URL Filtering not working - Problem connecting to MRS?

Hello,

We have 2 seperate tmg servers with each a seperate internet connection. Since last night the url filtering stopped working on both of them. We didn't change anything on them. When i look in the log i see a connection failed attempt to the MRS servers:

Failed Connection Attempt TMGServer 1/19/2012 12:13:44 PM
Log type: Web Proxy (Forward)
Status: 10061 No connection could be made because the target machine actively refused it. 
Rule: [System] Allow HTTP/HTTPS requests from Forefront TMG to specified sites
Source: Local Host (127.0.0.1:32294)
Destination: Internal (94.245.112.71:443)
Request: - 10.ds.mrs.microsoft.com:443

(i can allso see these requests succeeded yesterday)

Following the troubleshooting flowchart (http://technet.microsoft.com/en-us/library/ff358603.aspx) this indeed indicates the server can't contact the MRS. Is anyone else allso having trouble connecting to mrs? Is there perhaps a way to check the status of the mrs servers?

Thanks in advance,

Coen

 

 

 

January 19th, 2012 11:32am

Same here, we have the same problem:

10.ds.mrs.microsoft.com:443 does not answer...

Free Windows Admin Tool Kit Click here and download it now
January 19th, 2012 6:43pm

Hate to be a "Me too" poster but we have the same issue.... It failed at 0733GMT 19th Jan 2012 for us and has been broken ever since... but as I am typing this it appears to have miraculously started working again against 94.245.112.72 instead of  94.245.112.71

Ben

January 20th, 2012 8:42am

This outage highlights a problem with TMG - if the MRS is, for whatever reason, refusing connections, TMG allows access to previously unvisitied websites as the category comes back as Unknown rather than something that would otherwise be blocked.

In the situation where the MRS is refusing connections (as yesterday) when a user requests a webpage TMG makes an MRS lookup for every item on the page, so initial access to a page will take as long as all the lookups take to time out.

At least the Unknown status isn't persistently cached so that when the service at Microsoft returns to normal categories are correct.

It would appear that Microsoft have assumed that because the service is a cloud service it will be always available to TMG - unfortunately this is not necessarily the case and there do not appear to be rule conditions available that allow for the failure of categorisation in the webfilter rules of TMG

Ummm sorry Microsoft! - There is an Unknown category - so blocking Unknown sites would be a good idea!
  • Edited by BenMottram Friday, January 20, 2012 9:19 AM
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 9:14am

This outage highlights a problem with TMG - if the MRS is, for whatever reason, refusing connections, TMG allows access to previously unvisitied websites as the category comes back as Unknown rather than something that would otherwise be blocked.

In the situation where the MRS is refusing connections (as yesterday) when a user requests a webpage TMG makes an MRS lookup for every item on the page, so initial access to a page will take as long as all the lookups take to time out.

At least the Unknown status isn't persistently cached so that when the service at Microsoft returns to normal categories are correct.

It would appear that Microsoft have assumed that because the service is a cloud service it will be always available to TMG - unfortunately this is not necessarily the case and there do not appear to be rule conditions available that allow for the failure of categorisation in the webfilter rules of TMG

Ummm sorry Microsoft! - There is an Unknown category - so blocking Unknown sites would be a good idea!
  • Edited by BenMottram Friday, January 20, 2012 9:19 AM
January 20th, 2012 9:14am

This outage highlights a problem with TMG - if the MRS is, for whatever reason, refusing connections, TMG allows access to previously unvisitied websites as the category comes back as Unknown rather than something that would otherwise be blocked.

In the situation where the MRS is refusing connections (as yesterday) when a user requests a webpage TMG makes an MRS lookup for every item on the page, so initial access to a page will take as long as all the lookups take to time out.

At least the Unknown status isn't persistently cached so that when the service at Microsoft returns to normal categories are correct.

It would appear that Microsoft have assumed that because the service is a cloud service it will be always available to TMG - unfortunately this is not necessarily the case and there do not appear to be rule conditions available that allow for the failure of categorisation in the webfilter rules of TMG

Ummm sorry Microsoft! - There is an Unknown category - so blocking Unknown sites would be a good idea!
  • Edited by BenMottram Friday, January 20, 2012 9:19 AM
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 9:14am

I contacted product support, they confirmed it was an issue with the mrs servers. It has been solved last night.

January 20th, 2012 10:06am

I contacted product support, they confirmed it was an issue with the mrs servers. It has been solved last night.

Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 10:06am

I contacted product support, they confirmed it was an issue with the mrs servers. It has been solved last night.

January 20th, 2012 10:06am

i have installed TMG 2010 and created url filtering rule for facebook.com but that problem is ever after five minutes i can see that the users can access facebook. and then i check in TMG MMC so i can see that the Category Query says me that facebook.com is unknown....but just after five minutes i can see facebook has been automatically blocked and i can also see in Category Query it says me facebook is in blog/wiki category...
so why it is changing automatically every after 5 or 10 minutes :( ?
where is the problem ???
i need your help please !!
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2015 7:19am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics