Archive for the ‘Unified Access Gateway’ Category

Microsoft Most Valuable Professional (MVP) 2012

October 1, 2012 6 comments

Once again, I’m happy to announce that I have been awarded the Microsoft Most Valuable Professional (MVP) award for 2012! This is my fourth consecutive year receiving this distinction from Microsoft, and I’m proud to be included with so many great professionals in the program. See you at the MVP summit in February 2013!

Forefront TMG 2010 End of Life Statement

September 12, 2012 54 comments

Note: This post updated on 4/22/2015 to reflect current information about the status of the Microsoft Reputation Service (MRS) after December 1, 2015.

Today, Microsoft announced the Forefront TMG 2010 product will be discontinued. Microsoft will continue to provide mainstream support for TMG until April 14, 2015, and extended support until April 14, 2020. The Forefront TMG 2010 Web Protection Services (WPS) will be discontinued on December 31, 2015. Beginning on January 1, 2016, Web Protection Service (URL filtering) will cease to function and the Microsoft Reputation Service (MRS) will be shutdown permanently. Virus and malicious software scanning and the Network Inspection System (NIS) will continue to operate but will no longer receive updates.

The end of life for Forefront TMG 2010 comes as part of sweeping changes made to the entire Forefront protection suite of products. In addition to ending development of Forefront TMG 2010, Microsoft also announced that Forefront Protection for Exchange (FPE), Forefront Protection for SharePoint (FPSP), Forefront Security for OCS (FSOCS), and Forefront Protection Server Management Console (FPSMC) are all being discontinued. Forefront Online Protection for Exchange (FOPE), which has been a part of Office 365, is being renamed Exchange Online Protection.

Looking ahead, Forefront Unified Access Gateway (UAG) 2010 and Forefront Identify Manager (FIM) 2010 R2 both have current roadmaps and will continue to be developed, although it is likely that they will not continue under the Forefront brand name.

Forefront UAG 2010 Service Pack 2 Now Available

August 6, 2012 8 comments

Forefront UAG 2010 Service Pack 2 is now available for download. In addition to the usual bug fixes and system updates, UAG SP2 includes new features such as AD FS 2.0 multi-namespace support and support for additional mobile client devices such as Android 4.x, iOS 5.x, and Windows Phone 7.5. Before installing Forefront UAG 2010 SP2 you must first install SP2 for Forefront TMG 2010. When installing Forefront TMG SP2 on a UAG array, be sure to install TMG SP2 on the UAG array manager first, and then install TMG SP2 on the remaining UAG array members. Here are some links to important Forefront UAG 2010 SP2 information:

Forefront Unified Access Gateway (UAG) 2010

Forefront TMG and UAG 2010 Presentation at TechEd North America 2012

June 19, 2012 Comments off

For those of you who were not able to attend Microsoft TechEd North America 2012 this year, the session I presented entitled “Demystifying Microsoft Forefront Edge Security Solutions: TMG and UAG” is now available online. Enjoy!

Forefront TMG and UAG Presentation at TechEd North America 2012

New DirectAccess Blog

For anyone interested in news and information about Microsoft DirectAccess, I have started another blog at With this blog I’ll be writing about DirectAccess in Windows Server 2008 R2, Forefront Unified Access Gateway (UAG) 2010 DirectAccess, and DirectAccess in Windows Server 2012. In addition, I’ll be touching on topics related to VPN and remote access in general, IPv6, and core networking. DirectAccess is the way of the future for managed client remote access, so I would encourage you to follow my blog and stay up to date with this wonderful technology. Of course I’ll still continue to write about edge security and Forefront TMG 2010 here, don’t worry!

Hotfix Rollup 2 for Forefront TMG 2010 SP2 Now Available

The latest hotfix rollup for Forefront TMG 2010 SP2 is now available. This update includes fixes for the following issues:

KB2701952 – “Access is denied” status error when you use a delegated user account to try to monitor services in Forefront TMG 2010.

KB2700248 – A server that is running Forefront TMG 2010 may randomly stop processing incoming traffic.

KB2700806 – Connectivity verifier that uses the “HTTP request” connection method may not detect when a web server comes back online in Forefront TMG 2010.

KB2705787 – The Firewall service may intermittently crash when it processes client web proxy requests in a Forefront TMG 2010 environment.

KB2701943 – Error message when you try to join a Forefront 2010 server to an array: “The Operation Failed. Error code – 0x80070002 – the system cannot find the file specified”.

KB2705829 – The Firewall service may stop responding to all traffic on a server that is running Forefront TMG 2010.

KB2694478 – Dynamic Caching may incorrectly delete recently cached objects from a caching server that is running Forefront TMG 2010 or ISA Server 2006.

You can download hotfix rollup 2 for Forefront TMG 2010 SP2 here. After applying this update, the new Forefront TMG 2010 build number will be 7.0.9193.540.

Presenting Forefront TMG and UAG 2010 at TechEd 2012

April 16, 2012 4 comments

I’m excited to announce that I will be presenting a session at both TechEd North America and TechEd Europe this year! The session I will be delivering is entitled Demystifying Forefront Edge Security Technologies: TMG and UAG. During this level 200 session I’ll provide an overview of both Forefront TMG 2010 and UAG, describing their high level function and operation. I will also outline common deployment scenarios for each product and highlight the similarities and differences between the two. The session will also include demonstrations of Forefront TMG 2010’s advanced web protection capabilities, Forefront UAG 2010’s application publishing features, and an introduction and demonstration of Forefront UAG and DirectAccess. TechEd North America takes place in Orlando, Florida on June 11-14, 2012. TechEd Europe will be held in Amsterdam June 26-29, 2012. Looking forward to seeing you there!

Microsoft TechEd North America 2012

Microsoft TechEd Europe 2012

TechDays San Francisco 2012

March 13, 2012 Comments off

TechDays San Francisco 2012, sponsored by the Pacific IT Professionals user group, is a two day IT professional conference being held on March 23 and 24, 2012. The event features a lineup of speakers that includes Chris Avis, CA Callahan, Jennelle Crothers, Jessica DeVita, Steve Evans, Jason C. Helmick, Chris Henley, Ed Horley, Darren Mar-Elia, Mark Minasi, Stephen Rose, Joey Snow, Doug Spindler, Mark Vinkour, Harold Wong, and Chris Zwergel. Sessions will cover topics such as Azure and cloud, Clustering, DNS/DHCP/IPAM, Exchange, Hyper-V, IIS, Lync, MDOP, networking and VPN, Powershell, SharePoint, System Center, VDI, Windows 8 Client and Server, and Windows Phone 7. I will be presenting sessions on Forefront Edge Security (Forefront TMG 2010 and UAG 2010) as well as DirectAccess. Visit the TechDaysSF web site for the full speaker lineup and session abstracts, then click here to register for the event. Hope to see you there!

TechDays San Francisco 2012

Pacific IT Professionals

Installing Forefront TMG 2010 SP2 on Enterprise Arrays

December 1, 2011 6 comments

July 4,2012 – Update: A script is now available on that will identify the exact order in which to install TMG SP2 for your environment. You can download the script here.

To successfully install Service Pack 2 (SP2) for Forefront TMG 2010, you must first install Service Pack 1 (SP1), then Software Update 1 for SP1 (SP1U1) as I indicated in a previous blog post. None of the other hotfix rollups available for Forefront TMG are required to upgrade to SP2. For Forefront TMG 2010 enterprise arrays, these updates must be installed in a specific order to eliminate potential conflicts. The proper sequence is as follows:

First, install SP1 for Forefront TMG 2010 on the…

  1. Enterprise Management Server (EMS)
  2. Reporting server in each array
  3. Remaining array members in each array

Next, install Software Update 1 for Forefront TMG 2010 SP1 on the…

  1. EMS
  2. Reporting server in each array
  3. Remaining array members in each array

Lastly, install SP2 for Forefront TMG 2010 on the…

  1. EMS
  2. Reporting server in each array
  3. Remaining array members in each array

For standalone arrays, treat the array manager as the EMS and follow the order outlined above. In addition, if you are adding a new array member to an existing array, install Forefront TMG 2010 and apply the updates in order before joining the array. Make certain that the new array member is at the same update level as the EMS and other array members.  Also, consider slipstreaming SP2 with your installation media to save yourself some time.

Special thanks to Jim Harrison for clarification on the installation order.

Updating SQL Server on Forefront TMG 2010

November 28, 2011 Comments off

Keeping the base operating system of your Forefront TMG 2010 firewall up to date is vitally important to the overall security of your edge security solution. To manage system updates, many administrators will configure their Forefront TMG 2010 firewalls to use Windows Update or WSUS, or manage them using System Center Configuration Manager (SCCM) or another third-party systems management platform.

In my experience, SQL server running on the Forefront TMG 2010 firewall is often overlooked and commonly not updated. I believe this happens because updates for SQL server are classified as optional.

So, as a reminder, don’t overlook updates for SQL server on Forefront TMG 2010 firewalls or UAG 2010 servers! Using the Windows Update control panel application, select the option to install the latest service pack for Microsoft SQL Server 2008, which at the time of this writing is Service Pack 3. You can install the service pack directly if you choose; SQL Server 2008 Express SP3 can be downloaded here. After applying the latest service pack you can confirm that SQL has been updated by opening an elevated command prompt and entering the following commands:

osql -E -S .\msfw

select @@version [press enter]
go [press enter]

The output of the command should indicate that the installed SQL version is Microsoft SQL Server 2008 (SP3) – 10.0.5500.0 (X64).

Note: Applying service packs and updates to SQL is highly recommended to maintain the most secure Forefront TMG 2010 firewall possible. Upgrading the version of SQL installed on the TMG firewall is not supported and definitely not recommended, so don’t attempt to upgrade to SQL Server 2008 R2 Express.