Symptoms
The URL and Destination Host Name columns in the web proxy log of Microsoft Forefront Threat Management Gateway 2010 may be displayed as unreadable values. This problem occurs when users access websites by using an internationalized domain name (IDN) and the log entries are retrieved from disk.
Note IDNs are domain names that may contain Unicode characters and are accessed by using Punycode transcription. Threat Management Gateway converts the Punycode name into the Unicode representation when the log entries are viewed in the logging view in the Forefront TMG Management snap-in of the Microsoft Management Console (MMC). However, when the log entries are retrieved from disk, any non-ASCII characters in the Unicode string are replaced with a question mark (?), as we explain in the "Cause" section.
Cause
This problem occurs because the logging columns in Threat Management Gateway are saved in ASCII format, and when the log records are written to disk, the values in the URL and Destination Host Name columns are converted from Unicode to ASCII. This causes any non-ASCII value in the value to be replaced with a question mark (?).
Resolution
To resolve this problem, install Rollup 4 for Forefront Threat Management Gateway 2010 Service Pack 2, and then run the script in the "More Information" section.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
More Information
Copy and paste the following script in Notepad.exe, and then save the file as "SetPersistLogAsPunycode.vbs."
'Define the constants needed.
Const strVpsGUID = "{143F5698-103B-12D4-FF34-1F34767DEABC}"
Const strVpsPropertyName = "PersistLogAsPunycode"
Const Error_FileNotFound = &H80070002
Set objArgs = wscript.Arguments
fInvalidParameterValue = False
if objArgs.Count > 0 then
if objArgs(0) = "0" then
fPersistLogAsPunycode = False
elseif objArgs(0) = "1" then
fPersistLogAsPunycode = True
else
fInvalidParameterValue = True
end if
end if
if objArgs.Count <> 1 or fInvalidParameterValue then
wscript.echo "Usage: SetPersistLogAsPunycode.vbs <0|1>"
wscript.echo
wscript.echo "Control how log fields that may contain punycode-encoded parts are"
wscript.echo "stored in the persistent log."
wscript.echo
wscript.echo " 0 - Persist the applicable log fields as ASCII (the default behavior)"
wscript.echo " 1 - Persist the applicable log fields as Punycode"
wscript.Quit 2
end if
set objLogging = CreateObject("FPC.Root").GetContainingArray().Logging
Set objVPSet = OpenVPSet(objLogging, strVpsGUID)
objVPSet.Value(strVpsPropertyName) = fPersistLogAsPunycode
objLogging.Save
function OpenVPSet(objParent, strVpsGUID)
Set objVPSets = objParent.VendorParametersSets
On Error Resume Next
Set OpenVPSet = objVPSets.Item(strVpsGUID)
' Save the Err properties in case it needs to be re-raised
errNumber = Err.Number
errSource = Err.Source
errDescription = Err.Description
errHelpFile = Err.HelpFile
errHelpContext = Err.HelpContext
On Error GoTo 0
if errNumber = Error_FileNotFound Then
Set OpenVPSet = objVPSets.Add(strVpsGUID)
Elseif errNumber < 0 Then
' An error other than "file not found" occured -- re-raise the error,
' this time not under "On Error Resume Next"
Err.Raise errNumber, errSource, errDescription, errHelpFile, errHelpContext
End If
end function
To enable Threat Management Gateway to persist the log entries as Punycode values, run the following command:
cscript.exe SetPersistLogAsPunycode.vbs 1
To revert Threat Management Gateway to its default behavior of logging fields as ASCII characters, run the following command:
cscript.exe SetPersistLogAsPunycode.vbs 0
References
See the terminology Microsoft uses to describe software updates.
