+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, TMG Server + IPAD2, Youtube(App) & App Store issue in Technical; Hi All, We've just rolled out a TMG 2010 server, It acts as a transparent proxy and all works fine ...
  1. #1

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    TMG Server + IPAD2, Youtube(App) & App Store issue

    Hi All,

    We've just rolled out a TMG 2010 server, It acts as a transparent proxy and all works fine for both HTTP sites and HTTPS.

    The problem we are having is with the IPAD2:

    Youtube App error: 'Cannot connect to YouTube' - Note: the actual YouTube site works fine, through safari
    App Store error: 'Cannot connect to iTunes Store'

    Im pretty sure both errors are related. After trawling the internet the nearest report & solution of this problem i can find is the following:

    LINK: hxxp://xxw.google.com/support/forum/p/youtube/thread?tid=4cd50231e5fce253&hl=en

    Which suggest to enable "Allow range requests through unmodified" on Watchguard equipment - Is there an ISA/TMG Equivalent setting?

    Any help greatly appreciated.

    Thanks

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    Maybe look ad adding the exceptions to allow streaming video protocols.

  3. #3

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi, Not sure where this setting would be or how best to go about it but tried this in a few area's with no success.

  4. #4
    bio
    bio is offline
    bio's Avatar
    Join Date
    Apr 2008
    Location
    netherlands
    Posts
    520
    Thank Post
    16
    Thanked 130 Times in 102 Posts
    Rep Power
    37
    whats in the TMG log ? please post

    bio..

  5. #5

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Bio, I think this is the entry that relates to the 'Youtube' app failing to connect.

    Failed Connection Attempt SHS-SR-TMG-01 20/10/2011 09:10:00
    Log type: Web Proxy (Forward)
    Status: 1790 The network logon failed.
    Rule: Allow All
    Source: Internal (10.177.55.72:52070)
    Destination: Internal (212.219.83.101:8080)
    Request: 209.85.229.99:443
    Filter information: Req ID: 09ec533e; Compression: client=No, server=No, compress rate=0% decompress rate=0%
    Protocol: https-inspect
    User: anonymous
    Additional information
    Object source: Upstream (Object was returned from an upstream proxy cache.)
    Cache info: 0x0
    Processing time: 0 MIME type:

  6. #6

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Additional to the above with 'HTTPS Inspection' turned off the error changes to this:

    Closed Connection SHS-SR-TMG-01 20/10/2011 09:39:18
    Log type: Firewall service
    Status: A connection was closed because no SYN/ACK reply was received from the server.
    Rule: Allow All
    Source: Internal (10.177.55.72:52124)
    Destination: Internal (209.85.229.105:443)
    Protocol: BranchCache - Advertise
    Additional information
    Number of bytes sent: 640 Number of bytes received: 0
    Processing time: 129000ms Original Client IP: 10.177.55.72

  7. #7

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    More info: If I open the Youtube application directly through the proxy server (i.e. not via the TMG) and do a search, the app works perfectly. Then I switch the networking to go through the TMG server and the APP continues to function perfectly!! So it looks like it is just the initial connection, could it be certificate related? Once the app is closed it fails to connect again.

  8. #8

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    nobody?

  9. #9

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    Quote Originally Posted by edugeekdan View Post
    Additional to the above with 'HTTPS Inspection' turned off the error changes to this:

    Closed Connection SHS-SR-TMG-01 20/10/2011 09:39:18
    Log type: Firewall service
    Status: A connection was closed because no SYN/ACK reply was received from the server.
    Rule: Allow All
    Source: Internal (10.177.55.72:52124)
    Destination: Internal (209.85.229.105:443)
    Protocol: BranchCache - Advertise
    Additional information
    Number of bytes sent: 640 Number of bytes received: 0
    Processing time: 129000ms Original Client IP: 10.177.55.72
    I'm guessing its using a custom nonstandard badly implemented protocol which is confusing TMG. I'd look at the rules though as it is showing it as branchcache traffic which probably has additional inspection to prevent corrupted commands. It also looks a bit dodgey that the source and destination are both on the internal range. Is it a single interface TMG?

  10. #10

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi Synack, Thanks for the reply. The only rule I have setup is a rule says 'Allow All' for 'All Users' from 'All Networks' to 'All Networks' is there anymore I can do?

    Yes it is a single interface TMG.

    Im unable todo any testing today but have also read changing the 'HTTP Compression Preferences' may help, what do you think?

  11. #11

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Turning off HTTP Compression did not help. Anybody any other suggestions?

    Thanks

  12. #12

    Join Date
    Dec 2010
    Location
    Deepest Yorkshire
    Posts
    27
    Thank Post
    1
    Thanked 11 Times in 9 Posts
    Rep Power
    9
    Looking at it, I think it could be due to the layout of the TMG and Proxy.

    If you are using a single nic TMG (and I'd really advise you get another nic put in there) then the traffic is coming in and out of the same interface. As you said the HTTP and HTTPS traffic is fine, I'd check to see if all traffic is being directed from the proxy to the TMG, otherwise this may well be going on:

    1. Handshake request from iPad hits the TMG and is passed on to the other proxy.
    2. This proxy sends the request on to the App store
    3. The request comes back and hits the proxy, which then passes it directly onto the iPad as opposed to the TMG
    4. The iPad is expecting the handshake to come back from the TMG and so ignores the one from the proxy.
    5. The TMG sits around for a bit, doesn't get the handshake reply and then closes the connection - giving you the SYN/ACK message

  13. #13

    Join Date
    May 2011
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Aethon, thanks for the reply.

    The server is virtual so I can add another card, I just wanted to get things working quickly.

    The proxy we go through is a Squid proxy hosted by the local council so is difficult to get looked into, is this where I would need to "check to see if all traffic is being directed from the proxy to the TMG"

    What you describe does sound like whats hapening, well especially the "The TMG sits around for a bit, doesn't get the handshake reply and then closes the connection - giving you the SYN/ACK message" bit

    However if this was the case wouldnt Safari also be having issues?

    Thanks

SHARE:
+ Post New Thread

Similar Threads

  1. ipad youtube app and TMG
    By MK-2 in forum Netbooks, PDA and Phones
    Replies: 2
    Last Post: 28th April 2012, 08:46 AM
  2. Apps store and itunes through MS TMG
    By ful56_uk in forum Internet Related/Filtering/Firewall
    Replies: 1
    Last Post: 30th March 2012, 12:51 PM
  3. TMG Server + IPAD2, Youtube(App) & App Store issue
    By edugeekdan in forum Enterprise Software
    Replies: 0
    Last Post: 14th October 2011, 02:54 PM
  4. iPad's and the App Store
    By karls5 in forum East Midlands Broadband Consortium (EMBC)
    Replies: 22
    Last Post: 12th October 2010, 07:03 PM
  5. Citrix Presentation Server and Published Apps
    By wesleyw in forum Thin Client and Virtual Machines
    Replies: 5
    Last Post: 10th November 2008, 12:34 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •