The Update 1 Rollup 3 for Microsoft TMG 2010 is now available for you. This rollup address the following issues:
FIX: "A security package specific error occurred" error when you run a recurring report on a Forefront TMG 2010 server that is managed by an EMS and that is in a workgroup
FIX: "0xc0360007 (STATUS_IPSEC_CLEAR_TEXT_DROP)" error when you try to access the internal IP address of a Forefront TMG 2010 server through an IPsec site-to-site network
"HTTP/1.1 502 - Error 11 Bad format" error when you access SSL websites that use SAN certificates in Forefront TMG Server 2010 if a non-English version of a Windows operating system is installed
FIX: "Page Cannot Be Displayed" error when you try to access a website that requires a client certificate authentication on a Forefront TMG client in Forefront TMG 2010 if HTTPS Inspection is enabled
FIX: "502 Proxy Error. An attempt was made to load a program with an incorrect format. (11)" error when you try to use a HTTPS URL through Forefront TMG 2010 if HTTPS inspection is enabled
How to configure the "HTTPS inspection caching in a forward proxy scenario" and "HTTPS inspection inclusion list" features in Forefront TMG 2010
An enterprise node is incorrectly added in Forefront TMG MMC after you install Forefront TMG 2010 SP1 Update 1
"Sign in as a Different User" does not work on a SharePoint website that is published by Forefront TMG 2010
PPTP or L2TP/IPsec connection is not reestablished between Forefront TMG 2010 servers
FIX: "502 Proxy Error. An unknown error occurred while processing the certificate. (-2146893017)" error when you try to access a website over HTTPS in Forefront TMG 2010 if HTTPS inspection is enabled
Forefront TMG Firewall service may stop when users run desktop sharing software over HTTPS that is proxied by Forefront TMG 2010
"0xc0040446" or "0xc004041d" error if the primary IP address or DNS address uses 220.127.116.11/16, 18.104.22.168/16, or 22.214.171.124/24 in Forefront TMG 2010
SCOM logs many "Forefront TMG Server - Cache: Current Cache Fetches Average Ms Per Request error" error alerts from TMG Management Pack through Forefront TMG 2010
Mspadmin.exe may crash if you do not use SQL Server Express to log traffic in Forefront TMG 2010
Forefront TMG Firewall service might crash when WP_TRAFFIC tracing is enabled in Forefront TMG 2010
"0xc004039E" error when you use the "Allow user override" setting for a HTTP deny rule in an enterprise policy in Forefront TMG 2010
FIX: Forefront TMG Job Scheduler service (Isasched) stops responding on an array member server that is not a report server in Forefront TMG 2010
As you can see there are a lot of fixes in this rollup, I particularly worked in many issues involving 2501650 and 2502686 while the hotfixes were not even ready. Due the nature of those issues I strong recommend you to download this update and plan the installation on your Forefront TMG. To install this update, you must have TMG 2010 SP1 and Update 1 already installed.
Got get it at http://support.microsoft.com/kb/2498770.
The article that I wrote for TechNet Magazine February issue is now available, you can access it from the link below:
This article will give you a better picture of how Forefront TMG can assist your cloud migration by enhancing secure Internet access to the cloud services.
Yesterday I post my first WiKi article, it is about Windows Security and the core Windows foundation to cover the security triad (Confidentiality, Integrity and Availability). Many IT Pros sometimes jump directly to try to hardening the system without first step back and analyze the business needs as well as how to cover the core security triad using built in resources available on Windows OS. This article will cover this discussion.
You can access this article from the link below:
The Microsoft TechNet WiKi is a great resource for exchanging experiences by writing content that you feel will be useful for the community. If you have a need and you look for an article and don’t find it, why not you write your own article under Microsoft TechNet? That’s the goal here, to make sure that you can help the community to succeed. Here are some articles that you should read before get involved on this:
Get yourself engaged and enjoy working with such great community!!
Registration is open for Episode 11 of Talk TechNet:
Looking forward to chat with you about TMG as Secure Web Gateway.
I created this blog back in February 2008 and since that day I really tried to bring to you interesting troubleshooting techniques based on real scenarios. This blog was always something that I drove on my own free time (not that I have lot of free time), but I tried to managed my time in such way that posting here was part of my regular agenda. The numbers below show how much the traffic increased over the last couple of years in this blog and I would like to thank you all for contributing with that, is because I know you are reading that I feel energized to keep writing.
I can safely say that 90% of the posts that I wrote for this blog were related to ISA/TMG, which makes a lot of sense to me as I was working for CSS Forefront Edge Team. Yes, you read it right, I “was”. Starting Monday (Feb 14th) I will be fully dedicated to the Windows Security Team as a Technical Writer. As one of the co-authors of the Forefront TMG Administrator’s Companion Book and Forefront TMG Deployment Guide, I plan to keep writing about Forefront TMG here, but certainly will not be on the same frequency as before since I will be dedicated to Windows Security subject. From now on I will be more engaged in produce content that will be available in other locations, such as:
There are some initiatives on the Forefront TMG space that I’m still engaged during this transition phase, which are:
Again, thanks a lot for visiting this blog and I hope to keep partnering with you in 2011, now in a broader way.
Consider a scenario where you are publishing a SMTP Server that uses TLS on Forefront TMG 2010, in such scenario TMG resets the connection to the SMTP client when the SMTP server closes its connection to TMG with a TCP FIN packet. This behavior can cause some specific SMTP client applications to report that message delivery failed even though messages are sent correctly. In this scenario you also will see the following entry on the Live Logging: Incoming SMTP Server 0x80074e24 FWX_E_CONNECTION_KILLED. This problem is documented for ISA Server 2006 in KB 959312. Recently we also experienced the same issue with TMG and the script from KB 959312 fixed the issue. After running this script on TMG you should see the message below on your command prompt windows (which should be opened in privileged mode):
After this change such behavior should go away…and yes, we will update this KB to include TMG.
Note: only run this script on TMG if you are experiencing exactly the same behavior as explained in KB 959312.