Australian Premier Support customers: Join us for an overview of the new stuff in Windows Server 2012 and Windows 8! This series of events will run for the entire day in each city and showcase 4 sessions of about 90 minutes, on a range of Windows Server 2012 and Windows 8 client topics. All topics...

Several reliability fixes included: http://support.microsoft.com/kb/2689195   To install UR2, you need to be running SP2 (with or without UR1) already.

Recently, I worked on a Kerberos configuration issue with a customer; these are my notes from the visit. You’ll see some common themes with Kerbie Goes Bananas , and it puts much of that into practice. Speaking of, I must redo Kerbie with SetSPN -S (shameface) 1. DNS should use an A record...

There I was, blathering away about Kerberos and SetSPN and sleeping - sleeping! - while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess. The documentation's still being updated (the release notes haven't made it up yet), but you can try it out from here: Microsoft...

Hi! You might remember me from such posts as Kerbie Goes Bananas , and SetSPN improvements for Windows 2008 . Or something. I'm here with a public service announcement! Excitement! It's been long enough since Windows 2008 (and the downlevel release of SetSPN ) that I feel comfortable respectfully...

That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article. http://support.microsoft.com/kb/2517957   The larger list of ISA Server build numbers is still here...

While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here : Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition...

A customer battling automatic proxy configuration issues with ISA/TMG, and PAC/WPAD.DAT pointed me at the following bug: http://bugs.sun.com/bugdatabase/view_bug.do;jsessionid=e70c81c1a56f7d856f2e50539c708?bug_id=6887492 Which, if I’m interpreting it right, is Closed. In Connect -speak, that would mean...

Missed this completely while working onsite for the last {forever}! TMG SP1 is here. There’s an X64 version for the Server and/or EMS, and a 32-bit version for just the MMC bits on computers you use to remotely manage the boxes. Installation Instructions Downloads: http://www.microsoft.com/downloads...

What you say!? The new logging system in TMG 2010 is seriously cool, and it’s designed to cope with extended instances of SQL Server going away. Extended meaning multi- hour , but depending on disk space, it could be multi- day . Short Version There’s a good detailed description of it here ...

A new Vuln (vulnerability) NIS definition for Outlook Express / Windows Mail MS10-030 joins the recent Expl (exploit) definition for the Sharepoint XSS issue (currently an Advisory). The other type of signature is a Policy signature – not an exploit or a vulnerability per se, but a security feature...

To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG .exe is included in the ADCONFIGPACK .exe download, available from this location , which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious...

Foreword - Added 2011-03-08 As far as I'm aware, nothing significant has changed since the blog linked here - ISA Server is now TMG, sure, but XBox Live and TMG don't officially support one another. This blog post captures something that seems to work for me, but may not work for you. (If you find...

Just a reminder that WPAD is a special blocked keyword after recent DNS Server security updates. This prevents sites with an unconfigured WPAD entry from allowing devolution beyond their own level. The symptom you see most often might be that when you first configure a WPAD entry, Internet Explorer...

The Feb 22, 2010 update for ISA Server 2006 is the current high-watermark hotfix level: http://support.microsoft.com/default.aspx?scid=kb;EN-US;980067

Today, I arrived at my desk to find a link from one of my relatives waiting for me in an MSN window (sorry, Windows Live Messenger – old habits die hard). This was unusual behaviour for the person involved, so I was instantly suspicious. I used Mesh to sign into one of my home PCs, and sure enough, the...

Health Checks I perform ISA Server Health Checks for Premier Support (via Premier Field Engineering) as part of my role. I’ve seen something a few times recently that I thought it might be helpful to call out, while poking around in the Performance Monitor TCPv4 counter area. The Problem ...

As I possibly misspelled or misremembered it, the PL15ws2p.dll (possible sic) file was installed as a Winsock Layered Service Provider on a couple of boxes at a customer site. Coincidentally, these machines were Windows Server 2008 machines where we couldn’t get the Firewall Client to work properly...

Update 6 May 2010: Hello! If you're reading this, it's now at least 2010, and the answer to your question is: the version of ISA Server that works on Windows 2008 is called Microsoft Forefront Threat Management Gateway 2010 . Also, it's exclusively 64-bit. ISA 2006 doesn't have a 64-bit flavour (though...

Today, an IIS 5.0 to 6.0 security advisory was released: Vulnerability in Internet Information Services Could Allow Elevation of Privilege http://www.microsoft.com/technet/security/advisory/971492.mspx If you’re using WebDAV on any version prior to 7.0 (where it was completely rewritten, and released...

Rambling my way to a point One of my most favourite “Favorites” (read: “he snarled”) in recent weeks has been the ISA Server Product Team’s Build Numbers post . They helpfully list the version numbers of each ISA Server, um, version, along with a link to the most recent hotfix for that version. That...

There are two major classes of Anti Virus software (yes, I know I used one word above, it’s called SEO, okay?) that can be used on an ISA Server computer: ISA-integrated antivirus scanning products Regular desktop/server antivirus products The first category is the cooler of the two, and...

Of all the things I could be doing right now, blogging is the one that won. Feel special? Procrastination, but with a helpful bent. IAG SP2 is now a VHD for Hyper-V Your mission, Jim, is to make that into a song. The most interesting “wow” moment I had today was reading that IAG (Intelligent Application...

Before the holidays, I bought myself an early present: a new quad-core box with 4GB RAM, which I was going to use for a home Hyper-V lab, so that I could run a bunch of 64-bit VMs as well as the 32-bit staples I’ve been using for years (SBS 2003, and a separate ISA Server box). I’d had Windows Server...

I was just catching up on some of my RSS feeds, and noticed that one of the pages I was at didn't have a broken page icon, but wasn't working quite right (some broken javascript in the photos area, I'm guessing... I'll investigate that next). I wondered what that meant, so fired up Fiddler2 to have a...