So after I’ve posted this blog entry, along with some comments to that entry from people experimenting the same issue, I’ve also received a few emails on this topic.
So I’ve decided to take a new look at it since it appears it’s not only me.
Playing a little bit more and watching the logs on TMG Beta 3, I’ve noticed that if I exclude bing from the Malware Inspection, although the logs show the same failed thing, now, like from TMG itself, the response is allowed(I can see with Wireshark on the client that TMG Beta 3 decompressed the server’s response).
So what to do with it for now ?
Well, I still don’t know what exactly happens there, but a couple of options(work arounds) are available:
- first, a little rant to Microsoft, do not use bing. –:)
- second, you’ve told me this is not a practical one as bing’s IP addresses might change, exclude bing IP addresses from the Configure HTTP Compression/Request Compressed Data tab.
- third one, not the most fortunate one, exclude bing from the Malware Inspection. You can do that in a couple of ways.
- The most simple way, and probably not quite recommended, add bing to Sites Exempt from Malware Inspection from Configure Malware Inspection/Destination Exceptions tab(if you do that, make sure you do not forget it there when the issue will not be present):
- If you don’t want to edit the Sites Exempt from Malware Inspection, create your own domain name set for bing and add it to Configure Malware Inspection/Destination Exceptions tab:
- Or if you do not want to alter the add the Configure Malware Inspection/Destination Exceptions tab, create an access rule allowing bing(create a domain name set for bing) on which you do not enable Malware Inspection. Please note that I’ve placed this rule on top of the other general rule, and I’ve added the created domain name set for bing to the To tab Exceptions area on the other general rule(just to exclude any overlapping).
- Or, instead of using a domain name set, you can try to mess with the URL Categories. Please note that for the moment bing does not appear in any URL category. If you want more details about URL categories, please see this blog entries on Forefront TMG (ISA Server) Product Team Blog: 1, 2 and 3. I did not want to alter the URL categories for now, just to make bing work behind TMG Beta 3, so I’ve sticked with the domain name set option.