Problems when installing Exchange 2010 Service Pack 1 on a TMG configured for Mail protection

Problems when installing Exchange 2010 Service Pack 1 on a TMG configured for Mail protection

  • Comments 14
  • Likes

TMG can be configured in a Mail protection role. In such configurations Forefront Protection for Exchange and Exchange Server (edge transport role) are installed on the same machine as TMG.

We have identified problems when installing Microsoft Exchange Server 2010 Service Pack 1 (SP1) that was released last week on such deployments.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

Root cause

SP1 made some changes to the SDK including removing some of the existing cmdlets (see more information here).

When Email protection is configured on TMG and Spam Filtering functionality is enabled, TMG uses one of the cmdlets that has been removed (get-antispamupdates) in SP1. As a result, Microsoft Forefront TMG Managed Control service fails to start and the event viewer will contain a message that the service terminated with the following error : %%-2146233088 :

clip_image002clip_image004

 

What we are doing to address this problem

The TMG team is fully committed to addressing this problem and is working on a fix which will be publically available soon. We recommend refraining from installing Exchange 2010 SP1 on TMG machines until the fix is available. We will publish another blog post when the fix becomes available.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

If you are already affected by this problem and need urgent assistance, please contact Microsoft support (http://support.microsoft.com).

Thank you for your patience,

Gabriel Koren

Comments
  • Do you guys talk to each other at MS?  Like, ever?

  • Some updates about release date of TMG hotfix ?

  • If you've already applied SP1 on a TMG server, is there any way to remove it?

  • Is there already a release date for this hotfix?

  • TMG guys some updates about hotfix release ?

  • Update would be much appreciated... we've been dealing with a flood of spam for 2 weeks now.

  • it has been reported that the fix has been released for this issue and will be available on 9/21/2010

  • I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.

    Control service is now failing with the following error

    The Microsoft Forefront TMG Managed Control service terminated with the following error:

    %%-2146233079

  • same problem here ...

    "I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.

    Control service is now failing with the following error

    The Microsoft Forefront TMG Managed Control service terminated with the following error:

    %%-2146233079"

  • I have had this problem several times and it is always fixed after running the following command.

    Get-IPBlockListEntry | Remove-IpBlockListEntry

    It has something to do with another bug (no words from MS yet about this one) that stops the Managed Control from starting if you block list entires are to many.

    Hope this fixes you problem :)

  • In case anyone from the MS TMG team is monitoring this forum, I have exhausted all the online data that I can find to resolve this problem where the TMG Managed Control Service can't be started after SP1 installation. I'd happily pay the $259 support fee if I had any confidence the problem was solvable via that channel, but the truth is enough people are having this problem that there must, must, must be a fix for the problem coming soon as a patch to SP 1 Update1, which did not allow the service to be started.

    SP1 Update 2 anyone? Good thing this is a pre-production system..... my Cisco ASA lives to fight another day.

  • SP1 Update 2  > support.microsoft.com/.../2454850

  • Great, well done, I had an issue with my malware protection on my TMG 2010 for 2 weeks and couldn't understand the source or cause of the issue.

    My installation of Forefront protection on the edge server FAILED, Exchange Transport Service wouldn't restart. Thought to check for Updates to see if there was a fix and.....

    SP1 Update fixed the issue immediately. Pays to check for updates! However saying this how are admins supposed to know this stuff out of the box, there should be a precursory warning explaining this issue before installation?

    It was a few hours worth of searching the internet to locate a reasonable post explaining the issue! We admins tend to be quite busy with our users and existing infrastructure maintenance, I had to uninstall the Forefront initially and come back to it later, of course in the meantime without Forefront installed there were warnings and reduced functionailty to have to deal with.

  • Hi there,

    is there any info available if we are facing similar problems when installing Exchange 2010 SP2?

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment