Symptoms
The URL and Destination Host Name columns in the web proxy log of Microsoft Forefront Threat Management Gateway 2010 may be displayed as unreadable values. This problem occurs when users access websites by using an internationalized domain name (IDN) and the log entries are retrieved from disk.Note IDNs are domain names that may contain Unicode characters and are accessed by using Punycode transcription. Threat Management Gateway converts the Punycode name into the Unicode representation when the log entries are viewed in the logging view in the Forefront TMG Management snap-in of the Microsoft Management Console (MMC). However, when the log entries are retrieved from disk, any non-ASCII characters in the Unicode string are replaced with a question mark (?), as we explain in the "Cause" section.
Cause
This problem occurs because the logging columns in Threat Management Gateway are saved in ASCII format, and when the log records are written to disk, the values in the URL and Destination Host Name columns are converted from Unicode to ASCII. This causes any non-ASCII value in the value to be replaced with a question mark (?).
Resolution
To resolve this problem, install Rollup 4 for Forefront Threat Management Gateway 2010 Service Pack 2, and then run the script in the "More Information" section.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
Copy and paste the following script in Notepad.exe, and then save the file as "SetPersistLogAsPunycode.vbs."
'Define the constants needed.Const strVpsGUID = "{143F5698-103B-12D4-FF34-1F34767DEABC}"Const strVpsPropertyName = "PersistLogAsPunycode"Const Error_FileNotFound = &H80070002Set objArgs = wscript.ArgumentsfInvalidParameterValue = Falseif objArgs.Count > 0 then if objArgs(0) = "0" then fPersistLogAsPunycode = False elseif objArgs(0) = "1" then fPersistLogAsPunycode = True else fInvalidParameterValue = True end ifend ifif objArgs.Count <> 1 or fInvalidParameterValue then wscript.echo "Usage: SetPersistLogAsPunycode.vbs <0|1>" wscript.echo wscript.echo "Control how log fields that may contain punycode-encoded parts are" wscript.echo "stored in the persistent log." wscript.echo wscript.echo " 0 - Persist the applicable log fields as ASCII (the default behavior)" wscript.echo " 1 - Persist the applicable log fields as Punycode" wscript.Quit 2end ifset objLogging = CreateObject("FPC.Root").GetContainingArray().LoggingSet objVPSet = OpenVPSet(objLogging, strVpsGUID)objVPSet.Value(strVpsPropertyName) = fPersistLogAsPunycodeobjLogging.Savefunction OpenVPSet(objParent, strVpsGUID) Set objVPSets = objParent.VendorParametersSets On Error Resume Next Set OpenVPSet = objVPSets.Item(strVpsGUID) ' Save the Err properties in case it needs to be re-raised errNumber = Err.Number errSource = Err.Source errDescription = Err.Description errHelpFile = Err.HelpFile errHelpContext = Err.HelpContext On Error GoTo 0 if errNumber = Error_FileNotFound Then Set OpenVPSet = objVPSets.Add(strVpsGUID) Elseif errNumber < 0 Then ' An error other than "file not found" occured -- re-raise the error, ' this time not under "On Error Resume Next" Err.Raise errNumber, errSource, errDescription, errHelpFile, errHelpContext End Ifend function
To enable Threat Management Gateway to persist the log entries as Punycode values, run the following command:
cscript.exe SetPersistLogAsPunycode.vbs 1To revert Threat Management Gateway to its default behavior of logging fields as ASCII characters, run the following command:
cscript.exe SetPersistLogAsPunycode.vbs 0
References
See the terminology Microsoft uses to describe software updates.
