Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Browse by Tags

Related Posts
  • Blog Post: TmgAdConfig (aka ADConfig, ADConfigPack)

    To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...
  • Blog Post: TMG 2010 Service Pack 1!

    Missed this completely while working onsite for the last {forever}! TMG SP1 is here. There’s an X64 version for the Server and/or EMS, and a 32-bit version for just the MMC bits on computers you use to remotely manage the boxes. Installation Instructions Downloads: http://www.microsoft.com/downloads...
  • Blog Post: TMG Large Logging Queue: No More SQL Lockdowns?

    What you say!? The new logging system in TMG 2010 is seriously cool, and it’s designed to cope with extended instances of SQL Server going away. Extended meaning multi- hour , but depending on disk space, it could be multi- day . Short Version There’s a good detailed description of it here ...
  • Blog Post: ISA Server 2006 on Windows Server 2008: Nup

    Update 6 May 2010: Hello! If you're reading this, it's now at least 2010, and the answer to your question is: the version of ISA Server that works on Windows 2008 is called Microsoft Forefront Threat Management Gateway 2010 . Also, it's exclusively 64-bit. ISA 2006 doesn't have a 64-bit flavour (though...
  • Blog Post: The Cat's Out Of The Bag: ISA Server will become ForeFront TMG

    So, we all know that ISA 2006 doesn't work on Windows Server 2008 . Massive architectural changes to the IP stack, blah blah, etc, etc. People (uh, yeah, just "people") have been asking about what's to become of ISA Server for a while: "There's no ISA 2008 announced!" they'd scream...
  • Blog Post: I want to publish a website to the Internet. How do I enable Kerberos?

    Ya don't. You can't win. But there are alternatives to fighting. Why Not? Windows Kerberos doesn't work in an Internet scenario, it's intranet-only. the client machine must be a member of the same Active Directory forest as the target site. You just can't guarantee (or even reasonably...
  • Blog Post: IRacing vs TMG 2010

    Pre-blurb About a week ago, I signed up for iRacing again, after letting my subscription lapse back in, oh, looks like 2008. Time flies! Since then, I’ve been trying to get updates to install, but I’ve been having no luck with it – the update web page would just vanish when I ticked the updates I wanted...
  • Blog Post: WPAD via DNS and ISA Server (or TMG, for that matter)

    Just a reminder that WPAD is a special blocked keyword after recent DNS Server security updates. This prevents sites with an unconfigured WPAD entry from allowing devolution beyond their own level. The symptom you see most often might be that when you first configure a WPAD entry, Internet Explorer...
  • Blog Post: Autoproxy might still be broken in current Java runtimes

    A customer battling automatic proxy configuration issues with ISA/TMG, and PAC/WPAD.DAT pointed me at the following bug: http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=e70c81c1a56f7d856f2e50539c708?bug_id=6887492 Which, if I’m interpreting it right, is Closed. In Connect -speak, that would mean...
  • Blog Post: More Network Inspection System updates

    A new Vuln (vulnerability) NIS definition for Outlook Express / Windows Mail MS10-030 joins the recent Expl (exploit) definition for the Sharepoint XSS issue (currently an Advisory). The other type of signature is a Policy signature – not an exploit or a vulnerability per se, but a security feature...
  • Blog Post: TMG SP2 now out there

    There I was, blathering away about Kerberos and SetSPN and sleeping - sleeping! - while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess. The documentation's still being updated (the release notes haven't made it up yet), but you can try it out from here: Microsoft...
  • Blog Post: Xbox Live vs TMG

    Foreword - Added 2011-03-08 As far as I'm aware, nothing significant has changed since the blog linked here - ISA Server is now TMG, sure, but XBox Live and TMG don't officially support one another. This blog post captures something that seems to work for me, but may not work for you. (If you find...
  • Blog Post: TMG SP2 Update Rollup 2 out now

    Several reliability fixes included: http://support.microsoft.com/kb/2689195   To install UR2, you need to be running SP2 (with or without UR1) already.
  • Blog Post: ISA 2000: The End Draws Near

    While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here : Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition...
  • Blog Post: (The catchily-titled) TMG 2010 SP1 SU1 UR4 is out now!

    That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article. http://support.microsoft.com/kb/2517957   The larger list of ISA Server build numbers is still here...
  • Blog Post: TMG Web Protection In Action

    Today, I arrived at my desk to find a link from one of my relatives waiting for me in an MSN window (sorry, Windows Live Messenger – old habits die hard). This was unusual behaviour for the person involved, so I was instantly suspicious. I used Mesh to sign into one of my home PCs, and sure enough, the...
  • Blog Post: PSA: You really need to update your Kerberos setup documentation with SetSPN -S!

    Hi! You might remember me from such posts as Kerbie Goes Bananas , and SetSPN improvements for Windows 2008 . Or something. I'm here with a public service announcement! Excitement! It's been long enough since Windows 2008 (and the downlevel release of SetSPN ) that I feel comfortable respectfully...