Archive
Disable SSL 3.0 and TLS 1.0 on Forefront TMG and UAG 2010
When performing SSL and TLS hardening on Microsoft Forefront Threat Management Gateway (TMG) 2010 or Forefront Unified Access Gateway (UAG) 2010 servers, disabling SSL 3.0 and TLS 1.0 is often required to meet regulatory and compliance guidelines for security. However, disabling SSL 3.0 and TLS 1.0 causes the SQL Server (ISARS) and SQL Server Express services to fail on start up.
Switching from SQL logging to text file logging can be employed as a workaround. However, when using text file logging, generating historical reports in the TMG management console is no longer supported.
To restore full functionality for SQL logging and reporting when SSL 3.0 and TLS 1.0 are both disabled, an update to the local security policy of the server is required. Open the Local Security Policy editor by clicking on the Start button and navigating to Administrative Tools and Local Security Policy. Expand Local Policies and click on Security Options. Double-click on System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing. Click Enabled and then click OK.
Restart the computer for the changes to take effect. Once complete, all SQL services should start and run without issue.
Note: If Remote Desktop Services (RDS) is used to manage the Forefront TMG firewall it will be necessary to install update KB3080079.
Forefront UAG 2010 Service Pack 2 Now Available
Forefront UAG 2010 Service Pack 2 is now available for download. In addition to the usual bug fixes and system updates, UAG SP2 includes new features such as AD FS 2.0 multi-namespace support and support for additional mobile client devices such as Android 4.x, iOS 5.x, and Windows Phone 7.5. Before installing Forefront UAG 2010 SP2 you must first install SP2 for Forefront TMG 2010. When installing Forefront TMG SP2 on a UAG array, be sure to install TMG SP2 on the UAG array manager first, and then install TMG SP2 on the remaining UAG array members. Here are some links to important Forefront UAG 2010 SP2 information:
- What’s new in Forefront UAG 2010 SP2
- Download Forefront TMG 2010 SP2
- Download Forefront UAG 2010 SP2
- Installing Forefront UAG 2010 SP2
TechDays San Francisco 2012
TechDays San Francisco 2012, sponsored by the Pacific IT Professionals user group, is a two day IT professional conference being held on March 23 and 24, 2012. The event features a lineup of speakers that includes Chris Avis, CA Callahan, Jennelle Crothers, Jessica DeVita, Steve Evans, Jason C. Helmick, Chris Henley, Ed Horley, Darren Mar-Elia, Mark Minasi, Stephen Rose, Joey Snow, Doug Spindler, Mark Vinkour, Harold Wong, and Chris Zwergel. Sessions will cover topics such as Azure and cloud, Clustering, DNS/DHCP/IPAM, Exchange, Hyper-V, IIS, Lync, MDOP, networking and VPN, Powershell, SharePoint, System Center, VDI, Windows 8 Client and Server, and Windows Phone 7. I will be presenting sessions on Forefront Edge Security (Forefront TMG 2010 and UAG 2010) as well as DirectAccess. Visit the TechDaysSF web site for the full speaker lineup and session abstracts, then click here to register for the event. Hope to see you there!
Connect
Richard Hicks' Forefront TMG Blog 