Home > Forefront TMG 2010, Forefront UAG 2010, Security Updates, Threat Management Gateway, Unified Access Gateway > Hotfix Rollup 3 for Forefront TMG 2010 SP2 Now Available

Hotfix Rollup 3 for Forefront TMG 2010 SP2 Now Available

January 10, 2013

Hotfix rollup 3 for Microsoft Forefront TMG 2010 with Service Pack 2 is now available for download. This latest hotfix rollup includes fixes for the following issues:

KB2700248 – A server that is running Forefront TMG 2010 may stop accepting all new connections and may become unresponsive

KB2761736 – All servers in a load balanced web farm may become unavailable in Forefront TMG 2010

KB2761895 – The Firewall service (wspsrv.exe) may crash when the firewall policy rules are reevaluated in Forefront TMG 2010

KB2780562 – PPTP connections through Forefront TMG 2010 may be unsuccessful when internal clients try to access a VPN server on the external network

KB2780594 – A non-web-proxy client in a Forefront TMG 2010 environment cannot open certain load-balanced websites when TMG HTTPS inspection is enabled

KB2783332 – You cannot log on when FQDN is used and authentication delegation is set to “Kerberos constrained delegation” in a Forefront TMG 2010 environment

KB2783339 – A closed connection to a domain controller is never reestablished when authentication delegation is set to “Kerberos constrained delegation” in a Forefront TMG 2010 environment

KB2783345 – Unexpected authentication prompts while you use an OWA website that is published by using Forefront TMG 2010 when RSA authentication and FBA are used

KB2785800 – A “DRIVER_IRQL_NOT_LESS_OR_EQUAL stop error may occur on a server that is running Forefront TMG 2010

KB2790765 – A “Host Not Found (11001)” error message occurs when an SSL site is accessed by using a downstream Forefront TMG 2010 server that has HTTPS Inspection enabled

You can download hotfix rollup 3 for Forefront TMG 2010 SP2 here. After applying this update, the new Forefront TMG 2010 build number will be 7.0.9193.575.

  1. January 10, 2013 at 2:56 pm

    For Enterprise array deployments is the correct order of installation on the EMS first and then the proxy array members next?

  2. January 10, 2013 at 3:02 pm

    It looks like this rollup requires you to install it via a command prompt opened with elevated privileges. If you attempt to execute this rollup via the Start/Run method you will likely receive the infamous, “Setup cannot modify or create the registry entry System\CurrentControlSet\Services\Tcpip\Parameters” error. The installation will then bomb-out.

  3. January 10, 2013 at 3:09 pm

    No reboot is required after installing this patch either on the EMS or the proxy itself.

  4. January 10, 2013 at 4:16 pm

    Yes. EMS first, then the reporting server for the array and the rest of the array members after that. There’s even a script on ISAtools.org that will tell you specifically which server to run the update on. More details here:


  5. January 10, 2013 at 4:32 pm

    Correct. The update requires administrative privileges to run, so running it from an elevated command prompt is required.

  6. Ehab
    September 10, 2013 at 11:09 am

    Dear all i am trying to install Tmg 2010 with 2008 srv2 sp1 with 2 lan and trying isa server 2006 with 2 lan and i have same problems i search alot find many issue i trying all 3 days trying not can not fix iam sorry to write too much Forefront TMG Firewall Service will not start after instantiation there any one can help me please

  7. September 13, 2013 at 11:52 am

    This could be caused by any number of things, really. Unfortunately I don’t have the time to thoroughly help you troubleshoot your issue. I’d suggest posting your question on the forums at ISAserver.org. You’ll get much better response there. 🙂

  1. No trackbacks yet.
Comments are closed.