Several reliability fixes included: http://support.microsoft.com/kb/2689195   To install UR2, you need to be running SP2 (with or without UR1) already.

There I was, blathering away about Kerberos and SetSPN and sleeping - sleeping! - while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess. The documentation's still being updated (the release notes haven't made it up yet), but you can try it out from here: Microsoft...

Hi! You might remember me from such posts as Kerbie Goes Bananas , and SetSPN improvements for Windows 2008 . Or something. I'm here with a public service announcement! Excitement! It's been long enough since Windows 2008 (and the downlevel release of SetSPN ) that I feel comfortable respectfully...

That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article. http://support.microsoft.com/kb/2517957   The larger list of ISA Server build numbers is still here...

Pre-blurb About a week ago, I signed up for iRacing again, after letting my subscription lapse back in, oh, looks like 2008. Time flies! Since then, I’ve been trying to get updates to install, but I’ve been having no luck with it – the update web page would just vanish when I ticked the updates I wanted...

While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here : Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition...

A customer battling automatic proxy configuration issues with ISA/TMG, and PAC/WPAD.DAT pointed me at the following bug: http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=e70c81c1a56f7d856f2e50539c708?bug_id=6887492 Which, if I’m interpreting it right, is Closed. In Connect -speak, that would mean...

What you say!? The new logging system in TMG 2010 is seriously cool, and it’s designed to cope with extended instances of SQL Server going away. Extended meaning multi- hour , but depending on disk space, it could be multi- day . Short Version There’s a good detailed description of it here ...

A new Vuln (vulnerability) NIS definition for Outlook Express / Windows Mail MS10-030 joins the recent Expl (exploit) definition for the Sharepoint XSS issue (currently an Advisory). The other type of signature is a Policy signature – not an exploit or a vulnerability per se, but a security feature...

To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...

Just a reminder that WPAD is a special blocked keyword after recent DNS Server security updates. This prevents sites with an unconfigured WPAD entry from allowing devolution beyond their own level. The symptom you see most often might be that when you first configure a WPAD entry, Internet Explorer...

The Feb 22, 2010 update for ISA Server 2006 is the current high-watermark hotfix level: http://support.microsoft.com/default.aspx?scid=kb;EN-US;980067

Today, I arrived at my desk to find a link from one of my relatives waiting for me in an MSN window (sorry, Windows Live Messenger – old habits die hard). This was unusual behaviour for the person involved, so I was instantly suspicious. I used Mesh to sign into one of my home PCs, and sure enough, the...

Health Checks I perform ISA Server Health Checks for Premier Support (via Premier Field Engineering) as part of my role. I’ve seen something a few times recently that I thought it might be helpful to call out, while poking around in the Performance Monitor TCPv4 counter area. The Problem ...

As I possibly misspelled or misremembered it, the PL15ws2p.dll (possible sic) file was installed as a Winsock Layered Service Provider on a couple of boxes at a customer site. Coincidentally, these machines were Windows Server 2008 machines where we couldn’t get the Firewall Client to work properly...

Update 6 May 2010: Hello! If you're reading this, it's now at least 2010, and the answer to your question is: the version of ISA Server that works on Windows 2008 is called Microsoft Forefront Threat Management Gateway 2010 . Also, it's exclusively 64-bit. ISA 2006 doesn't have a 64-bit flavour (though...

Rambling my way to a point One of my most favourite “Favorites” (read: “he snarled”) in recent weeks has been the ISA Server Product Team’s Build Numbers post . They helpfully list the version numbers of each ISA Server, um, version, along with a link to the most recent hotfix for that version. That...

There are two major classes of Anti Virus software (yes, I know I used one word above, it’s called SEO, okay?) that can be used on an ISA Server computer: ISA-integrated antivirus scanning products Regular desktop/server antivirus products The first category is the cooler of the two, and...

Of all the things I could be doing right now, blogging is the one that won. Feel special? Procrastination, but with a helpful bent. IAG SP2 is now a VHD for Hyper-V Your mission, Jim, is to make that into a song. The most interesting “wow” moment I had today was reading that IAG (Intelligent Application...

So, we all know that ISA 2006 doesn't work on Windows Server 2008 . Massive architectural changes to the IP stack, blah blah, etc, etc. People (uh, yeah, just "people") have been asking about what's to become of ISA Server for a while: "There's no ISA 2008 announced!" they'd scream...

This question came up today (well, actually, it was about four weeks ago I started typing this, but bear with me), and it's been a little while since I've rambled about authentication protocols, so let's enjoy a nice, calm discussion on a Monday Tuesday arvo. The request was something like: In a Web...

What can we say about MaxUserPort that hasn't already been said? Not a lot, it would seem. He's a beautiful dancer, perhaps? Ahh, such gentle humour, and nary a kitten drowned anywhere. But TCP port shenanigans are fairly frequently misunderstood, so let's talk about the very basics of MaxUserPort...

Update: Most recent SetSPN ramblings (short: use -S instead of -A). All this stuff is based on a prerelease (RC1) version of Windows Server 2008 and may change before final release. Cheques may not be honoured. I had a happy moment one night in India when the trainer for our IIS 7.0 TTT course...

This week, a pointer to a solution to a problem I occasionally hit. Windows Vista (and by extension Windows Server 2008, I assume) utilizes a new EVTX log format for event log exports. It's XML-based, natch. Problem: Everyone's Favourite Log Digestion Tool Log Parser uses system APIs to read event log...

I recently encountered TCP Chimney for the first time in the wild. Short version: Chimney is an offload technology that allows the NIC to deal with up to X TCP connections, with any overflow being handled by Windows. All good: get the NIC dealing with more networky stuff, and reduce CPU use. Excellent...