Export (0) Print
Expand All

Monitoring server connectivity

You can verify connectivity to specific network servers using a Microsoft Forefront Threat Management Gateway connectivity verifier. This topic provides information about creating, configuring and managing connectivity verifiers.

Where to start: To configure connectivity verifiers, in the Forefront TMG Management console tree, click the Monitoring node. Then click the Connectivity Verifiers tab.

  1. On the Tasks tab, click Create a New Connectivity Verifier.
  2. Complete the New Connectivity Verifier Wizard. On the Connectivity Verification Details page, specify the server or URL to which you want to connect and the connection method. The following methods can be used:
    • PING. Forefront TMG sends a Ping request (ICMP ECHO_REQUEST) to the specific server and waits for an ICMP ECHO_REPLY. Use this method to verify that a specific server is available.
    • TCP connect. Forefront TMG tries to establish a TCP connection to a specific port on the specified server. Use this method to verify that a specific service is available on the destination server.
    • HTTP request. Forefront TMG sends an HTTP GET request and waits for a reply. Use this method to verify that a Web server is available.
Cc984485.note(en-us,TechNet.10).gifNote:
If you want to use an HTTP request, you must create a rule allowing HTTP or HTTPS from the Local Host network to the specified destination. On the last page of the wizard, you can select to automatically enable the predefined system policy rule: "Allow HTTP/HTTPS requests from Forefront TMG to selected servers for connectivity verifiers".

In addition to the connectivity verifier properties you specify in the New Connectivity Verifier Wizard, you can configure a timeout and alert as follows:

  1. On the Connectivity Verifiers tab, click the connectivity verifier you want to modify, and then select Edit Selected Verifier on the Tasks tab.
  2. On the General tab, modify the name of the connectivity verifier if required.
  3. On the Properties tab, do the following:
    • In Monitor connection to this server, modify the name of the destination server.
    • In Select this method to verify the connection, modify the connection method.
    • In Timeout, specify how long Forefront TMG should wait before reporting that the server is not available.
    • To specify that an alert should be triggered when the timeout is exceeded, click Trigger an alert if the server response is not within the specified timeout.

On the Connectivity Verifiers tab, do the following on the Tasks tab:

  • Select Disable Selected Verifiers to disable the verifier. To enable the verifier, you can click Enable Selected Verifiers as required.
  • Select Delete Selected Verifiers to permanently delete a verifier.

Connectivity verifiers for server farms are not created using the New Connectivity Verifier Wizard. When you create a server farm, you specify a connection method to be used when checking the connectivity status for the servers in the farm. After creating the server farm, a connectivity verifier is automatically created for the farm and appears on the Connectivity Verifiers tab. You can edit the connection method in the properties for the server farm or from the Connectivity Verifiers tab. You cannot create or delete a connectivity verifier for a server farm directly from the Connectivity Verifiers tab.

When you configure a connectivity verifier method to send an HTTP GET request, the monitored server is expected to return an HTTP response. Depending on the response, Forefront TMG will mark the connectivity verifier status, as detailed in the following table.

HTTP response from monitored server Connectivity verifier status

1xx, 2xx, or 3xx

OK. This is the response time in milliseconds.

401 (Web server authentication required)

OK. This is not considered an error, because the Web server returned the message.

407 (proxy authentication required)

Error (Microsoft Windows Server 2003). This is considered an error because connectivity to the actual Web server cannot be determined.

407 (proxy authentication required)

Authentication required (Windows 2000 Server).

4xx (except 401 and 407) or 5xx

Error.

Request timed out

Time-out.

The server name could not be resolved

Unresolved name.

Forefront TMG is down

Unable to verify. The Microsoft Firewall service is unavailable.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft