Now that Service Pack 2 (SP2) for Microsoft Forefront TMG 2010 is available I’ve had numerous people ask me about the process of slipstreaming the service pack with the Forefront TMG 2010 installation media. Having Forefront TMG 2010 with SP2 slipstreamed is a great time saver if you install TMG frequently like I do, but it is also essential if you wish to install Forefront TMG 2010 on a read-only domain controller (RODC). Last year when service pack 1 for Forefront TMG 2010 was released I wrote this post on how to slipstream the service pack. The process is nearly identical with Forefront TMG 2010 SP2 with the exception that there are a few more steps required because of TMG SP2’s dependencies on SP1 and software update 1 for TMG SP1.
To slipstream SP2 with the Forefront TMG 2010 installation media, begin by copying the contents of your Forefront TMG 2010 DVD or extracting the ISO to a temporary folder. Next, download Forefront TMG 2010 SP1, Forefront TMG 2010 SP1 software update 1, and Forefront TMG 2010 SP2. Software update 1 for Forefront TMG 2010 SP1 and SP2 for Forefront TMG 2010 are both .exe files that can’t be used for slipstreaming. To support slipstreaming we’ll need to extract the .msp files from them by opening an elevated command prompt and issuing the following commands:
For software update 1 for Forefront TMG 2010 SP1
TMG-KB2288910-amd64-ENU.exe /t d:\temp\SP1U1
For Forefront TMG 2010 SP2
TMG-KB2555840-amd64-ENU.exe /t d:\temp\SP2
Now begin the slipstreaming process by navigating to the \FPC folder of the TMG installation source and then issuing the following commands:
First, slipstream SP1 for Forefront TMG 2010
msiexec /a MS_FPC_Server.msi /p d:\temp\sp1\TMG-KB981324-AMD64-ENU.msp
Next, slipstream software update 1 for Forefront TMG 2010 SP1
msiexec /a MS_FPC_Server.msi /p d:\temp\sp1u1\TMG-KB2288910-amd64-ENU.msp
Finally, slipstream Forefront TMG 2010 SP2
msiexec /a MS_FPC_Server.msi /p d:\temp\sp2\TMG-KB2555840-amd64-ENU.msp
Once complete, use your favorite tool to burn a DVD or create an ISO file.
Important Note: If you install the Forefront TMG 2010 firewall client from the new SP2 slipstreamed installation source, you will still need to install the October 2011 Forefront TMG 2010 firewall client hotfix rollup as outlined in my previous blog post.
Service Pack 2 for Microsoft Forefront TMG 2010 is now available. In addition to numerous fixes released since SP1 and SP1 hotfix rollup 4, this service pack also includes the following new features:
New reports – A new site activity report that provides details about requests made to specific web sites for individual users.
New error pages – TMG SP2 provides the option to use new error pages that feature a whole new look and feel. In addition, these new error pages are more easily customized and can now include embedded objects.
Kerberos authentication for NLB – TMG SP2 includes the ability to leverage Kerberos authentication for clients accessing enterprise arrays via the NLB virtual IP address (VIP).
You can download Forefront TMG 2010 service pack 2 here. Please note that this update requires that Forefront TMG 2010 SP1 and software update 1 for TMG SP1 be installed prior to installing Forefront TMG 2010 SP2. Once TMG SP2 has been installed successfully the build number will be 7.0.9193.500.
For information regarding the installation of SP2 for Forefront TMG 2010 on enterprise arrays, click here.
A hotfix rollup for Microsoft ISA Server 2006 is now available. The hotfix rollup resolves several reported issues with ISA Server, including:
KB2618727 – Users in remote forests cannot change their passwords through ISA Server 2006.
KB2620088 – Large files become corrupted during file transfer through the Socks v4 client.
KB2620076 – Outlook Web App clients are not timed out after the ISA FBA idle time-out is reached.
KB2620069 – ISA 2006 may crash with the error “DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)”.
KB2622172 – ISA 2006 blocks published website requests for URLs that include carriage returns (CR) or linefeeds (LF).
The latest ISA server 2006 hotfix rollup can be downloaded here. After applying this update, the new ISA Server 2006 build number will be 5.0.5723.526.
A hotfix rollup for the Forefront TMG 2010 firewall client is now available that resolves several issues reported on client systems with the TMG firewall client installed. They are:
KB2620156 – An active FTP data channel cannot be established for an internal computer that is running the Forefront TMG 2010 firewall client.
KB2438187 – You cannot start a program that is installed many levels deep and that requires an Internet connection using the Forefront TMG 2010 firewall client.
KB2620153 – A program experiences a 20-second delay when an established internal or external connection is closed when the Forefront TMG 2010 firewall client is installed.
The Forefront TMG 2010 firewall client hotfix rollup can be downloaded here. After applying this hotfix rollup, the new Forefront TMG 2010 firewall client build number will be 7.0.7734.186.