Home > Forefront TMG 2010 > Hotfix Rollup 5 for Forefront TMG 2010 SP2 Now Available

Hotfix Rollup 5 for Forefront TMG 2010 SP2 Now Available

June 28, 2014

Hotfix rollup 5 for Microsoft Forefront TMG 2010 with Service pack 2 (SP2) is now available for download. This latest hotfix rollup includes fixes for the following issues:

KB2963805 – Account lockout alerts are not logged after you install Rollup 4 for Forefront TMG 2010 SP2

KB2963811 – The Forefront TMG 2010 Firewall service (wspsrv.exe) may crash when the DiffServ filter is enabled

KB2963823 – “1413 Invalid Index” after you enable cookie sharing across array members in Forefront TMG 2010

KB2963834 – HTTPS traffic may not be inspected when a user accesses a site through Forefront TMG 2010

KB2967726 – New connections are not accepted on a specific web proxy or web listener in Forefront TMG 2010

KB2965004 – EnableSharedCookie option doesn’t work if the Forefront TMG 2010 service runs under a specific account

KB2932469 – An incorrect value is used for IPsec Main Mode key lifetime in Threat Management Gateway 2010

KB2966284 – A zero value is always returned when an average counter of the “Forefront TMG Web Proxy” object is queried from the .NET Framework

KB2967763 – The “Const SE_VPS_VALUE = 2” setting does not work for users if the UPN is not associated with a real domain

KB2973749 – HTTP Connectivity Verifiers return unexpected failures in TMG 2010

You can download hotfix rollup 5 for Forefront TMG 2010 SP2 here. After applying this update, the new Forefront TMG 2010 build number will be 7.0.9193.644.

  1. Ahmed Essam
    July 15, 2014 at 2:33 am

    Thank you richard 🙂

  2. Nick
    July 17, 2014 at 12:08 am


    I have TMG 2010 which is a few Rollups behind. Do I need to install each one? or can I just download this Rollup to cover the ones before?

    Also having an issue where Internet Explorer 11 doesn’t seem to be filtered on some machines. Is this due to our TMG not having the up to date Rollups? or a complete separate issue.


  3. July 20, 2014 at 11:50 am

    You should only have to install the latest hotfix rollup, as it will include all of the previous hotfixes since the last service pack. For example, if you have TMG SP2 installed, installing rollup 5 is all that’s required to bring you fully up to date.

  4. Nick
    July 20, 2014 at 11:38 pm

    Thanks Richard! That’s great!

    I have an issue at the moment as well. We use TMG to filter and block sites. Some clients have Internet Explorer 9, which works fine with the web filtering. However any new clients with Internet Explorer 11 seem to have totally unfiltered access.

    I don’t understand what is happening?

  5. July 21, 2014 at 8:27 pm

    Not sure. Perhaps it has to do with proxy server settings on the client? Maybe the IE11 clients are getting to the Internet via another path that isn’t the TMG firewall?

  6. Nico
    August 5, 2014 at 7:02 am

    I realised what the issue was. Unrelated to TMG but our Group Policies were configured for IE 9 using Internet Explorer Mainetenance. Reading up on this IEM is now depreciated for the latest browsers and not compatible with IE 10 and 11. So no proxy was being added to the browsers and was unfiltered.

  7. August 5, 2014 at 9:04 am

    Glad you were able to get it resolved, and thanks for following up. 🙂

  8. Luis
    August 18, 2014 at 2:20 am

    Thanks a lot Richard, from Spain. Your blog is awesome !! . 🙂

  9. August 18, 2014 at 12:27 pm


  10. Bill Cooper
    September 11, 2014 at 6:58 am

    I installed rollup on TMG 2010 SP2 and the install never finishes it hangs.
    Any idea?

  11. September 15, 2014 at 10:58 am

    It could be any number of things, actually. Does the event log report anything interesting?

  12. Lalit
    June 17, 2015 at 8:19 am

    Thanks a ton Richard,

    I have a query for installing Roll Up 5 on my TMG environment.

    I am planning to install Roll UP 5 on my TMG Forefront Environment.

    Here is my plan, Please suggest if this seems ok.

    Current Environment :
    –> TMG forefront 2010 SP2 Rollup1

    –> Stand Alone Array in Work Group Environment with Network Load Balancing – NLB.

    –> TMG1 = Array Manager

    –>TMG 2 = Array Member

    –> Both nodes serve the requests in Load Balanced Mode – NLB.

    –> This TMG environment is working as Reverse Proxy for our Public websites.

    Steps I am planning to install Roll UP 5 on it
    1. Disable Network load balancing from TMG console (Array Manager Node).

    2. Drain current connections from “Array Member” Node.

    3. Stop NLB service on “Array Member” Node (TMG2).

    4. Install Roll up 5 on “Array Manager” Node (TMG 1)

    5. Install Roll up 5 on “Array Member” node (TMG 2).

    6. Start NLB service on ” Array Member” Node

    7. Enable Network Load Balancing from TMG console (Array Manager Node).

    Please suggest if these steps are correct?

    Also pls let me know if I need to disjoin the Node – TMG 2 from Array in order to install the Roll up?



  13. June 22, 2015 at 7:38 am

    No need to disjoin array members to install updates. Just drain the connections from the array manager, update and restart. Repeat the process for the second node and you should be good to go. 🙂

  1. No trackbacks yet.
Comments are closed.