARRAY* servers was verified and both ARRAY* servers were successfully added to an array called "TMGArray".
Now, the problem I am having is configuring clients to connect to the TMGArray for internet access, instead of directly to an individual TMG Server (which still works, btw).
In other words, for VM1:
NIC1: 10.1.128.5/255.255.0.0 DG: 10.1.128.1 DNS 10.1.128.3 <-- WORKS
but
NIC1: 10.1.128.5/255.255.0.0 DG: 10.1.128.4 DNS: 10.1.128.3 <-- DOES NOT WORK
How should I be configuring my client so that it connects to the internet via the TMG Array (EMS) and in SecureNAT mode (i.e. no browser config required)?
All help is greatly appreciated!
Thanks,
Waqqas
How do I configure a SecureNAT client connecting to a ForeFront TMG 2010 Array (managed by an EMS server)?
May 21st, 2015 3:11pm
Hi,
Did you receive any error as "NIC1: 10.1.128.5/255.255.0.0 DG: 10.1.128.4 DNS: 10.1.128.3 <-- DOES NOT WORK"?
Here is a blog that lists some methods for troubleshooting TMG secureNAT clients.
Troubleshooting TMG SecureNAT Clients
Best Regards,
Joyce
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2015 5:02am
Hi,
EMS server cannot process traffic rather its used to store the configurations.
Your setup is correct and is working correctly...
You need to configure NLB between two array to get the load split...
May 25th, 2015 2:27pm
Hi,
EMS server cannot process traffic rather its used to store the configurations.
Your setup is correct and is working correctly...
You need to configure NLB between two array to get the load split...
- Proposed as answer by Joyce LMicrosoft contingent staff, Moderator 21 hours 58 minutes ago
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2015 6:25pm
Hi,
EMS server cannot process traffic rather its used to store the configurations.
Your setup is correct and is working correctly...
You need to configure NLB between two array to get the load split...
- Proposed as answer by Joyce LMicrosoft contingent staff, Moderator Wednesday, June 03, 2015 9:21 AM
- Marked as answer by Joyce LMicrosoft contingent staff, Moderator 21 hours 44 minutes ago
May 25th, 2015 6:25pm
Hi,
EMS server cannot process traffic rather its used to store the configurations.
Your setup is correct and is working correctly...
You need to configure NLB between two array to get the load split...
- Proposed as answer by Joyce LMicrosoft contingent staff, Moderator Wednesday, June 03, 2015 9:21 AM
- Marked as answer by Joyce LMicrosoft contingent staff, Moderator Thursday, June 04, 2015 9:36 AM
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2015 6:25pm
Hi,
EMS server cannot process traffic rather its used to store the configurations.
Your setup is correct and is working correctly...
You need to configure NLB between two array to get the load split...
- Proposed as answer by Joyce LMicrosoft contingent staff, Moderator Wednesday, June 03, 2015 9:21 AM
- Marked as answer by Joyce LMicrosoft contingent staff, Moderator Thursday, June 04, 2015 9:36 AM
May 25th, 2015 6:25pm
+1
You have to configure your TMG Servers (array members) with NLB so they share a Virtual IP Address that your clients/servers/routers can use as a default gateway.
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2015 9:49am
Well, I now have a working redundant array of Forefront TMG servers. There were two factors that delayed me immensely in achieving a successful setup.
1. It just will not work in VMWare Workstation. There is a setting you can toggle in ESXi, but no similar setting in Workstation.
2. In a physical set up, I would recommend using dedicated network interfaces (that do not rely on VLAN-tagging). I had working VLANs for each of my networks, but after enabling NLB, they simply would not function properly. The adapters would each report being on "Unidentified networks" and none of the servers could communicate with each other anymore. I reverted to separate physical adapters for each network, and everything kept working fine.
Beyond these two issues, everything worked by the book.
1. It just will not work in VMWare Workstation. There is a setting you can toggle in ESXi, but no similar setting in Workstation.
2. In a physical set up, I would recommend using dedicated network interfaces (that do not rely on VLAN-tagging). I had working VLANs for each of my networks, but after enabling NLB, they simply would not function properly. The adapters would each report being on "Unidentified networks" and none of the servers could communicate with each other anymore. I reverted to separate physical adapters for each network, and everything kept working fine.
Beyond these two issues, everything worked by the book.
July 3rd, 2015 4:46pm
This topic is archived. No further replies will be accepted.
Other recent topics
