Archive for July, 2012

July 2012 Twitter Outage and Forefront TMG URL Filtering

July 26, 2012 Comments off

Earlier today Twitter suffered a serious outage. To further complicate matters, it appears that Microsoft Reputation Services (MRS) is now categorizing as a phishing site.

I’m not certain what the reason for this categorization is for, but based on past experience it may have to do with Twitter services running on a shared hosting provider that previously included services that were identified as phishing related. To resolve this issue, open the Forefront TMG management console, highlight the Web Access Policy node in the navigation tree, then click Configure URL Category Overrides in the Tasks pane and move the URL pattern * to the Online Communities category.

Forefront TMG 2010 Update Center Quick Tip

July 10, 2012 Comments off

The Update Center in the Forefront TMG 2010 management console provides an instant view of the status of signature updates for the Malware Inspection and Network Inspection System (NIS) protection mechanisms. However, the column layout leaves out important information that can be essential when troubleshooting signature update issues. By default, the Last Checked and Last Success columns are hidden from view. To display these details, right-click anywhere in the column headings and then select Add/Remove Columns.

Next, select the Last Checked and Last Success columns and click Add.

Now you’ll see when the Forefront TMG 2010 firewall last checked for updates and when it was last successful.

Disable Logging on System Policy Rules in Forefront TMG 2010

July 5, 2012 Comments off

I’ve written a number of articles on improving system performance and logging optimization over the years. As I’ve mentioned previously, this involves the security administrator reviewing each access rule and deciding if the traffic is interesting enough to require logging. If it is not, to improve performance and reduce log pollution it is advisable to disable logging for the access rule in question.

However, when attempting to make this change to a system policy rule you will encounter the following error:

The changes cannot be saved.

Error: 0xc0040334

This property cannot be modified for the predefined item.

The error occurred on object <policy rule name> of class
‘Policy Rule’ in the scope of array .

Unfortunately the system policy editor provides no facility to make this change in the GUI. To work around this limitation you can use COM to disable logging on system policy rules programmatically using the following script. In this example I’ve chosen to disable logging on the Allow intra-array communication system policy rule.

Option Explicit

Dim Root, Array, Rule

Set Root = CreateObject("FPC.Root")

Set Array = Root.GetContainingArray()
Set Rule = Array.SystemPolicy.PolicyRules.Item("Allow intra-array communication")

Rule.EnableLogging = False

WScript.Echo “Done!”

Set Rule = Nothing
Set Array = Nothing
Set Root = Nothing

Note: To see this change reflected in the management console, hit F5 to refresh or close and reopen the console.

If you wish to disable logging for all system policy rules, alter the script to use a For Each Next construct as follows:

Set Rules = Array.SystemPolicy.PolicyRules

For Each Rule in Rules
Rule.EnableLogging = False