Home > Forefront TMG 2010, Networking, Threat Management Gateway, Troubleshooting > Bug in Forefront TMG 2010 Service Pack 2

Bug in Forefront TMG 2010 Service Pack 2

November 14, 2011

Today I confirmed a bug in Service Pack 2 (SP2) for Forefront TMG 2010 that was discovered by Jason Jones. If you have deleted the default Internet Access network rule and replaced it with something else, installing SP2 for Forefront TMG 2010 mysteriously restores this rule. Unfortunately it places the default Internet Access rule ahead of your custom rule which in most cases will cause serious problems. This bug only affects Forefront TMG 2010 configurations where the default Internet Access network rule has been specifically deleted. If you’ve altered this rule in any way, those changes are unaffected.

Before Forefront TMG SP2 installation…

After Forefront TMG SP2 installation…

  1. ITforMe
    November 14, 2011 at 12:18 pm

    Great catch for those of us who have updated yet! …Will keep this in mind.

    – Pete

  2. November 14, 2011 at 2:13 pm

    Yes, we all owe Jason a debt of gratitude for breaking his customer’s network and finding this bug for us. Thanks for taking one for the team, Jason! 😉

  3. Evgeny
    December 9, 2011 at 12:25 pm

    “Internet Access” network rule is not the only one that is re-created. In our case “VPN Clients to Internal Network” rule was deleted long ago, but was restored after SP2 installation.

  4. Evgeny
    December 9, 2011 at 2:00 pm

    Besides, I noticed another side effect that may break some configurations: installing SP2 restores “Web Proxy Filter” selection in HTTP protocol if it was previously deselected.

    Also SP2 adds new web filter named “Web Objects Provider Web Filter” which has description “Serves as a Web Server hosted by TMG”. I have not found any notes about it in Internet. Richard, can you shed some light on what it is?

  5. December 10, 2011 at 9:35 am

    This filter is part of the new error pages that are also included with Forefront TMG 2010 SP2.

  6. Sebastiaan Durand
    December 20, 2011 at 9:08 am

    After applying SP2. I cannot acces OWA anymore. I have two sites connected to the TMG via SIte-to-Site VPN. If in one of these sites i access OWA (with the external IP) it times-out. Access to other sites hosted behind the TMG via their external IP is no problem.

    Anybody a clue?

  1. November 15, 2011 at 12:05 am
Comments are closed.