You can verify connectivity to specific network servers using a Forefront TMG connectivity verifier.
Connectivity verifiers for server farms are not created using the New Connectivity Verifier Wizard. When you create a server farm, you specify a connection method to be used when checking the connectivity status for the servers in the farm. After creating the server farm, a connectivity verifier is automatically created for the farm and appears on the Connectivity Verifiers tab. You can edit the connection method in the properties for the server farm, or from the Connectivity Verifiers tab. You cannot create or delete a connectivity verifier for a server farm directly from the Connectivity Verifiers tab.
This topic provides information about:
- Creating a connectivity
verifier
- Configuring
connectivity verifiers
- Disabling and deleting a
connectivity verifier
- Analyzing HTTP GET
Responses
Creating a connectivity verifier
You create a connectivity verifier using the New Connectivity Verifier Wizard.
Note: |
---|
If you want to use an HTTP request, you must create a rule allowing HTTP or HTTPS from the Local Host network to the specified destination. On the last page of the wizard, you can select to automatically enable the predefined system policy rule: "Allow HTTP/HTTPS requests from Forefront TMG to selected servers for connectivity verifiers". |
To create a connectivity verifier
-
In the Forefront TMG Management console tree, click the Monitoring node. Then click the Connectivity Verifiers tab.
-
Complete the New Connectivity Verifier Wizard. On the Connectivity Verification Details page, specify the server or URL to which you want to connect and the connection method. You can use the following methods:
- PING—Forefront TMG sends a Ping request (ICMP
ECHO_REQUEST) to the specific server and waits for an ICMP
ECHO_REPLY. Use this method to verify that a specific server is
available.
- TCP connect—Forefront TMG tries to establish
a TCP connection to a specific port on the specified server. Use
this method to verify that a specific service is available on the
destination server.
- HTTP request—Forefront TMG sends an HTTP GET
request and waits for a reply. Use this method to verify that a Web
server is available.
- PING—Forefront TMG sends a Ping request (ICMP
ECHO_REQUEST) to the specific server and waits for an ICMP
ECHO_REPLY. Use this method to verify that a specific server is
available.
Configuring connectivity verifiers
In addition to the connectivity verifier properties you specify in the New Connectivity Verifier Wizard, you can configure a timeout and alert as described in the following procedure.
To configure connectivity verifiers
-
In the Forefront TMG Management console tree, click the Monitoring node. Then click the Connectivity Verifiers tab.
-
On the Connectivity Verifiers tab, click the connectivity verifier you want to modify, and then select Edit Selected Verifier on the Tasks tab.
-
On the General tab, modify the name of the connectivity verifier if required.
-
On the Properties tab, do the following:
- In Monitor connection to this server,
modify the name of the destination server.
- In Select the method to verify the
connection, modify the connection method.
- In Timeout, specify how long Forefront
TMG should wait before reporting that the server is not
available.
- To specify that an alert should be triggered
when the timeout is exceeded, click Trigger an alert if the
server response is not within the specified timeout.
- In Monitor connection to this server,
modify the name of the destination server.
Disabling and deleting a connectivity verifier
To disable and delete a connectivity verifier
-
In the Forefront TMG Management console tree, click the Monitoring node. Then click the Connectivity Verifiers tab.
-
On the Connectivity Verifiers tab, elect Disable Selected Verifiers to disable the verifier.
-
Select Delete Selected Verifiers to permanently delete a verifier.
Analyzing HTTP GET Responses
When you configure a connectivity verifier method to send an HTTP GET request, the monitored server is expected to return an HTTP response. Depending on the response, Forefront TMG marks the connectivity verifier status, as detailed in the following table.
HTTP response from monitored server | Connectivity verifier status |
---|---|
1xx, 2xx, or 3xx |
OK. This is the response time in milliseconds. |
401 (Web server authentication required) |
OK. This is not considered an error, because the Web server returned the message. |
407 (proxy authentication required) |
Error (Microsoft Windows Server 2003). This is considered an error because connectivity to the actual Web server cannot be determined. |
407 (proxy authentication required) |
Authentication required (Windows 2000 Server). |
4xx (except 401 and 407) or 5xx |
Error. |
Request timed out |
Time-out. |
The server name could not be resolved |
Unresolved name. |
Forefront TMG is down |
Unable to verify. The Microsoft Firewall service is unavailable. |
Related Topics
Copyright © 2009 by Microsoft Corporation. All rights reserved.