WPAD Issue Migrating ISA 2006 to TMG 2010. Internet traffic still flowing through Old ISA 2006 Server. (Network Steve Forum)

WPAD Issue Migrating ISA 2006 to TMG 2010. Internet traffic still flowing through Old ISA 2006 Server.

Im having a perplexing issue with our migration from ISA 2006 to TMG 2010. In a nutshell, we use DNS for WPAD.dat distribution. To test the WPAD.Dat from TMG before I make a global change in DNS, I have changed the HOSTS record of a group of Windows7 users in our pilot group and reboot them. After the reboot, when I look at their IE, all proxy settings are correct with the new TMG 2010 server, as is the automatically detected Forefront Server in their Forefront TMG client (we run that on all workstations here.) So all looks perfect.

However, their Internet traffic is still going through our old ISA 2006 server. On the Windows7 client machines in the registry I found that within the subkeys of the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad there are multiple pointers to the old ISA 2006 server. As a test, I deleted the entire key, rebooted and then all Internet traffic was correctly routed through the new TMG 2010.

Any idea what the problem might be? Why aren't these subkeys populating with the new WPAD address? I dont particularly want to delete this key on all our workstations unless theres a good reason to. It appears the key does repopulate, however it doesn't contain any pointers to the new TMG 2010 like the old key did.

Below is a screenshot showing a client workstation with the correct settings in IE, but the wrong settings in the Registry. Seatmg.wkg.com is the new TMG 2010 server and Seaisa.wkg.com is the old ISA 2006 server.

Than

March 18th, 2015 1:36pm

Hi,

Please check the blog below.

Quote:

Weve updated the DHCP 252 option and pointed wpad.dat to another URL, or just changed the DNS entry and pointed to another web server, but IE never try to retrieve the wpad.dat file from the new URL.

As I mentioned before, IE always tries to retrieve the wpad.dat URL from registry (HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings). If it exists, IE doesnt need to do DHCP detection or DNS detection. If it doesnt exist, IE still neednt to send DHCP or DNS request every time because of the DHCP cache or DNS cache, so that IE may still get the old wpad.dat URL.

Resolution:

Clear DHCP cache

ipconfig /release

ipconfig /renew

Clear DNS cache

ipconfig /flushdns

Delete proxy cache from registry

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Delete IE cache

RunDll32.exe InetCpl.cpl,ClearMyTracksByProcess 8

http://blogs.msdn.com/b/asiatech/archive/2012/08/15/insight-wpad-proxy-settings-on-ie.aspx

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now

March 19th, 2015 2:36am

Thanks so much, Joyce. I assume the article means delete those two keys, which I tried. On the first two workstations, that worked perfectly. After a reboot, the keys regenerated themselves with the proper TMG server information in them.

However, I tried it on a couple more workstations, and the key didn't regenerate itself and Internet traffic continued to go through the old ISA server. A search of the registry turned up the fqdn of the old ISA server all over the place. I find it hard to believe that part of the migration to TMG 2010 would involve deleting all sorts of registry keys on the client PCs, so I feel like something else must be out of whack.

One other clue I should mention is that apparently my new TMG server isnt using port 80 for publishing wpad.dat even though port 80 is specicified on the AutoDiscovery tab of TMG. If I use :8080 in http://servername.com:8080/wpad.dat it downloads. Could this be a related issue? I dont have IIS running on the TMG server, but I do have an internal listener that uses port 80. I checked the TMG server using netstat and nothing except the wspsvr is using port 80, so I don't believe there is a conflict. Any idea how to fix TMG to actually publish on port 80 like its supposed to? Our ISA server has the same listener configured, however it does publish wpad.dat correctly on port 80.

March 19th, 2015 5:21pm

I'm still working this problem, but have an update:

I've found that even after deleting the two registry keys on our workstations, Internet traffic is still flowing through the old ISA server. This is the case even though those two registry keys which regenerated themselves don't reference the old ISA server anymore, they reference the routing script from the new TMG server. Also, as I mentioned, all IE and Forefront TMG client settings point to the new TMG server.

This is driving me bananas. How can I decommission our old ISA server when I can't get clients to reliably use TMG for Internet Access?

Thanks everyone!

Free Windows Admin Tool Kit Click here and download it now

March 26th, 2015 12:47pm

This topic is archived. No further replies will be accepted.