TMG installation problems can be a bit trick to troubleshooting if you don’t know which components are involved, however if you know then things start make more sense. Most of the setup problems that I faced up to now on TMG 2010 (since RTM) were related to ADLDS or some kind of domain connectivity problem. The most two recent examples are described on two articles that I tech reviewed from my friends Bala Natarajan and Niladri Dasgupta wrote:
Last week I worked on an issue where TMG admin was not able to install this brand new TMG to be used as Edge Firewall. The error message that he was receiving was:
After this error the setup process rolled back and finish without completing the installation. As recommended on the previous two articles mentioned in this post, the first step is to review the setup logs and look for more information in order to move the troubleshooting further. In the ADAM Log file we can see the following entry:
When you see an error where trust relationship between client and domain is failing, be sure to do your homework, in other words, check:
When I hit the third test I found out the problem:
This was the problem, because Windows (where I was trying to install TMG) was sending the traffic to the wrong interface. Once we moved the Internal to the top, flushdns (with ipconfig) and ran the setup again the issue went away and the installation finished successfully.
Note: same recommendation to have Internal on the top applies to UAG, check it out a great reference on that written by Jason Jones at http://blog.msedge.org.uk/2010/04/recommended-network-card-configuration_14.html
I can't understand these.Where is the advanced settings?And whitch interface should be there?
This option is available on Windows Network, under Advanced:
1.Click Start, click Network, click Network and Sharing Center, and then click Manage Network Connections.
2.Press the ALT key, click Advanced, and then click Advanced Settings.
Make sure Internal is on the top.
In my case my TMG server did not have a route back to a DC,.. I made a non persistent route to a subnet with a DC and the install finished,.. route add subnet mask 255.255.255.0 gateway.
Thanks for sharing your solution ursenj !
Thanks for your sharing this post can help me.
It helped me as well, the Binding Order is the culprit most of the times. Thank you Yuri for this Blog.
You are very welcome. Great to hear that it did help you Murtaza!
Gracias por la ayuda hice lo que mencionaste y funciono.
Que Bueno! Gracias for the feedback :)