Archive

Archive for the ‘report’ Category

Blank User Activity Report if domain or username contains accented characters

January 30th, 2012 No comments

Blank User Activity Report if domain or username contains accented characters

Administrators creating a User Activity Report for users where the domain or user name contain characters that are not included in the

english alphabet, may not be able to see any activity for these users. The report will be generated, but it will not contain any information and only contain the report headers.

Please find an example from my test environment below:

clip_image002

Result:

clip_image003

This problem occurs because of a character conversion problem during the generation of the report.

Fortunatelly, we can control this conversion behavior by setting the follow registry key on the TMG Report Server:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\COM\

DWORD

USE_ACP_FOR_FILTER

Value: 1

 

After a reboot, let’s make a test with the same user again.

Now, the report looks better.

clip_image004

Author:

Arpad Gulyas

Microsoft CSS Forefront Security Edge Team

Technical Reviewer:

Lars Bentzen

Sr. Escalation Engineer

Microsoft CSS Forefront Security Edge Team

Categories: report, TMG Tags:

New in SP2: Site Activity Report

October 12th, 2011 No comments

Have you ever been interested in which users visit specific sites on the Internet very often? E.g. which users did browse most on blogs.technet.com last week? In SP2 we added a new report, which allows analyzing the usage of specific sites connected to users in your organization, with a few mouse clicks.

In order to create the report you have to open the TMG MMC / Logs & Reports:

clip_image002

On the right hand side you can select “Create Site Activity Report”.

In the Wizard you can configure how many sites will be reported per user and how many users will be included in the report:

clip_image004

Be aware that in the default setting the Site Name parameter is OVERWRITE. You have to enter the parameter of your choice here. In this example I used blogs.technet.com, you can also use parameters like .com to see all requests to “.com sites” or narrow down to www.microsoft.com if you like to see only request to www.microsoft.com.

Here’s how a report can look like:

clip_image006

Be aware that you’ll only see the user name, if you’re using proxy authentication in your environment and if you’re logging the user name. If no proxy authentication is enabled, or specific rules don’t require proxy authentication, you will also see the “anonymous” user in the report.

Author
Philipp Sand
Microsoft CSS Forefront Security Edge Team

Technical Reviewer
Roman Golubchyck
Senior SDET TMG Product Group

Categories: report, SP2, TMG Tags:

User Activity report for multiple users not working error 0xc0040432

March 26th, 2011 Comments off

The user activity report is a new feature of Forefront TMG SP1. I recently came across an issue where the customer was trying to run TMG user activity reports. When he used a single user (domainname\username) it rendered the report okay, but when we tried the same for 2 users (domainname\username1; domainname\username2) it gave the following error message after 5 minutes:

0xc0040432
The report TEST MS could not be generated. Report Server error information: The operation has timed out.
The error occurred on object ‘Reports’ of class ‘Reports Configuration’ in the scope of array ‘XXXXXXXXXXX’.

As a part of the troubleshooting we tried to use the underlining SQL Server Reporting Server (SSRS) to run the same reports. This worked and we did not run into the issue.From looking at the built-in tracing in TMG, we identified that TMG failed to render the report because the operation timed out. By default the timeout for this report is 5 minutes.To fix the issue we created the following registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\REPORTING]
REG_DWORD: "RS_SOAP_CLIENT_TIMEOUT_IN_MILLISECONDS"
Value: 0x000927c0

Please note you may have to create the registry keys as they do not exist by default:

0x000927c0 (HEX) =600000 milliseconds = 10 minutes.
The default timeout value is 5 minutes.

This worked for 2 users, but with 10 users it still timed out and we got the same error. We eventually fixed the issue by increasing the registry value to 20 minutes. The main reason why we had to increase the timeout value was because the machine was not powerful enough to complete the processing of multiple users within the default 5 min.

Author
Saurav Datta
Security Support Escalation Engineer
Microsoft CSS Forefront Security Edge Team

Technical Reviewer
Lars Bentzen
Escalation Engineer
Microsoft CSS Forefront Security Edge Team

Categories: report, TMG Tags: