Archive for November, 2012

Windows 8 Modern UI Apps and Forefront TMG 2010

November 15, 2012 6 comments

On a Windows 8 client deployed behind a Forefront TMG 2010 firewall, users may receive the following error when trying to open the Windows Store app.

You’re PC isn’t connected to the Internet. To use the Store, connect to
the Internet and then try again.

Other Windows 8 “modern UI” applications may experience similar behavior if they require access to resources on the public Internet. However, you are able to access the Internet using both the modern UI and desktop versions of Internet Explorer 10.

The problem occurs when the Forefront TMG 2010 firewall is configured to require authentication on rules controlling access to the Internet over HTTP and HTTPS, or if the option to require all users to authenticate is enabled on the web proxy listener (which isn’t a good idea!). Authenticated web proxy access requires that client be configured either as a web proxy client or as a firewall client. Internet Explorer can be configured as a web proxy client, typically using automatic configuration (WPAD) through DNS or DHCP, but Windows 8 modern UI applications do not inherit Internet Explorer proxy server settings. As such, they behave as SecureNAT clients which do not support authentication. To resolve this issue, run the following command from an elevated command prompt on the Windows 8 client.

netsh winhttp set proxy <tmg_hostname_or_IP_address>:<web_proxy_listener_port>

For example…

netsh winhttp set proxy

More information about configuring WINHTTP can be found here.

Another workaround is to install the Forefront TMG 2010 firewall client. This will ensure that all outbound communication through the Forefront TMG firewall is always authenticated.

Microsoft System Center 2012 Endpoint Protection Cookbook

November 9, 2012 Comments off

Recently I had the opportunity to review the Microsoft System Center Endpoint Protection Cookbook from PACKT Publishing. The “cookbook” series from PACKT provide clear, concise instruction on how to accomplish various tasks with specific products. Written by Andrew Plue, a System Center veteran and consultant for Certified Security Solutions, this book provides a wealth of valuable information for engineers and administrators seeking to deploy System Center Endpoint Protection (SCEP) in their environments. The timing of this book review was perfect for me, as I was preparing to build out a product demonstration lab and wanted to leverage the endpoint protection components provided by System Center Configuration Manager 2012. Installing SCCM and SCEP is not exactly intuitive, but thankfully the book provided detailed, prescriptive guidance on how to implement, configure, and manage SCEP including a chapter dedicated to building out a SCEP lab environment. If you are considering a migration from Forefront Endpoint Protection (FEP) 2010 or a competing third-party solution, you’ll definitely want to add this reference to your library soon.