Fun with Bing behind Forefront TMG Beta 3 or it’s just me ?

Attempting today to use Bing(web search, images search works) on a host(with IE 8 or IE 6, web proxy+secure NAT client or secure NAT client only) behind TMG Beta 3 in my lab, and:



As already said, images search is fine:



Nothing special, the default web policy:



When I try from TMG itself, although it also logs a failure, it displays the search result:



If I exclude bing’s IP address from Request Compressed Data:


It works fine:



Being a little curious, I’ve fired up Wireshark, and took some captures on TMG Beta 3 external interface:

- for the host behind TMG Beta 3, the server’s reply looks like:

- for the request from TMG itself, the server’s reply looks like:


I’m not entirely convinced the server’s reply(data) is invalid and it cannot be decompressed.
Here is a trick(in case you did not know it already): first I’ve filtered the needed conversation(the server’s reply), then clicked on the packet containing the 200 OK message, expanded the HTTP area, right-clicked the Line-based text data: and clicked Export Selected Packet Bytes…, as can be seen from bellow we are actually exporting the web page received from the web server(note that Wireshark reassembled and decompressed the server’s reply, see the HTTP Preferences Wireshark’s help web page for more info):



If I apply this trick to both captures, and then open the obtained web pages, we can see something from the web server’s reply:

- for the host behind TMG Beta 3:

- for the request from TMG itself:


The question was why did TMG Beta 3 dropped the packet.
I’m not sure if I’ve spilled the milk somewhere(I have tried only in a single lab).
I feel lazy for the moment, it’s Friday evening, so I will leave it for later. –:)

Comments (5) -

  • Same here. No bing behind an TMG Beta 3 gateway. Your solution helps , but BING  IP adres changes...:-(. Thanks
    • Yep, it would be useful if we could specify the DNS name there instead of being forced to specify just IP addresses.

  • We get the same error here, behind the production TMG provided with Windows Essential Business Server
  • Hi Mark,

    Probably would be advisable to contact Microsoft if your really need access to bing(since you are in a production environment).
    I have not looked at this issue since I've posted this blog entry.

Comments are closed