Hotfix Rollup 3 for Forefront TMG 2010 SP2 Now Available
Hotfix rollup 3 for Microsoft Forefront TMG 2010 with Service Pack 2 is now available for download. This latest hotfix rollup includes fixes for the following issues:
KB2700248 – A server that is running Forefront TMG 2010 may stop accepting all new connections and may become unresponsive
KB2761736 – All servers in a load balanced web farm may become unavailable in Forefront TMG 2010
KB2761895 – The Firewall service (wspsrv.exe) may crash when the firewall policy rules are reevaluated in Forefront TMG 2010
KB2780562 – PPTP connections through Forefront TMG 2010 may be unsuccessful when internal clients try to access a VPN server on the external network
KB2780594 – A non-web-proxy client in a Forefront TMG 2010 environment cannot open certain load-balanced websites when TMG HTTPS inspection is enabled
KB2783332 – You cannot log on when FQDN is used and authentication delegation is set to “Kerberos constrained delegation” in a Forefront TMG 2010 environment
KB2783339 – A closed connection to a domain controller is never reestablished when authentication delegation is set to “Kerberos constrained delegation” in a Forefront TMG 2010 environment
KB2783345 – Unexpected authentication prompts while you use an OWA website that is published by using Forefront TMG 2010 when RSA authentication and FBA are used
KB2785800 – A “DRIVER_IRQL_NOT_LESS_OR_EQUAL stop error may occur on a server that is running Forefront TMG 2010
KB2790765 – A “Host Not Found (11001)” error message occurs when an SSL site is accessed by using a downstream Forefront TMG 2010 server that has HTTPS Inspection enabled
You can download hotfix rollup 3 for Forefront TMG 2010 SP2 here. After applying this update, the new Forefront TMG 2010 build number will be 7.0.9193.575.
Connect
Richard Hicks' Forefront TMG Blog 
For Enterprise array deployments is the correct order of installation on the EMS first and then the proxy array members next?
It looks like this rollup requires you to install it via a command prompt opened with elevated privileges. If you attempt to execute this rollup via the Start/Run method you will likely receive the infamous, “Setup cannot modify or create the registry entry System\CurrentControlSet\Services\Tcpip\Parameters” error. The installation will then bomb-out.
No reboot is required after installing this patch either on the EMS or the proxy itself.
Yes. EMS first, then the reporting server for the array and the rest of the array members after that. There’s even a script on ISAtools.org that will tell you specifically which server to run the update on. More details here:
https://tmgblog.richardhicks.com/2011/12/01/installing-forefront-tmg-2010-sp2-on-enterprise-arrays/
Correct. The update requires administrative privileges to run, so running it from an elevated command prompt is required.
Dear all i am trying to install Tmg 2010 with 2008 srv2 sp1 with 2 lan and trying isa server 2006 with 2 lan and i have same problems i search alot find many issue i trying all 3 days trying not can not fix iam sorry to write too much Forefront TMG Firewall Service will not start after instantiation there any one can help me please
This could be caused by any number of things, really. Unfortunately I don’t have the time to thoroughly help you troubleshoot your issue. I’d suggest posting your question on the forums at ISAserver.org. You’ll get much better response there. 🙂