Archive

Posts Tagged ‘TMG SP2’

Installing Forefront TMG 2010 SP2 on Enterprise Arrays

December 1, 2011 6 comments

July 4,2012 – Update: A script is now available on ISATools.org that will identify the exact order in which to install TMG SP2 for your environment. You can download the script here.

To successfully install Service Pack 2 (SP2) for Forefront TMG 2010, you must first install Service Pack 1 (SP1), then Software Update 1 for SP1 (SP1U1) as I indicated in a previous blog post. None of the other hotfix rollups available for Forefront TMG are required to upgrade to SP2. For Forefront TMG 2010 enterprise arrays, these updates must be installed in a specific order to eliminate potential conflicts. The proper sequence is as follows:

First, install SP1 for Forefront TMG 2010 on the…

  1. Enterprise Management Server (EMS)
  2. Reporting server in each array
  3. Remaining array members in each array

Next, install Software Update 1 for Forefront TMG 2010 SP1 on the…

  1. EMS
  2. Reporting server in each array
  3. Remaining array members in each array

Lastly, install SP2 for Forefront TMG 2010 on the…

  1. EMS
  2. Reporting server in each array
  3. Remaining array members in each array

For standalone arrays, treat the array manager as the EMS and follow the order outlined above. In addition, if you are adding a new array member to an existing array, install Forefront TMG 2010 and apply the updates in order before joining the array. Make certain that the new array member is at the same update level as the EMS and other array members.  Also, consider slipstreaming SP2 with your installation media to save yourself some time.

Special thanks to Jim Harrison for clarification on the installation order.

Categories: Forefront TMG 2010, Forefront UAG 2010, Threat Management Gateway, Unified Access Gateway Tags: , , , , , , , , , , , ,

Forefront TMG 2010 Turns Two Years Old

November 16, 2011 5 comments

Today marks the second anniversary of the release to manufacturing (RTM) for Microsoft Forefront Threat Management Gateway (TMG) 2010. In the two years since its release Microsoft has provided two major service packs that have increased stability, improved performance and scalability, and also added some helpful new functionality. During this time the product also achieved Common Criteria (level EAL4+) certification. As we approach the end of mainstream support for Microsoft ISA Server 2006 SP1, now is a good time to begin evaluating Forefront TMG 2010 and to start planning your migration!

Categories: Forefront TMG 2010, ISA 2006 Configuration, ISA 2006 Enterprise, ISA 2006 General, ISA 2006 Standard, Threat Management Gateway Tags: , , , , , , , , , , , ,

Slipstream Service Pack 2 for Forefront TMG 2010

October 23, 2011 25 comments

Now that Service Pack 2 (SP2) for Microsoft Forefront TMG 2010 is available I’ve had numerous people ask me about the process of slipstreaming the service pack with the Forefront TMG 2010 installation media. Having Forefront TMG 2010 with SP2 slipstreamed is a great time saver if you install TMG frequently like I do, but it is also essential if you wish to install Forefront TMG 2010 on a read-only domain controller (RODC). Last year when service pack 1 for Forefront TMG 2010 was released I wrote this post on how to slipstream the service pack. The process is nearly identical with Forefront TMG 2010 SP2 with the exception that there are a few more steps required because of TMG SP2’s dependencies on SP1 and software update 1 for TMG SP1.

To slipstream SP2 with the Forefront TMG 2010 installation media, begin by copying the contents of your Forefront TMG 2010 DVD or extracting the ISO to a temporary folder. Next, download Forefront TMG 2010 SP1, Forefront TMG 2010 SP1 software update 1, and Forefront TMG 2010 SP2. Software update 1 for Forefront TMG 2010 SP1 and SP2 for Forefront TMG 2010 are both .exe files that can’t be used for slipstreaming. To support slipstreaming we’ll need to extract the .msp files from them by opening an elevated command prompt and issuing the following commands:

For software update 1 for Forefront TMG 2010 SP1

TMG-KB2288910-amd64-ENU.exe /t d:\temp\SP1U1

For Forefront TMG 2010 SP2

TMG-KB2555840-amd64-ENU.exe /t d:\temp\SP2

Now begin the slipstreaming process by navigating to the \FPC folder of the TMG installation source and then issuing the following commands:

First, slipstream SP1 for Forefront TMG 2010

msiexec /a MS_FPC_Server.msi /p d:\temp\sp1\TMG-KB981324-AMD64-ENU.msp

Next, slipstream software update 1 for Forefront TMG 2010 SP1

msiexec /a MS_FPC_Server.msi /p d:\temp\sp1u1\TMG-KB2288910-amd64-ENU.msp

Finally, slipstream Forefront TMG 2010 SP2

msiexec /a MS_FPC_Server.msi /p d:\temp\sp2\TMG-KB2555840-amd64-ENU.msp

Once complete, use your favorite tool to burn a DVD or create an ISO file.

Important Note: If you install the Forefront TMG 2010 firewall client from the new SP2 slipstreamed installation source, you will still need to install the October 2011 Forefront TMG 2010 firewall client hotfix rollup as outlined in my previous blog post.

Categories: Forefront TMG 2010 Tags: , , , , , , , ,