When accessing TMG report hosted on IIS, images are not displayed

Consider the following scenario:

You have configured reporting with TMG, and you have published the generated reports content on an IIS 7.5 Server (Windows 2008 R2) so that TMG administrators in your organization can access these reports from their workstation using a standard browser like Internet Explorer.


The Reports are not displayed correctly in the browser. You notice that images are missing, hence the “red cross” error as we can see in the below screenshot.



As you know TMG is using SQL Server Reporting Services to generate reports based on the TMG activity logs.

The root cause of the problem here is that no file extension (such as .png) is given to the image files returned as a stream of data by Reporting Services.

In addition, IIS 7.5 won’t serve by default, files that don’t have any known MIME type. Instead IIS will respond with a 404.3 error (see https://technet.microsoft.com/en-us/library/cc753281(WS.10).aspx)

As a result, when the browser sends the requests for the images included in the report, IIS will respond with 404.3 for all them as they are not mapped to a known MIME type.

This error can be easily seen in the IIS log when the client browser is accessing the report.


While this issue is currently investigated by the TMG and Reporting Service product groups there’s an easy workaround that can be implemented on IIS to solve it.

This workaround consists in adding a “ . ” file name extension mapped to the application/octet-stream MIME type to the MIME types list known by IIS. By doing this, we instruct IIS to serve files that don’t have any extension.

The screenshots below summarized the steps to be done in IIS.



As a result, IIS will respond to such requests (without file extension) with 200 OK with a MIME type of application/octet-stream.

Then the client browser will manage how to render the response. In this case, IE detects that it is an image and will render it as such.

Note: I recommend hosting the reports inside a dedicated virtual directory and adding the above mentioned setting at this virtual directory level.


Eric Detoc

Escalation Engineer - Microsoft CSS Forefront Security Edge Team

Technical Reviewer

Franck Heilmann

Escalation Engineer - Microsoft CSS Forefront Security Edge Team