Recently I came across a situation where one of our customers using Forefront TMG could not add a static route in RRAS based on a newly added network adapter.
In this post, I will describe the steps required to get the adapter available in RRAS.
After adding a new network adapter (called LAN2 in this blog) to a server with Forefront TMG 2010 installed, the new adapter is listed in “Control Panel\Network and Internet\Network Connections” but it does not appear in “Network Interfaces” of the Routing and Remote Access (RRAS) console.
Therefore, it is not possible to add a new static route using the new interface (LAN2) as it is not available in the Interface list box (Figure 1).
Any other setting using the new added interface will not be possible in the RRAS.
How to get the new network adapter to show up?
Here is an example (Windows 2008 R2 / TMG 2010 SP2)
1. Before adding the extra network adapter, we have 2 NICs (LAN and WAN) (Figure 2)
2. Right after adding the new LAN2 adapter and restarting the TMG server, LAN2 is showing up in the “Network Connections” (Figure 3) but not in the RRAS Network Interfaces (Figure 4).
Note that you can see the 3 NICS in the TMG console (Networking\Network adapters).
To make the new network adapter LAN2 available in RRAS, follow the steps below.
3. Disable Routing and Remote Access (Figure 5)
4. Configure and Enable the Routing and Remote Access (Figure 6)
5. Then choose “Custom configuration” and “LAN routing” (Figure 7)
Note: What you choose is actually not really important as it is going to be overwritten by TMG later on.
6. If prompted agree to Start the service
7. The new network interface LAN2 is now available in the RRAS (Figure 10)
Therefore, adding a static route using LAN2 is possible.
8. The Routing and Remote Access is back online but the RRAS configuration was reset. Therefore we have to reapply the stored TMG RRAS settings.
As you may know, Forefront TMG takes over the Routing and Remote Access settings with its own configuration. (To know more about this behavior: http://technet.microsoft.com/en-us/library/ee796231.aspx#hbsdfghserrty5)
The trick here is to modify any setting in TMG configuration and then apply the change. For instance, you can just add a description to an Access rule.
Forefront TMG will overwrite the Routing and Remote Access settings with its own “good” configuration.
Now we have the “good” RRAS configuration and the possibility to use the new added interface in RRAS.
Microsoft CSS Forefront Security Edge Team
The “Escalation Engineers team”
I don't think TMG has anything to do with this at all. I had this issue on a straight RRAS server. Add another NIC and it didn't add it. Removing/re-Adding the service didn't fix it because it didn't reconfigure the service. That was on 2008 R2.