URL filtering troubleshooting flow

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic is designed to help you troubleshoot and resolve URL filtering issues.

Issues include:

  • Incorrect or unknown site categorization.

  • Failure to prevent access to blocked sites.

  • Inconsistent access based on IP address.

The following sections provide:

  • Prerequisites

  • Flowchart for troubleshooting URL filtering

  • Procedures for troubleshooting URL filtering

Prerequisites

To troubleshoot URL filtering issues, you must be familiar with the following Forefront TMG procedures:

Flowchart for troubleshooting URL filtering

This flowchart guides you through the steps required for troubleshooting URL filtering.

URL filtering troubleshooting flow

Procedures for troubleshooting URL filtering

The following procedures describe steps you might need to take when you use the flowchart to troubleshoot URL filtering:

  • How to query the Forefront TMG logs for MRS servers

  • How to obtain or renew a WSS license

How to query the Forefront TMG logs for MRS servers

  1. Obtain the IP addresses of the Microsoft Reputation Services (MRS) servers. At the command prompt of the Forefront TMG server, type:

for %i in (ds ts) do nslookup 10.%i.mrs.microsoft.com

This is an example of valid results:

![Obtaining IP addresses of MRS servers](images/Ff358603.792e8dc9-916b-474c-9a38-9b6114059dae(TechNet.10).gif "Obtaining IP addresses of MRS servers")
  1. Query Forefront TMG logs for the MRS servers by using the Web Proxy Logging filter and the Firewall Logging filter.

    Note

    Log query filters use "and" by default; searching for multiple IP addresses in a single query will produce no results.

    This table lists the parameters you must select or enter when you query the logs using the Web Proxy Logging filter.

    Filter by Condition Value

    URL

    Contains

    mrs.microsoft.com

    Log Time

    Last 24 Hours

    Live (if observed while reproducing the issue)

    NA

    Action

    Not Equal

    Connection Status

    This table lists the parameters you must select or enter when you query the logs using the Firewall Logging filter.

    Filter by Condition Value

    Destination IP

    Equals

    IPv4 IP address obtained during name resolution troubleshooting

    Log Time

    Last 24 Hours

    Live (if observed while reproducing the issue)

    NA

    Action

    Not Equal

    Connection Status

How to obtain or renew a WSS license

URL filtering is subscription based, and is part of the Forefront TMG Web Security Service license. For licensing information, see How to Buy (https://go.microsoft.com/fwlink/?LinkId=179848).

Concepts

Troubleshooting URL filtering