TMG can be configured in a Mail protection role. In such configurations Forefront Protection for Exchange and Exchange Server (edge transport role) are installed on the same machine as TMG.
We have identified problems when installing Microsoft Exchange Server 2010 Service Pack 1 (SP1) that was released last week on such deployments.
Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.
SP1 made some changes to the SDK including removing some of the existing cmdlets (see more information here).
When Email protection is configured on TMG and Spam Filtering functionality is enabled, TMG uses one of the cmdlets that has been removed (get-antispamupdates) in SP1. As a result, Microsoft Forefront TMG Managed Control service fails to start and the event viewer will contain a message that the service terminated with the following error : %%-2146233088 :
The TMG team is fully committed to addressing this problem and is working on a fix which will be publically available soon. We recommend refraining from installing Exchange 2010 SP1 on TMG machines until the fix is available. We will publish another blog post when the fix becomes available.
Thank you for your patience,
Do you guys talk to each other at MS? Like, ever?
Some updates about release date of TMG hotfix ?
If you've already applied SP1 on a TMG server, is there any way to remove it?
Is there already a release date for this hotfix?
TMG guys some updates about hotfix release ?
Update would be much appreciated... we've been dealing with a flood of spam for 2 weeks now.
it has been reported that the fix has been released for this issue and will be available on 9/21/2010
I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.
Control service is now failing with the following error
The Microsoft Forefront TMG Managed Control service terminated with the following error:
same problem here ...
"I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.
I have had this problem several times and it is always fixed after running the following command.
Get-IPBlockListEntry | Remove-IpBlockListEntry
It has something to do with another bug (no words from MS yet about this one) that stops the Managed Control from starting if you block list entires are to many.
Hope this fixes you problem :)
In case anyone from the MS TMG team is monitoring this forum, I have exhausted all the online data that I can find to resolve this problem where the TMG Managed Control Service can't be started after SP1 installation. I'd happily pay the $259 support fee if I had any confidence the problem was solvable via that channel, but the truth is enough people are having this problem that there must, must, must be a fix for the problem coming soon as a patch to SP 1 Update1, which did not allow the service to be started.
SP1 Update 2 anyone? Good thing this is a pre-production system..... my Cisco ASA lives to fight another day.
SP1 Update 2 > support.microsoft.com/.../2454850
Great, well done, I had an issue with my malware protection on my TMG 2010 for 2 weeks and couldn't understand the source or cause of the issue.
My installation of Forefront protection on the edge server FAILED, Exchange Transport Service wouldn't restart. Thought to check for Updates to see if there was a fix and.....
SP1 Update fixed the issue immediately. Pays to check for updates! However saying this how are admins supposed to know this stuff out of the box, there should be a precursory warning explaining this issue before installation?
It was a few hours worth of searching the internet to locate a reasonable post explaining the issue! We admins tend to be quite busy with our users and existing infrastructure maintenance, I had to uninstall the Forefront initially and come back to it later, of course in the meantime without Forefront installed there were warnings and reduced functionailty to have to deal with.
is there any info available if we are facing similar problems when installing Exchange 2010 SP2?