Archive

Archive for the ‘Forefront TMG’ Category

TMG SP2 Rollup 5 now available

We are happy to announce the availability of Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 5 is available for download here: Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

 

Please see KB Article ID: 2954173 for details of the fixes included in this rollup. The Build Number for this update is: 7.0.9193.644

 

To install this update, you must be running Forefront Threat Management Gateway 2010 Service Pack 2.

For more information about Forefront Threat Management Gateway 2010 SP2, please see the following
Microsoft website: Microsoft Forefront Threat Management Gateway 2010 Service Pack 2

Download information for Forefront TMG 2010 SP2

 

Thank you,

Forefront TMG Team

TMG SP2 Rollup 5 now available

We are happy to announce the availability of Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 5 is available for download here: Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

 

Please see KB Article ID: 2954173 for details of the fixes included in this rollup. The Build Number for this update is: 7.0.9193.644

 

To install this update, you must be running Forefront Threat Management Gateway 2010 Service Pack 2.

For more information about Forefront Threat Management Gateway 2010 SP2, please see the following
Microsoft website: Microsoft Forefront Threat Management Gateway 2010 Service Pack 2

Download information for Forefront TMG 2010 SP2

 

Thank you,

Forefront TMG Team

Access to remote FTP server through TMG 2010 may fail with error 550 (Access Denied)

Hi everybody!

In this article we will see how to troubleshoot an issue with accessing an FTP server behind TMG 2010.

Imagine we have the following situation: a client PC on an internal corporate network want to access a remote FTP server through TMG 2010 using an FTP client such as, for example, FileZilla.

clip_image002[7]

The way the FTP is configured (authentication, encryption, ecc…) is out of interest for this case.

On the TMG server, we’ve created an access rule allowing “Read-Only” outbound requests for the FTP protocol:

clip_image004

clip_image006

When we try to connect to our remote FTP server using, for example, FileZilla, we may face the following error:

clip_image008

FTP connection issues through ISA/TMG could be related to many different aspects.

In the following article it’s possible to find a resolution for many of the most common problems:

http://technet.microsoft.com/en-us/library/bb794745.aspx

The problem we’re focusing on in this article, however, is not included in the above troubleshooting guide and depends on a specific by-design behavior of TMG server.

Basically, in our case we see that the connection attempt is failing due to a “550-Access Denied” error after having performed a MLSD command.

What is MLSD exactly ?

Here we can find a description of what MLSD is used for:

http://tools.ietf.org/html/draft-ietf-ftpext-mlst-16#section-7

As we can see from the above:

The MLST and MLSD commands are intended to standardize the file and directory information returned by the Server-FTP process. These commands differ from the LIST command in that the format of the replies is strictly defined although extensible.

In the default configuration of the TMG FTP Access filter in “Read-Only Mode”, the filter will only allow a specific subset of FTP commands. The MLSD command is not included in this set of “Read-Only” commands. FTP clients using LIST command will not experience this problem, since LIST is an allowed command.

Its easy to resolve the problem by allowing write-permissions in the FTP-Filter advanced properties of our access rule:

clip_image010

Now, granting write rights is not always a good choice, and most of the times this is not allowed nor suggested.

Nevertheless, a workaround exists for this situation: in fact, it’s possible to add the MLDS command in the “allowed-commands list” of the “Read-only” TMG FTP filter.

The following MSDN article explains how to configure add-ins:

http://msdn.microsoft.com/en-us/library/dd435753.aspx

Specifically:

FTP Access Filter

FTP Access Filter is an application filter that is installed with Forefront TMG. It enables FTP protocols. When running in read-only mode, FTP Access Filter blocks all commands in the control channel except the following commands: ABOR, ACCT, CDUP, CWD /0, FEAT, HELP, LANG, LIST, MODE, NLST, NOOP, PASS, PASV, PORT, PWD /0, QUIT, REIN, REST, RETR, SITE, STRU, SYST, TYPE, USER, XDUP, XCWD, XPWD, SMNT. This should block any writing to the server side. The default list of allowed commands can be replaced by a customized list that is written to the collection of vendor parameters sets (FPCVendorParametersSets) associated with the filter. The Firewall service must restarted for the new settings to take effect.

The above article provides a script example through which it is possible to customize FTP filter list. This way, it will be possible to keep the filter configured in Read-Only mode, and also allow the FileZilla connection to work as expected.

Hope this can be useful!

Let’s see you back with the next topic!!

Author:
Daniele Gaiulli

Support Engineer – EMEA Forefront Edge

Reviewer:
Philipp Sand

Support Escalation Engineer – EMEA Forefront Edge

Access to remote FTP server through TMG 2010 may fail with error 550 (Access Denied)

Hi everybody!

In this article we will see how to troubleshoot an issue with accessing an FTP server behind TMG 2010.

Imagine we have the following situation: a client PC on an internal corporate network want to access a remote FTP server through TMG 2010 using an FTP client such as, for example, FileZilla.

clip_image002[7]

The way the FTP is configured (authentication, encryption, ecc…) is out of interest for this case.

On the TMG server, we’ve created an access rule allowing “Read-Only” outbound requests for the FTP protocol:

clip_image004

clip_image006

When we try to connect to our remote FTP server using, for example, FileZilla, we may face the following error:

clip_image008

FTP connection issues through ISA/TMG could be related to many different aspects.

In the following article it’s possible to find a resolution for many of the most common problems:

http://technet.microsoft.com/en-us/library/bb794745.aspx

The problem we’re focusing on in this article, however, is not included in the above troubleshooting guide and depends on a specific by-design behavior of TMG server.

Basically, in our case we see that the connection attempt is failing due to a “550-Access Denied” error after having performed a MLSD command.

What is MLSD exactly ?

Here we can find a description of what MLSD is used for:

http://tools.ietf.org/html/draft-ietf-ftpext-mlst-16#section-7

As we can see from the above:

The MLST and MLSD commands are intended to standardize the file and directory information returned by the Server-FTP process. These commands differ from the LIST command in that the format of the replies is strictly defined although extensible.

In the default configuration of the TMG FTP Access filter in “Read-Only Mode”, the filter will only allow a specific subset of FTP commands. The MLSD command is not included in this set of “Read-Only” commands. FTP clients using LIST command will not experience this problem, since LIST is an allowed command.

Its easy to resolve the problem by allowing write-permissions in the FTP-Filter advanced properties of our access rule:

clip_image010

Now, granting write rights is not always a good choice, and most of the times this is not allowed nor suggested.

Nevertheless, a workaround exists for this situation: in fact, it’s possible to add the MLDS command in the “allowed-commands list” of the “Read-only” TMG FTP filter.

The following MSDN article explains how to configure add-ins:

http://msdn.microsoft.com/en-us/library/dd435753.aspx

Specifically:

FTP Access Filter

FTP Access Filter is an application filter that is installed with Forefront TMG. It enables FTP protocols. When running in read-only mode, FTP Access Filter blocks all commands in the control channel except the following commands: ABOR, ACCT, CDUP, CWD /0, FEAT, HELP, LANG, LIST, MODE, NLST, NOOP, PASS, PASV, PORT, PWD /0, QUIT, REIN, REST, RETR, SITE, STRU, SYST, TYPE, USER, XDUP, XCWD, XPWD, SMNT. This should block any writing to the server side. The default list of allowed commands can be replaced by a customized list that is written to the collection of vendor parameters sets (FPCVendorParametersSets) associated with the filter. The Firewall service must restarted for the new settings to take effect.

The above article provides a script example through which it is possible to customize FTP filter list. This way, it will be possible to keep the filter configured in Read-Only mode, and also allow the FileZilla connection to work as expected.

Hope this can be useful!

Let’s see you back with the next topic!!

Author:
Daniele Gaiulli

Support Engineer – EMEA Forefront Edge

Reviewer:
Philipp Sand

Support Escalation Engineer – EMEA Forefront Edge

Access to remote FTP server through TMG 2010 may fail with error 550 (Access Denied)

Hi everybody!

In this article we will see how to troubleshoot an issue with accessing an FTP server behind TMG 2010.

Imagine we have the following situation: a client PC on an internal corporate network want to access a remote FTP server through TMG 2010 using an FTP client such as, for example, FileZilla.

clip_image002[7]

The way the FTP is configured (authentication, encryption, ecc…) is out of interest for this case.

On the TMG server, we’ve created an access rule allowing “Read-Only” outbound requests for the FTP protocol:

clip_image004

clip_image006

When we try to connect to our remote FTP server using, for example, FileZilla, we may face the following error:

clip_image008

FTP connection issues through ISA/TMG could be related to many different aspects.

In the following article it’s possible to find a resolution for many of the most common problems:

http://technet.microsoft.com/en-us/library/bb794745.aspx

The problem we’re focusing on in this article, however, is not included in the above troubleshooting guide and depends on a specific by-design behavior of TMG server.

Basically, in our case we see that the connection attempt is failing due to a “550-Access Denied” error after having performed a MLSD command.

What is MLSD exactly ?

Here we can find a description of what MLSD is used for:

http://tools.ietf.org/html/draft-ietf-ftpext-mlst-16#section-7

As we can see from the above:

The MLST and MLSD commands are intended to standardize the file and directory information returned by the Server-FTP process. These commands differ from the LIST command in that the format of the replies is strictly defined although extensible.

In the default configuration of the TMG FTP Access filter in “Read-Only Mode”, the filter will only allow a specific subset of FTP commands. The MLSD command is not included in this set of “Read-Only” commands. FTP clients using LIST command will not experience this problem, since LIST is an allowed command.

Its easy to resolve the problem by allowing write-permissions in the FTP-Filter advanced properties of our access rule:

clip_image010

Now, granting write rights is not always a good choice, and most of the times this is not allowed nor suggested.

Nevertheless, a workaround exists for this situation: in fact, it’s possible to add the MLDS command in the “allowed-commands list” of the “Read-only” TMG FTP filter.

The following MSDN article explains how to configure add-ins:

http://msdn.microsoft.com/en-us/library/dd435753.aspx

Specifically:

FTP Access Filter

FTP Access Filter is an application filter that is installed with Forefront TMG. It enables FTP protocols. When running in read-only mode, FTP Access Filter blocks all commands in the control channel except the following commands: ABOR, ACCT, CDUP, CWD /0, FEAT, HELP, LANG, LIST, MODE, NLST, NOOP, PASS, PASV, PORT, PWD /0, QUIT, REIN, REST, RETR, SITE, STRU, SYST, TYPE, USER, XDUP, XCWD, XPWD, SMNT. This should block any writing to the server side. The default list of allowed commands can be replaced by a customized list that is written to the collection of vendor parameters sets (FPCVendorParametersSets) associated with the filter. The Firewall service must restarted for the new settings to take effect.

The above article provides a script example through which it is possible to customize FTP filter list. This way, it will be possible to keep the filter configured in Read-Only mode, and also allow the FileZilla connection to work as expected.

Hope this can be useful!

Let’s see you back with the next topic!!

Author:
Daniele Gaiulli

Support Engineer – EMEA Forefront Edge

Reviewer:
Philipp Sand

Support Escalation Engineer – EMEA Forefront Edge

Access to remote FTP server through TMG 2010 may fail with error 550 (Access Denied)

Hi everybody!

In this article we will see how to troubleshoot an issue with accessing an FTP server behind TMG 2010.

Imagine we have the following situation: a client PC on an internal corporate network want to access a remote FTP server through TMG 2010 using an FTP client such as, for example, FileZilla.

clip_image002[7]

The way the FTP is configured (authentication, encryption, ecc…) is out of interest for this case.

On the TMG server, we’ve created an access rule allowing “Read-Only” outbound requests for the FTP protocol:

clip_image004

clip_image006

When we try to connect to our remote FTP server using, for example, FileZilla, we may face the following error:

clip_image008

FTP connection issues through ISA/TMG could be related to many different aspects.

In the following article it’s possible to find a resolution for many of the most common problems:

http://technet.microsoft.com/en-us/library/bb794745.aspx

The problem we’re focusing on in this article, however, is not included in the above troubleshooting guide and depends on a specific by-design behavior of TMG server.

Basically, in our case we see that the connection attempt is failing due to a “550-Access Denied” error after having performed a MLSD command.

What is MLSD exactly ?

Here we can find a description of what MLSD is used for:

http://tools.ietf.org/html/draft-ietf-ftpext-mlst-16#section-7

As we can see from the above:

The MLST and MLSD commands are intended to standardize the file and directory information returned by the Server-FTP process. These commands differ from the LIST command in that the format of the replies is strictly defined although extensible.

In the default configuration of the TMG FTP Access filter in “Read-Only Mode”, the filter will only allow a specific subset of FTP commands. The MLSD command is not included in this set of “Read-Only” commands. FTP clients using LIST command will not experience this problem, since LIST is an allowed command.

Its easy to resolve the problem by allowing write-permissions in the FTP-Filter advanced properties of our access rule:

clip_image010

Now, granting write rights is not always a good choice, and most of the times this is not allowed nor suggested.

Nevertheless, a workaround exists for this situation: in fact, it’s possible to add the MLDS command in the “allowed-commands list” of the “Read-only” TMG FTP filter.

The following MSDN article explains how to configure add-ins:

http://msdn.microsoft.com/en-us/library/dd435753.aspx

Specifically:

FTP Access Filter

FTP Access Filter is an application filter that is installed with Forefront TMG. It enables FTP protocols. When running in read-only mode, FTP Access Filter blocks all commands in the control channel except the following commands: ABOR, ACCT, CDUP, CWD /0, FEAT, HELP, LANG, LIST, MODE, NLST, NOOP, PASS, PASV, PORT, PWD /0, QUIT, REIN, REST, RETR, SITE, STRU, SYST, TYPE, USER, XDUP, XCWD, XPWD, SMNT. This should block any writing to the server side. The default list of allowed commands can be replaced by a customized list that is written to the collection of vendor parameters sets (FPCVendorParametersSets) associated with the filter. The Firewall service must restarted for the new settings to take effect.

The above article provides a script example through which it is possible to customize FTP filter list. This way, it will be possible to keep the filter configured in Read-Only mode, and also allow the FileZilla connection to work as expected.

Hope this can be useful!

Let’s see you back with the next topic!!

Author:
Daniele Gaiulli

Support Engineer – EMEA Forefront Edge

Reviewer:
Philipp Sand

Support Escalation Engineer – EMEA Forefront Edge

TMG 2010 – Error “setup failed while registering Forefront TMG managed performance monitor” prompted while installing or repairing the TMG installation

October 5th, 2012 No comments

It can happen while installing Forefront TMG 2010 or during a repair that we hit the following error:

clip_image002

To this error is also normally linked to the ISA managed control service not starting correctly and errors as the following in the application event viewer:

clip_image004

clip_image006

clip_image008

On the other hand it is also possible to hit the above error “setup failed while registering Forefront TMG managed performance monitor” as a consequence of a troubleshooting to fix a “down” of the ISA managed control service as it was in our case.

Unfortunately both errors are not really self-explicative and especially if the TMG box has installed on top of it the Edge role of exchange and the Forefront protection for exchange the very first temptation is to remove everything and reinstall all. This can mainly waste a lot of our time without any final benefit if we are under the condition of our blog post. In fact the above errors are not linked to any specific wrong condition of one of the component installed under TMG (an input string error as per above screenshot could mislead us).

As per our case the issue is very probably linked to a possible corruption in the performance monitor counters of the OS.

The solution in our case was rather straightforward and at the same time simple. For some reasons we got a corruption in the performance monitor files. This can be because of many different reasons but the most probable one as per our case is a power loss/blue screen.

To fix this apparently very bad issue it is enough to run the following command after moving under windows\system32:

lodctr /R

The command updates registry values related to performance counters and the option /R rebuilds the performance registry strings and info from scratch based on the current registry settings and backup INI files.

That’s all. We have successfully fixed the corruption error linked to the performance counters that had as back effect to prevent the correct startup of the ISA managed control service.

We are now able to bring the ISA managed control service up and running normally.

Author
Andrea Vescovo
Support Engineer
Microsoft CSS Forefront Edge Team

Technical Reviewer
Philipp Sand
Support Escalation Engineer
Microsoft CSS Forefront Edge Team

Categories: Forefront TMG, setup, TMG Tags:

TMG 2010 – Error “setup failed while registering Forefront TMG managed performance monitor” prompted while installing or repairing the TMG installation

October 5th, 2012 No comments

It can happen while installing Forefront TMG 2010 or during a repair that we hit the following error:

clip_image002

To this error is also normally linked to the ISA managed control service not starting correctly and errors as the following in the application event viewer:

clip_image004

clip_image006

clip_image008

On the other hand it is also possible to hit the above error “setup failed while registering Forefront TMG managed performance monitor” as a consequence of a troubleshooting to fix a “down” of the ISA managed control service as it was in our case.

Unfortunately both errors are not really self-explicative and especially if the TMG box has installed on top of it the Edge role of exchange and the Forefront protection for exchange the very first temptation is to remove everything and reinstall all. This can mainly waste a lot of our time without any final benefit if we are under the condition of our blog post. In fact the above errors are not linked to any specific wrong condition of one of the component installed under TMG (an input string error as per above screenshot could mislead us).

As per our case the issue is very probably linked to a possible corruption in the performance monitor counters of the OS.

The solution in our case was rather straightforward and at the same time simple. For some reasons we got a corruption in the performance monitor files. This can be because of many different reasons but the most probable one as per our case is a power loss/blue screen.

To fix this apparently very bad issue it is enough to run the following command after moving under windows\system32:

lodctr /R

The command updates registry values related to performance counters and the option /R rebuilds the performance registry strings and info from scratch based on the current registry settings and backup INI files.

That’s all. We have successfully fixed the corruption error linked to the performance counters that had as back effect to prevent the correct startup of the ISA managed control service.

We are now able to bring the ISA managed control service up and running normally.

Author
Andrea Vescovo
Support Engineer
Microsoft CSS Forefront Edge Team

Technical Reviewer
Philipp Sand
Support Escalation Engineer
Microsoft CSS Forefront Edge Team

Categories: Forefront TMG, setup, TMG Tags:

TMG 2010 – Error “setup failed while registering Forefront TMG managed performance monitor” prompted while installing or repairing the TMG installation

October 5th, 2012 No comments

It can happen while installing Forefront TMG 2010 or during a repair that we hit the following error:

clip_image002

To this error is also normally linked to the ISA managed control service not starting correctly and errors as the following in the application event viewer:

clip_image004

clip_image006

clip_image008

On the other hand it is also possible to hit the above error “setup failed while registering Forefront TMG managed performance monitor” as a consequence of a troubleshooting to fix a “down” of the ISA managed control service as it was in our case.

Unfortunately both errors are not really self-explicative and especially if the TMG box has installed on top of it the Edge role of exchange and the Forefront protection for exchange the very first temptation is to remove everything and reinstall all. This can mainly waste a lot of our time without any final benefit if we are under the condition of our blog post. In fact the above errors are not linked to any specific wrong condition of one of the component installed under TMG (an input string error as per above screenshot could mislead us).

As per our case the issue is very probably linked to a possible corruption in the performance monitor counters of the OS.

The solution in our case was rather straightforward and at the same time simple. For some reasons we got a corruption in the performance monitor files. This can be because of many different reasons but the most probable one as per our case is a power loss/blue screen.

To fix this apparently very bad issue it is enough to run the following command after moving under windows\system32:

lodctr /R

The command updates registry values related to performance counters and the option /R rebuilds the performance registry strings and info from scratch based on the current registry settings and backup INI files.

That’s all. We have successfully fixed the corruption error linked to the performance counters that had as back effect to prevent the correct startup of the ISA managed control service.

We are now able to bring the ISA managed control service up and running normally.

Author
Andrea Vescovo
Support Engineer
Microsoft CSS Forefront Edge Team

Technical Reviewer
Philipp Sand
Support Escalation Engineer
Microsoft CSS Forefront Edge Team

Categories: Forefront TMG, setup, TMG Tags:

NIS & Anti-Malware Info is not updated as expected in Update Center

April 12th, 2012 No comments

Today I would like to describe an easy way to solve a small visualization mismatch related to the Update Center of TMG 2010.

If you are a Forefront Threat Management Gateway administrator in a country where English regional settings are not used, it could be possible that, when entering the TMG Update Center section, you’re going to find something like this:

clip_image002

NIS and Malware Inspection are two powerful mechanisms which allow Forefront TMG 2010 to provide full protection against potential network attacks and malicious content.

In case you’re experiencing the above info reported, in particular, there are two possibilities:

1. The checking for and download of up-to-date NIS & Malware versions have really failed.

2. The reported info in the Update center is not up-to-date.

In the first case, the following article could be very useful to troubleshoot signature update failures:

http://technet.microsoft.com/en-us/library/ff358608.aspx

In particular, check in the Update Center Properties form if the server is correctly configured to get the updates from the Microsoft Update servers and/or an internal WSUS server:

clip_image004

When you have excluded any kind of connectivity issue, you’re pretty sure that the new definitions have been correctly downloaded and installed, but you can’t figure out why the info reported in the Update Center section are not correct, you’re probably in the kind of situation which can be solved with the hints described in this article.

The pictures below represent two examples of abstracts of the ISA_UpdateAgent.log file (in the %Windir%\Temp folder) in which the installation of NIS and anti-Malware new signatures has been performed correctly:

clip_image006

clip_image008

You can use the above log file in order to check the NIS/Malware signatures’ last installations status.

The TMG Management console reads the status of the “Last Update Status” and “Last updated” fields, for both NIS and Malware Inspection, from the information contained under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates registry key on each TMG node.

Note: this key actually contains two sub-keys: one for Malware inspection, another one for NIS.

The date and time format used here are related to the regional settings defined for the system accounts of the TMG node. This is because the TMG service, which is responsible for writing this information in the registry, runs under a local system account.

The issue described here where a “Never” status appears for “Last Update status” and “Last Updated”, might occur when the regional settings of the user account executing the MMC are different than the regional settings defined for the system accounts of the TMG node.

For instance, the problem will appear if the Format setting of the system accounts on the TMG nodes is Italian, while the Format setting of the user account executing the MMC is English (United States) – as in the example below:

clip_image009

clip_image010

To solve this, you should make sure that there is a match between the Format setting of the user executing the MMC and the Format setting of the system accounts defined on the TMG nodes. In our example above, this could be solved, for instance, by changing the Format setting of both the user account executing the TMG MMC and of the system accountWelcome screen– to English (United States).

In order to do that, follow this procedure:

Open the “Region & Language” settings panel from the server’s Control Panel and select English (United States) in the Format box:

clip_image012

Click APPLY and go in the “Administrative” section:

clip_image013

Click on “COPY SETTINGS

In the following form, check the “Welcome screen and system accounts” check-box and click OK.

clip_image015

If needed, the above procedure can be implemented considering Italian language – or any other – instead of English, just be sure to apply this to both current user’s and system accounts.

Now reboot the server.

After this procedure, the format of the registry key which is read by the TMG Update Center can be well interpreted.

Coming back to the Update Center, check for new definitions and install them:

clip_image016

clip_image017

The final result should be a correct status, reported in the two columns:

clip_image019

In case you’re running an Array of TMG nodes, and you use the local TMG MMC on EMS machine, you’ll have to change the current user regional settings (Format) of the EMS machine so that they match the system accounts regional settings (Format) of the TMG array members.

In some cases, it’s possible that the registry key values related to the NIS update status still fail to converge. This could be due to a persistent “wrong” value set in the above mentioned registry keys.

It’s quite easy to manually solve this problem:

From Regedit, open the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fpc\DefinitionUpdates\{464716F5-0BAB-494a-A51A-30400DDF127F}

clip_image021

If the UpdateStatus value is set to “b” (in HEX format) this means an un-correct status.

You should now change this UpdateStatus value to “7” and insert in the UpdateTime word a valid value (for example the same value of the CheckTime field).

Now the info in the Update Center should be perfectly reported as “Up-to-date”.

Perform a new check for updated definitions and install them, if needed.

This is for sure not a big problem, and it doesn’t impact the functional level of the NIS & Malware mechanisms, but for sure it’s always beautiful to see a green “Up-to-date” comment in our Update Center 🙂

Hope you enjoyed it and found it useful!

Let’s see you back with the next topic !!

Ciao,

Daniele Gaiulli – MS Support Engineer

Reviewer: Eric Detoc – Senior Escalation Engineer

Forefront TMG Service Pack 2 Now Available

October 12th, 2011 No comments

We are happy to announce the availability of Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). The service pack is available for download from the Microsoft Download Center.

Here are some of the improvements we are introducing in Forefront TMG SP2:

  • Site activity report – Forefront TMG SP2 includes a new site activity report that enables you to generate a report showing the data transfer between users and specific websites. This report displays the amount of data transferred to and from different websites, for any
    period that you specify, per user. In addition, you can also display the total data transfer to and from a specific website, per user. 
  • Improved error pages – Forefront TMG SP2 improves the look and feel of web browser error pages and makes it easier to customize the pages.
  • Kerberos authentication for NLB arrays – Forefront TMG SP2 enables you to allow users to authenticate to a Forefront TMG array with Network Load Balancing (NLB) enabled using the Kerberos version 5 protocol.

Visit our TechNet Library for more information.

– The Forefront TMG Team

Categories: Forefront, Forefront TMG, SP2, update Tags: