Fun with Bing behind Forefront TMG Beta 3 – Redux

So after I’ve posted this blog entry, along with some comments to that entry from people experimenting the same issue, I’ve also received a few emails on this topic.

So I’ve decided to take a new look at it since it appears it’s not only me.

bing1
bing2
bing3

 

Playing a little bit more and watching the logs on TMG Beta 3, I’ve noticed that if I exclude bing from the Malware Inspection, although the logs show the same failed thing, now, like from TMG itself, the response is allowed(I can see with Wireshark on the client that TMG Beta 3 decompressed the server’s response).

bing4
bing5
bing6

 

So what to do with it for now ?
Well, I still don’t know what exactly happens there, but a couple of options(work arounds) are available:

- first, a little rant to Microsoft, do not use bing. –:)

- second, you’ve told me this is not a practical one as bing’s IP addresses might change, exclude bing IP addresses from the Configure HTTP Compression/Request Compressed Data tab.
bing7

- third one, not the most fortunate one, exclude bing from the Malware Inspection. You can do that in a couple of ways.
     - The most simple way, and probably not quite recommended, add bing to Sites Exempt from Malware Inspection from Configure Malware Inspection/Destination Exceptions tab(if you do that, make sure you do not forget it there when the issue will not be present):
bing8
    - If you don’t want to edit the Sites Exempt from Malware Inspection, create your own domain name set for bing and add it to Configure Malware Inspection/Destination Exceptions tab:
bing17
bing9
   - Or if you do not want to alter the add the Configure Malware Inspection/Destination Exceptions tab, create an access rule allowing bing(create a domain name set for bing) on which you do not enable Malware Inspection. Please note that I’ve placed this rule on top of the other general rule, and I’ve added the created domain name set for bing to the To tab Exceptions area on the other general rule(just to exclude any overlapping).
bing10
bing12
bing13
bing14
bing11
bing15
  - Or, instead of using a domain name set, you can try to mess with the URL Categories. Please note that for the moment bing does not appear in any URL category. If you want more details about URL categories, please see this blog entries on Forefront TMG (ISA Server) Product Team Blog: 1, 2 and 3. I did not want to alter the URL categories for now, just to make bing work behind TMG Beta 3, so I’ve sticked with the domain name set option.
bing16

Comments (6) -

  • Andrew

    6/19/2009 4:50:51 PM |

    This solution does work but bing is still not fully functional. Preview does not work. I discovered that if I enable the rule with no protocol restrictions (before all block and allow rules) for my test IP - bing works as expected. I disable it - preview stops working. Any ideas?

    Andrew

    • adimcev

      6/19/2009 5:40:42 PM |

      Hi Andrew,

      Can you please detail what preview means to you ?
      Are you referring to videos preview ?
      Suggestions work from here.
      On my location, it seems that I do not have access to all the bing features that I have seen over the web for people in various countries.

      Thanks
      Adrian

      • Andrew

        6/19/2009 6:12:33 PM |

        I wish I could post pictures but at least in US bing.com has this cool feature:

        Web page previews. Allow your mouse cursor to hover over a link in a list of search results, and to the right you'll see a vertical line with a small orange do in the middle. Move your mouse cursor toward the line, and Bing shows you a preview of the text on the Web page without your having to visit it. The preview often includes an "also on this page" section, with frequently-visited sections of the page, so you can go right to a section of interest with one click.

        This is exactly what does not work. I added bing.com to No Compression IPs and it does work fine. So this seem to be a problem with TMG beta 3 so let's wait for Microsoft to fix it.

        • adimcev

          6/19/2009 6:51:06 PM |

          I thought you may refer to the links preview.
          Unfortunetely I do not have any links preview over here, with or without TMG on the path.

          Maybe it uses another DNS name for links preview, for example for cached pages it uses cc.bingj.com(cached pages seems to be fine by default behind TMG). If you watch closely the logs on TMG for what destination it tries to access when you put your mouse cursor on a link, maybe you can figure it out a temporary work around so you can enjoy using bing behind TMG too.

          I think that by now Microsoft may know about the TMG and bing issue. -;)

          Cheers!
          Adrian

      • Andrew

        6/19/2009 6:51:54 PM |

        I also would like to add that the same problem exists on ISA 2006. I tested it on our DR ISA array and had the same problem with preview/compression.

        • adimcev

          6/19/2009 6:53:59 PM |

          I also thought about that, but did not have ISA 2006 handy to test.

          Thanks for the info,
          Adrian

Comments are closed