Here’s a new Knowledge Base article we published today. This one talks about an issue where HTTP redirects in TMG 20101 fail if the Exchange Edge role is installed on the same box:
If you deploy Microsoft Threat Management Gateway 2010 (TMG) and the Exchange 2010 Edge role on the same machine, you may encounter an issue where HTTP Redirect in TMG fails.
If you monitor the TMG packets when attempting to connect to http://mail.domain.com/owa, TMG will report a "Denied Connection” with the following status:
The policy rules do not allow the user request.
In the Event Log you may also see an Event ID 14148 Warning with the following text:
The Web Proxy filter failed to bind its socket to 172.x.x.x port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service
When you install Exchange 2010 Edge role on a W2k8 R2 Server, the prerequisites instruct you to install features using the PowerShell commands below:
Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart
This will also install WWW Publishing service and it will bind to port 80. Because the WWW Publishing service is already bound to port 80, when you install TMG it will be unable to redirect requests since it will be unable to bind to port 80.
As a workaround, stop the WWW Publishing service, then restart the TMG firewall service. If your rules are setup correctly the HTTPS Redirect should now work.
An alternative temporary solution is to delay the start of the WWW publishing service on startup so TMG has a chance to bind to port 80 first.
Pre-requirements to Install E-Mail Protection Role on TMG : http://technet.microsoft.com/en-us/library/ee207141.aspx
Troubleshooting E-Mail Protection Feature on TMG : http://social.technet.microsoft.com/wiki/contents/articles/2702.aspx#TShootEP
For the most current version of this article please see the following:
2682632 : HTTP Redirect in Threat Management Gateway 2010 fails when the Exchange 2010 Edge role is installed
J.C. Hornbeck | System Center & Security Knowledge Engineer
Get the latest System Center news on Facebook and Twitter:
App-V Team blog: http://blogs.technet.com/appv/ ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ DPM Team blog: http://blogs.technet.com/dpm/ MED-V Team blog: http://blogs.technet.com/medv/ Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ Operations Manager Team blog: http://blogs.technet.com/momteam/ SCVMM Team blog: http://blogs.technet.com/scvmm Server App-V Team blog: http://blogs.technet.com/b/serverappv Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/ The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/