Blank User Activity Report if domain or username contains accented characters
Administrators creating a User Activity Report for users where the domain or user name contain characters that are not included in the
english alphabet, may not be able to see any activity for these users. The report will be generated, but it will not contain any information and only contain the report headers.
Please find an example from my test environment below:

Result:

This problem occurs because of a character conversion problem during the generation of the report.
Fortunatelly, we can control this conversion behavior by setting the follow registry key on the TMG Report Server:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\COM\
DWORD
USE_ACP_FOR_FILTER
Value: 1
After a reboot, let’s make a test with the same user again.
Now, the report looks better.

Author:
Arpad Gulyas
Microsoft CSS Forefront Security Edge Team
Technical Reviewer:
Lars Bentzen
Sr. Escalation Engineer
Microsoft CSS Forefront Security Edge Team

Have you ever been interested in which users visit specific sites on the Internet very often? E.g. which users did browse most on blogs.technet.com last week? In SP2 we added a new report, which allows analyzing the usage of specific sites connected to users in your organization, with a few mouse clicks.
In order to create the report you have to open the TMG MMC / Logs & Reports:

On the right hand side you can select “Create Site Activity Report”.
In the Wizard you can configure how many sites will be reported per user and how many users will be included in the report:

Be aware that in the default setting the Site Name parameter is OVERWRITE. You have to enter the parameter of your choice here. In this example I used blogs.technet.com, you can also use parameters like .com to see all requests to “.com sites” or narrow down to www.microsoft.com if you like to see only request to www.microsoft.com.
Here’s how a report can look like:

Be aware that you’ll only see the user name, if you’re using proxy authentication in your environment and if you’re logging the user name. If no proxy authentication is enabled, or specific rules don’t require proxy authentication, you will also see the “anonymous” user in the report.
Author
Philipp Sand
Microsoft CSS Forefront Security Edge Team
Technical Reviewer
Roman Golubchyck
Senior SDET TMG Product Group

The user activity report is a new feature of Forefront TMG SP1. I recently came across an issue where the customer was trying to run TMG user activity reports. When he used a single user (domainname\username) it rendered the report okay, but when we tried the same for 2 users (domainname\username1; domainname\username2) it gave the following error message after 5 minutes:
0xc0040432 The report TEST MS could not be generated. Report Server error information: The operation has timed out. The error occurred on object ‘Reports’ of class ‘Reports Configuration’ in the scope of array ‘XXXXXXXXXXX’.
|
As a part of the troubleshooting we tried to use the underlining SQL Server Reporting Server (SSRS) to run the same reports. This worked and we did not run into the issue.From looking at the built-in tracing in TMG, we identified that TMG failed to render the report because the operation timed out. By default the timeout for this report is 5 minutes.To fix the issue we created the following registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\REPORTING] REG_DWORD: "RS_SOAP_CLIENT_TIMEOUT_IN_MILLISECONDS" Value: 0x000927c0
|
Please note you may have to create the registry keys as they do not exist by default:
0x000927c0 (HEX) =600000 milliseconds = 10 minutes.
The default timeout value is 5 minutes.
This worked for 2 users, but with 10 users it still timed out and we got the same error. We eventually fixed the issue by increasing the registry value to 20 minutes. The main reason why we had to increase the timeout value was because the machine was not powerful enough to complete the processing of multiple users within the default 5 min.
Author
Saurav Datta
Security Support Escalation Engineer
Microsoft CSS Forefront Security Edge Team
Technical Reviewer
Lars Bentzen
Escalation Engineer
Microsoft CSS Forefront Security Edge Team
