Hi together,
we have a strange problem with our TMG Proxy, some infrastructure informations first
So we have the Client LAN with the IP range 192.168.11.x which is routeable to Server LAN 192.168.3.x but not to DMZ LAN 192.168.200.x.. The TMG is a 2 Node Array, 192.168.200.5 is the DMZ VIP. TMG DMZ IP Adress (192.168.200.5) and physical Adresses have an NAT relation to one Public IP. HTTPS Inspection is active. We dont use (and dont want to) the TMG Client component.
When i use WinSCP, Putty or Filezilla and connect to a DMZ LAN Host (192.168.200.x) with "HTTP Proxy" (192.168.3.108:8080) everything is fine, it works like expected...
When i connect to an Internet Host it fails regardless which protocol i use - ftp, sftp or ssh. The error i get is
"The token supplied to the function is invalid."
An example for a failed SFTP Connection
Filezilla
Status: Connecting to system.internet.de...
Trace: Going to execute "C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe"
Response: fzSftp started
Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: proxy 1 "tmg.local" 8080 "domain\user" "***********"
Trace: CSftpControlSocket::ConnectParseResponse()
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: open "sftpuser@system.internet.de" 22
Trace: Looking up host "system.internet.de"
Trace: Connecting to 192.168.3.108 port 8080
Trace: Proxy error: 502 Proxy Error ( Das Token, das der Funktion bergeben wurde, ist ungltig. )
Error: Proxy error: 502 Proxy Error ( Das Token, das der Funktion bergeben wurde, ist ungltig. )
Trace: CControlSocket::DoClose(64)
Trace: CSftpControlSocket::ResetOperation(66)
Trace: CControlSocket::ResetOperation(66)
Error: Could not connect to server
Trace: CFileZillaEnginePrivate::ResetOperation(66)
TMG protocol throws this
Protokolltyp: Webproxy (Forward)
Status: 0x80090308
Regel: Webzugriff FTP Test
Quelle: Intern (192.168.11.31:44673)
Ziel: Extern (78.46.182.171:22)
Anforderung: system.internet.de:22
Filterinformationen: Req ID: 106f1cb7; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protokoll: https-inspect
Benutzer: domain\user
Hope you can explain me what we doin wrong or how to find out whats the problem. I didn`t find many informations about "0x80090308" or "The token supplied to the function is invalid.". Disabling HTTPS Inspection for the Source 192.168.11.31 doesnt change anything...
Connection to an DMZ Host looks like this:
Filezilla
Status: Connecting to system.dmz...
Trace: Going to execute "C:\Program Files (x86)\FileZilla FTP Client\fzsftp.exe"
Response: fzSftp started
Trace: CSftpControlSocket::ConnectParseResponse(fzSftp started)
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: proxy 1 "tmg.local" 8080 "domain\user" "***********"
Trace: CSftpControlSocket::ConnectParseResponse()
Trace: CSftpControlSocket::SendNextCommand()
Trace: CSftpControlSocket::ConnectSend()
Command: open "administrator@system.dmz" 22
Trace: Looking up host "system.dmz"
Trace: Connecting to 192.168.3.108 port 8080
Trace: Server version: SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
Trace: Using SSH protocol version 2
Trace: We claim version: SSH-2.0-PuTTY_Local:_Mar_28_2014_10:34:48
Trace: Doing Diffie-Hellman group exchange
Trace: Doing Diffie-Hellman key exchange with hash SHA-256
Trace: Host key fingerprint is:
TMG Protocol
Protokolltyp: Webproxy (Forward)
Status: 0 Der Vorgang wurde erfolgreich beendet.
Regel: Webzugriff FTP Test
Quelle: Intern (192.168.11.31:48818)
Ziel: Umkreis 2 (192.168.200.205:22)
Anforderung: system.dmz:22
Filterinformationen: Req ID: 10727dce; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protokoll: SSL-tunnel
Benutzer: domain\user
Thanks in advance.
Regards
Matthias
- Edited by 0711 22 hours 5 minutes ago some more detailed informations
Other recent topics
