TMG 2010 Replacement with WatchGuard M300

Hi all,
Our TMG 2010 is handling connection from 3 x LAN subnets (192.168.0.0-2.0/24) and a WAN connection.
I just purchased WatchGuard M300 with Security Suite and this firewall will replace TMG box, with 2 x WAN for redundancy.
I am starting to extract current policies from TMG and try to set up similar ones on WatchGuard unit, but it is time consuming and has a risk of mismatched policies.
I am aware that we will possibly need to leave reverse proxy behind.
Does anyone have any idea of best way of doing it instead of doing manually?
Any suggestions would be highly appreciated.
Thanks,
Peter
This topic first appeared in the Spiceworks Community

Hi all,
Our TMG 2010 is handling connection from 3 x LAN subnets (192.168.0.0-2.0/24) and a WAN connection.
I just purchased WatchGuard M300 with Security Suite and this firewall will replace TMG box, with 2 x WAN for redundancy.
I am starting to extract current policies from TMG and try to set up similar ones on WatchGuard unit, but it is time consuming and has a risk of mismatched policies.
I am aware that we will possibly need to leave reverse proxy behind.
Does anyone have any idea of best way of doing it instead of doing manually?
Any suggestions would be highly appreciated.
Thanks,
Peter
This topic first appeared in the Spiceworks Community

Similar Messages

  • With TMG EOL what can I replace with?

    My TMG 2010 is used mainly for reverse proxy for internal .NET applications, OWA, etc.  What MS products or third party products are available to replace this functionalility?

    Hi,
    Web Application Proxy in Windows Server 2012 R2 has some capabilities like TMG for basic reverse publishing, you can also use IIS AAR.
    For more functionality you must use third party products like Blucoat, Checkpoint, Sophos UTM
    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3276?GPP=MarcGrote

  • Unable to install Forfront TMG 2010 on Server 2008 R2 with SP1

    Hi I am  Installing TMG 2010 on Server 2008R2 with service pack 1 ... then I am getting the error as below snapshot...kindly help me out

    Hi Deepak
    THanks a lot for your quick responce . Please find below logs which I 've find from C:\Windows\Temp.  there are three text file in this folder. here I 've paste three files content as below
    14:14:02 INFO:    Installer activated, command-line=''
    14:14:02 INFO:    Expanded full extraction path of SQL Express 2008 SP1 Package is 'C:\Windows\temp\{196A1AC7-AE04-46AA-8CB3-196D6F4760C0}'.
    14:14:02 INFO:    Install scenario
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 ERROR:    CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
    14:14:02 INFO:    CSSEInstaller::Prepare: Failed to get the instace id of MSFW
    14:14:02 ERROR:    CSSEInstaller::GetInstanceId failed to open reg key 'SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL'
    14:14:02 INFO:    CSSEInstaller::Prepare: Failed to get the instace id of ISARS
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: Upgrade code is not set
    14:14:02 INFO:    CMsiAttendantInstaller::Prepare: There is no any product code for upgrade code
    14:14:02 INFO:    Installing ISA (Core components)...
    14:14:02 INFO:    CFirewallInstaller: Activating installation, command line args = '-I "F:\FPC\MS_FPC_Server.msi "WRAPPER=1 ARPSYSTEMCOMPONENT=1 MEDIAPACKAGEPATH=\FPC\ REBOOT=ReallySuppress'
    14:14:16 ERROR:    Setup failed. Error returned: 0x643
    14:14:16 ERROR:    CBasicInstaller: Install failed, hr=0x80070643
    14:14:16 ERROR:    Installation failed. hr = 0x80070643
    14:14:16 ERROR:    Installation failed, hr=0x80070643
    14:14:16 ERROR:    InstallProducts: Install ISA (Core components) failed, hr=0x80070643
    14:14:26 ERROR:    Wrapper: Install failed, hr = 0x80070643
    14:14:26 ERROR:    Wrapper: DoSetup failed, hr = 0x80070643
    14:14:26 ERROR:    Wrapper: DoSetup failed, hr = 80070643
    14:14:26 ERROR:    Setup of ISA failed. Return value: SETUP_ERROR_ISA
    IInd File
    14:14:10 ISA setup CA INFO   : ENTRY: ValidateSKU, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:10 ISA setup CA INFO   : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
    14:14:10 ISA setup CA INFO   : This is EE installation
    14:14:10 ISA setup CA INFO   : EXIT: ValidateSKU, Custom Action succeeded
    14:14:10 ISA setup CA INFO   : ENTRY: SetServerServiceRunning, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:10 ISA setup CA INFO   : Service lanmanserver is running
    14:14:10 ISA setup CA INFO   : EXIT: SetServerServiceRunning, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: PropertyAssign, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : FW Services feature state: -1
    14:14:11 ISA setup CA INFO   : EXIT: PropertyAssign, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetDotNetInstalledProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : EXIT: SetDotNetInstalledProperty, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetRebootRequiredBeforeInstallationProperty, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : CheckExistValue failed. key = PendingFileRenameOperations.
    14:14:11 ISA setup CA INFO   : FOpenKey failed. key = SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired.
    14:14:11 ISA setup CA INFO   : FOpenKey failed. key = SOFTWARE\Microsoft\Updates.
    14:14:11 ISA setup CA INFO   : EXIT: SetRebootRequiredBeforeInstallationProperty, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: SetISARegistrySettingsForCOM, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : VerifyPropertyEqualValue: Property Sku =
    14:14:11 ISA setup CA INFO   : EXIT: SetISARegistrySettingsForCOM, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: Set_RrasIsVpn, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : RRAS is configured as VPN.
    14:14:11 ISA setup CA INFO   : EXIT: Set_RrasIsVpn, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: EE_ValidatePropertiesSyntax, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : Checking the length of properties
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ENTERPRISE_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ENTERPRISE_DESCR length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVICE_ACCOUNT length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVICE_PWD length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVER_CONNECT_ACCOUNT length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property STORAGESERVER_CONNECT_PWD length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_DESCR length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_DNS_NAME length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property REPLICATION_SOURCE_PATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property ARRAY_ENTERPRISEPOLICY length < 300
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property CLIENT_CERTIFICATE_FULLPATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property SERVER_CERTIFICATE_FULLPATH length < 260
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property SERVER_CERTIFICATE_PASSWORD length < 32
    14:14:11 ISA setup CA INFO   : VerifyPropertyLength: Property FULLPATHANSWERFILE length < 260
    14:14:11 ISA setup CA INFO   : Length of all properties is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of some properties
    14:14:11 ISA setup CA INFO   : Syntax condition of all properties is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the MSIPROP_ARRAY_INTERNALNET properties
    14:14:11 ISA setup CA INFO   : Syntax of the properties internal range property is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property ARRAY_INTERNALNET_ENT_NETS
    14:14:11 ISA setup CA INFO   : Syntax of the property ARRAY_INTERNALNET_ENT_NETS is correct
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property INTRA_ARRAY_ADDRESS_IP
    14:14:11 ISA setup CA INFO   : Checking the syntax of the property HOST_ID
    14:14:11 ISA setup CA INFO   : Checking the existance of files in properties
    14:14:11 ISA setup CA INFO   : All properties that contain files exist
    14:14:11 ISA setup CA INFO   : EXIT: EE_ValidatePropertiesSyntax, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: ValidateRDPAddressType, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : TMG remote installation uses IPV4 connection
    14:14:11 ISA setup CA INFO   : EXIT: ValidateRDPAddressType, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: GetEnvParams, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : The machine does not belong to any domain
    14:14:11 ISA setup CA INFO   : EXIT: GetEnvParams, Custom Action succeeded
    14:14:11 ISA setup CA INFO   : ENTRY: CalculateFirstDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:11 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']
    14:14:11 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
    14:14:11 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']
    14:14:11 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
    14:14:11 ISA setup CA INFO   : First Dialog in the flow: FirstDialog = InstallWelcome
    14:14:11 ISA setup CA INFO   : EXIT: CalculateFirstDialog, Custom Action succeeded
    14:14:13 ISA setup CA INFO   : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:13 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']
    14:14:13 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
    14:14:13 ISA setup CA INFO   : Next dialog in the flow is: NextDialog = LicenseAgreement
    14:14:13 ISA setup CA INFO   : EXIT: CalculateNextDialog, Custom Action succeeded
    14:14:15 ISA setup CA INFO   : ENTRY: CalculateNextDialog, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:15 ISA setup CA INFO   : Current dialog Flow is: /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']
    14:14:15 ISA setup CA INFO   : Updated flow CurrentDialogFlow = /Dialogs/Dialog[@name='Flows']/Dialog[@name='EE']/Dialog[@name='InstallWelcome']/Dialog[@name='LicenseAgreement']/Dialog[@name='CustomerInformation']
    14:14:15 ISA setup CA INFO   : Next dialog in the flow is: NextDialog = CustomerInformation
    14:14:15 ISA setup CA INFO   : EXIT: CalculateNextDialog, Custom Action succeeded
    14:14:16 ISA setup CA INFO   : ENTRY: ValidatePIDGenX, PID 2220 (0x8AC), Current user is WIN-BTIIPGG01E6\Administrator
    14:14:16 ISA setup CA INFO   : OriginalDatabase = F:\FPC\MS_FPC_Server.msi
    14:14:16 ISA setup CA ERROR  : LoadLibrary(F:\FPC\Program Files\Microsoft ISA Server\msfpcPidGenX.dll) failed, ec=193
    14:14:16 ISA setup CA ERROR  : Setup failed while validating Product ID.
    14:14:16 ISA setup CA ERROR  : (Error 28021) Setup failed while validating Product ID.
    14:14:16 ISA setup CA ERROR  : EXIT: ValidatePIDGenX, Custom Action failed (0x643)
    IIIrd File
    Logging stopped: 4/7/2014  14:14:16 ===
    MSI (c) (E4:34) [14:14:16:224]: Note: 1: 1708
    MSI (c) (E4:34) [14:14:16:224]: Product: Microsoft Forefront Threat Management Gateway EE  -- Installation operation failed.
    MSI (c) (E4:34) [14:14:16:224]: Windows Installer installed the product. Product Name: Microsoft Forefront Threat Management Gateway EE . Product Version: 7.0.7734. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status:
    1603.
    MSI (c) (E4:34) [14:14:16:224]: Grabbed execution mutex.
    MSI (c) (E4:34) [14:14:16:224]: Cleaning up uninstalled install packages, if any exist
    MSI (c) (E4:34) [14:14:16:224]: MainEngineThread is returning 1603
    === Verbose logging stopped: 4/7/2014  14:14:16 ===
    Below error Code I got from Application Event
    Product: Microsoft Forefront Threat Management Gateway EE  -- Setup failed while validating Product ID.
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events
    cannot be delivered through this filter until the problem is corrected.

  • Unable to install Forfront TMG 2010 on Server 2008 R2 with Service Pack1

    Hi I am  Installing TMG 2010 on Server 2008R2 with service pack 1 ... then I am getting the error as below snapshot...kindly help me out
    and I 've check event log then please find below snapshot :

    Hi,
    It seems that you have created an similar thread below:
    Unable to install Forfront TMG 2010 on Server 2008 R2 with SP1    
    Since you have installed Service Pack 1 for Windows Server 2008 R2, please refer to the KB below:
    Event ID 10 is logged in the Application log after you install Service Pack 1 for Windows 7 or Windows Server 2008 R2
    If the solutions in the thread above are not helpful, please feel free to contact us.
    Best regards,
    Susie                  

  • Exchange 2013 with TMG 2010 and Go Daddy

    Hi all;
    actually I'm new to exchange server 2013 and I need some help:
    recently I installed exchange 2013 in our domain with contains TMG 2010
    what I need is sending emails out.
    currently I can send emails internaly
    I have static IP and TMG and registered domain in Go daddy.
    could someone help me by steps what to do?
    in TMG?
    in Exchange administration?
    in Go Daddy?what records needed and how?
    and should I do any configurations in my DNS?
    please I'm stuck in this.
    Thanks

    Sorry, my fault. Try these links:
    http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
    http://www.isaserver.org/articles-tutorials/configuration-general/publishing-exchange-2013-outlook-web-app-forefront-threat-management-gateway-tmg-2010.html
    CRM Advisor

  • Publishing Exchange 2013 Outlook Web App with Forefront TMG 2010

    Hello guys,
    I have published Exchange 2013 via TMG 2010 with pre-authentication. Since this is the first time I am doing it- I want to ask experts for the explanations:).
    When I configure Active Sync on mobile, I just type the password and  it's starts syncing after 20 sec.
    When I use browser and trying to login using TMG logon screen, after I enter credentials (if they were not wrong), I get exchange 2013 logon screen ( because my password was checked by DC's).
    I have customized TMG tamplate to Exchange 2013 tamplate, but it did not help- I have two logon screens.
    Is it possible to configure TMG for showing only one logon screen ( without disabling pre-authentication) ? Does it work this way?
    Did I miss something?

    Hi,
    Please try to enable FBA for external and internal OWA 2010 users by the methods in the blog below.
     There are several ways to accomplish this:
    Have internal users pointed to the internal interface of the Forefront TMG and utilize the forms-based authentication logon page offered by Forefront TMG. 
    Deploy Forefront UAG instead of Forefront TMG. Forefront UAG allows you to have FBA enabled on both the Exchange 2010 Client Access Servers and on the Forefront UAG solution itself. 
    Publish Exchange 2010 to the Internet using Forefront TMG but do not configure pre-authentication. This way the users need to go through the Forefront TMG solution, but will authenticate directly against the Exchange 2010 Client Access servers. 
    Configure an additional OWA and ECP virtual directory on the Exchange 2010 Client Access Servers.
    Reference:http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/enabling-forms-based-authentication-external-internal-owa-2010-users-exchange-2010-published-using-forefront-tmg-2010-part1.html
    Then check the blog
    - Creating a custom Forefront TMG 2010 OWA FBA logon page
    Note:
    Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
    Best Regards,
    Joyce
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Problem with blocking upload file TMG 2010

    I'm using TMG 2010. I have 3 rules : 
    1/Allow Internet Access : 
    protocols : dns, http, https
    from: loclahost, internal to: External
    2/Allow Protocols :
    protocols : all traffics
    from: localhost, internal to: localhost, internal
    3/Defaul Rule : Block all.
    The problem is : i want to block upload file from internal to external so i've made HTTP filter in Allow Internet Access like this : Config HTTP --> Signature : Search in: Request Header 
     Http header: Content-Type:
     Signature: mutipart/form-data
    Methods : Block method POST
    Unfortunately, it's not work and i dont know why. If i create a rule block web, it's work. Plesase help me. Thanks !

    Hi,
    You could check the following blog to see whether you missed anything.
    How to block Attachment Uploads using Microsoft TMG
    http://www.kuwaitgeekz.com/?p=2248
    (Note: Microsoft provides third-party contact information to help you find technical support. This contact
    information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
    Best Regards,
    Joyce
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

    Hi,
     I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
    My setup is as follows:
    outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
    inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
    password is selected in the publishing rules.
    Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
    I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
    set in AD.
    If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
    and change my password using the correct URL. However if I point my browser at
    http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
    The only recent changes made are:
    - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
    - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
    Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
    I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
    http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
    If I try to use ldp.exe on the inner TMG, I get the error in the pic below
    Thanks
    IT Support/Everything

    Hi,
    You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
    TMG 2010 – FBA, troubleshooting the change password feature 
    http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
    Best Regards,
    Joyce

  • Exchange 2010/2013 coexistence published in TMG 2010

    Environment:
    Two Windows 2008 R2, Exchange 2010 SP3 servers, currently holding all mailboxes
    Two Windows 2012 R2, Exchange 2013 SP1 servers, setup in progress
    Two Windows 2008 R2, TMG 2010, V7.0.9193.540 publishing both Exchange 2010 servers.
    Scenario:
    I need to continue having Exchange 2010 setup in TMG as is as the mailbox migration to 2013 will take weeks if not months and I have a project requirement to have Exchange Database Availability Group (DAG) functionality for all mailboxes throughout the project,
    so 4 servers are an absolute must. So I need to add Exchange 2013 in TMG and not just replace the 2010 setup with the 2013 setup and I cannot run one 2010 and one 2013 server. 
    Questions:
    1. I currently only have 2 public IP addresses available to SMTP, mapped to the external interfaces of TMG, to allow my environment to be able receive emails on 4 Exchange servers (two 2010 and two 2013) I need to have 4 public IP addresses, is that correct?
    2. Does anyone have a good general guide/blog for doing this (setting up Exchange 2013 in TMG in a coexistance scenario)? 
    This is nice, but doesn't really approach it from a coexistance scenario:
    http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
    Thanks!

    Hi Trana,
    In TMG you can use single IP address to publish multiple Web address and below are the options which you can explore.
    Hope your OWA ECP etc are Https
    You need a SSL certificate which has all the URL SAN entry of both old and new Exchange server.
    Create a listener and select the IP address (Say public IP address 195.219.x.x)
    Link the SSL certificate
    Public DNS entry
     A record , Single IP
    195.219.x.x 
    Point to           
    Owa1.exchange1.com   - Old Server
    195.219.x.x 
    Point to           
    ECP1.exchange1.com     - Old Server
    195.219.x.x 
    Point to           
    ECP2.exchange2.com      - New Server
    195.219.x.x 
    Point to           
    Owa2.exchange2.com     - New Server
    Create a Web publishing rule as below
    Old server Exchange 1
    Owa1.exchange1.com  
    ECP1.exchange1.com    
    One Web publishing Rule with all the URL added on it and link the Rule with the listener we created
    Point the Web publishing to Exchange1.com server which is old
    New server Exchange 2
     Web publishing Rule with all the URL added on it and link the Rule with the listener we created
    Point the Web publishing to Exchange2.com server which is New
    ECP2.exchange2.com     
    Owa2.exchange2.com    

  • TMG 2010 IP addresses change

    Hi All,
    we need to replace our TMG 2010 internal and public IP addresses due to network segment change,
    will i need to re-install the TMG software? where will i need to change the IP addresses except to the NIC settings? 
    can you please advise what is the best way to do it?
    Thanks in advance,
    Elad Avital

    You don't mention what you have configured on your TMG but this is basically how you do it:
    Before doing anything, backup the server and export the TMG configuration. Do this while physically logged on to the server.
    Change the external IP first.
    - change IP address on ext nic through Getting Started Wizard, apply the settings
    - change any server publishing rules and web listeners that are using a specified IP address
    When done and all is verified to be working, move on to the internal ip address.
    - Change the IP address from within the Gestting Started Wizard. Apply the settings
    - validate all network objects and update the ones that need to be updated with a correct IP address. Don't forget to look at the system policy as well.
    You may need to alter the SQL configuration as well:
    SQL Server Configuration Manager / SQL Server Network Configuration / Protocols for MSFW/ISARS / TCP/IP / IP Addresses (most likely only ISARS)
    Hth, Anders Janson Enfo Zipper

  • Configure TMG to work with AD FS 3.0 (Server 2012 R2)

    Our current environment contains two Server 2012 Domain Controllers running AD FS 2.0.  We are using TMG, installed in our perimeter network, to load balance the servers in a server farm and make the connection with Office 365.  This has been
    working great for almost a year now.  The decision was made recently to upgrade the domain controllers to Server 2012 R2 (with AD FS 3.0).  We have replaced one of the servers and have AD FS 3.0 installed on it and configured.  It is working
    okay to connect our internal users to Office 365.  The problem is in getting TMG reconfigured to work with AD FS 3.0.  The problem appears to be that with the current version we configured IIS to allow us to use Windows Authentication when connect
    externally to Office 365.  AD FS 3.0 does not use IIS and it's Authentication Policy for the extranet does not permit Windows Authentication.
    Is there anyone who has run into this same scenario and found a way to configure TMG to work correctly?  We know that we could set up a Windows Application Proxy to handle this, but we would prefer not to have to set up an additional server in
    our perimeter network, if possible.

    Hi,
    Maybe you can refer to the thread and article below:
    TMG 2010 publish ADFS 2.2 (server 2012 R2)
    ADFS Publishing Rule in TMG
    Best regards,
    Susie

  • XSLT mapping not working b'coz " " & " " replaced with and

    Hello Experts,
      I have a RFC to JMS scenario. One of the parameter of RFC is a string field. This field will contain the XML data in it.
    I need to create a complete XML payload using this data in a string field. For this I am using XSLT map :
    <?xml version="1.0" encoding="UTF-8"?>
    <xsl:stylesheet version="1.1" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" >
         <xsl:output method="xml" omit-xml-declaration="no"/>
         <xsl:template match="/">
              <xsl:for-each select="//Nem">
                   <xsl:copy-of select="."/>
              </xsl:for-each>
         </xsl:template>
    </xsl:stylesheet>
    This XSLT mapping works fine when tested independently.
    But in actual scenario at runtime the "<" & ">" used to indicate a node are getting replaced with < and >. Then the XSLT mapping fails and produces no output.
    The output of XSL will be passed in to a java mapping which signs the payload digitally.
    What is the issue with these signs? How can I overcome this problem?
    Any inputs will be of great help.
    Kind Regards,
    Abhijeet.
    Edited by: Abhijeet Ambekar on May 4, 2010 2:01 PM

    Hi Stefan,
      Yes - I want to get rid of & # 60. But these (& # 60 and & # 62) are not added by XSLT mapping. Rather they are in the input available to XSLT map.
    In sxmb_moni, i can see the inbound payload correctly :
    <?xml version="1.0" encoding="UTF-8" ?>
    - <rfc:HDK083_REFUS_SENDDOCU xmlns:rfc="urn:sap-com:document:sap:rfc:functions">
      <P_SIGN_DOCUMENT />
      <P_XML_DOCUMENT><NemRefusionIndberetningSamling><NemRefusionIndberetningStruktur MessageID="1"><HeaderStruktur><SignOffIndikator>true</SignOffIndikator><TransaktionKode>Opret</TransaktionKode><IndberetningstypeKode>Anmeldelse</IndberetningstypeKode><FravaerTypeKode>Sygdom</FravaerTypeKode><FravaerendeStruktur><FravaerendeTypeKode>Loenmodtager</FravaerendeTypeKode><LoenUnderFravaerIndikator>false</LoenUnderFravaerIndikator></FravaerendeStruktur><IndberetningUUIDIdentifikator>bf9cc44e-af15-4e19-8457-5845d75385d2</IndberetningUUIDIdentifikator><ReferenceAttributTekst>ref. Nielsen-1503831372 (23. oktober 2009)</ReferenceAttributTekst>
    but when I try to download the payload or right click on payload to view source I get something like below:
    <?xml version="1.0" encoding="UTF-8"?><rfc:HDK083_REFUS_SENDDOCU xmlns:rfc="urn:sap-com:document:sap:rfc:functions"><P_SIGN_DOCUMENT></P_SIGN_DOCUMENT><P_XML_DOCUMENT>& # 6 0;NemRefusionIndberetningSamling& # 62; & # 60;NemRefusionIndberetningStruktur MessageID="1"& #62;& #60;HeaderStruktur& #62;& #60;SignOffIndikator& #62;true& #60;/SignOffIndikator& #62;& #60;TransaktionKode& #62;Opret& #60;/TransaktionKode& #62;& #60;IndberetningstypeKode& #62;Anmeldelse& #60;/IndberetningstypeKode& #62;& #60;FravaerTypeKode& #62;Sygdom& #60;/FravaerTypeKode& #62;& #60;FravaerendeStruktur& #62;& #60;FravaerendeTypeKode& #62;Loenmodtager</FravaerendeTypeKode><LoenUnderFravaerIndikator& #62;false</LoenUnderFravaerIndikator></FravaerendeStruktur& #62;<IndberetningUUIDIdentifikator& #62;bf9cc44e-af15-4e19-8457-5845d75385d2& #60;/IndberetningUUIDIdentifikator& #62;& #60;ReferenceAttributTekst& #62;ref. Nielsen-1503831372 (23. oktober 2009)& #60;/ReferenceAttributTekst& #62;
    (extra spaces added to "& # 60" as browser was converting it to < ,>)
    If i take the source code for payload and test XSLT mapping, it fails. But if I manually replace all "& # 60" with < and "& # 6 2" with >, then the mapping works fine.
    So I think for XSLT map to work correctly, we need to replace all "& # 60 " . Please suggest.
    Kind Regards,
    Abhijeet.

  • Error the service FWSRV of TMG 2010 on Windows server 2008 R2 Enterprise

    Please help me about a issue of TMG 2010:
    My company installed TMG 2010 on Windows server 2008 R2 Enterprise but it happen error " Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and
    then start it again. Check for related error messages."
    and " The Firewall service stopped because an application filter module C:\Windows\SYSTEM32\ntdll.dll generated an exception code C0000005 in address 0000000077A72F86 when function CompleteAsyncIO was called. To resolve this error, remove recently
    installed application filters and restart the service."
    I have reinstall but there error also appear again. My company use about 2000 clients access through TMG 2010.
    i have try update windows and TMG latest but can not solved this issue.
    i hope everyone help me as soon as. thank you so much.

     
    HI Luis,
    Not sure whether this will fix your issues however give it a try and let us know so that other can also provide suggestion.
    Disable
    Antivirus
    Monitoring Tools / Hardware Diagnostics tools which comes with Server vendor
    Try -
    http://support.microsoft.com/kb/2649961
    http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=2649961&kbln=en-us
    Ensure you have enough space for Log to be stored

  • Forefront TMG 2010 Error from management console

    Hi,
    I am having a problem connecting to a TMG 2010 array from an installation of TMG management console we are receiving the error 'Refresh Failed' 'Error 0x80070057' ' The Parameter is incorrect'.
    The only article i can find on this error is this http://support.microsoft.com/kb/2591719 which doesn't seem to apply to our setup or this problem but I have applied Service pack 2 anyway but still get same error. The only other thing i can find is
    a few people saying the management console needs to be at the same version as the TMG servers you are trying to connect to but I cannot see how this can be done as when I try to run the service pack on the machine with only the management console I get an
    error as the full installation is not there.

    Hi,
    Firstly, have you found any related information in the event logs?
    Nest, you can check the version of the TMG server from the TMG help menu, TMG system node or using Control Panel. For more detailed information, please refer to the link below:
    How to Determine Which Version of TMG
    Server 2010 Is Installed
    In addition, what hotfix rollup or Server pack have you installed? Please refer to the recommended order below:
    Forefront TMG 2010 Service Pack, Rollup, and
    Version Number Reference
    Best regards,
    Susie

  • How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking

    How to add HTTP Header Response X-Frame-Options:SAMEORIGIN from OWA published via Forefront TMG 2010 to stop Clickjacking. I have put the IIS setting X-Frame-Options:SAMEORIGIN  on my Internal CAS Server. However as the OWA page is published through
    Forefront TMG 2010, the iFrame tag is not blocked when the page is first opened. Only when you login with your credentials to the OWA page inside the frame and the page reaches IIS on the Internal CAS it gets blocked. I want to block it in the first
    instance when it is opened from TMG.

    Hi,
    Thank you for the post.
    To modify the http header, please refer to this blog:
    http://tmgblog.richardhicks.com/2009/03/27/using-the-isa-http-filter-to-modify-via-headers-and-prevent-information-disclosure/
    Regards,
    Nick Gu - MSFT

Maybe you are looking for

  • Simple date availability widget in iWeb

    I can integrate my iCal calendar to my iWeb website using the HTML Snippet tool in iWeb but this shows my entire itinerary.  I want a very simple calendar that the visitor to my website can click to see if I am available or booked and that is it, I w

  • Javascript multiple file upload with progressbar does not work in firefox, please help

    I want to upload files using this javascript snipped as well as processing non file fields on the same form. This works beautiful in IE11, Chrome and Opera, but not in firefox (version 34). I fired the non file handler with the action attribute on th

  • Driver program for outbound interfaces

    hi i am having 5 outbound interfaces for which i need to make a driver program in my driver pgm i need to make a selection screen which consists of 2 radio buttons 1 . presentation server 2. application server when we select presentation server all t

  • ORA-01092 when creating db on 10.2.0.4

    hi, i have 10g with 10.2.0.4 patch on SLES 10. and i want to create db instance. when i do it, i have an error called by ORA-01092 at %40 processing. when i read alertcside.log, i saw that logs: +.............+ Errors in file /opt/oracle/admin/CSIDE/

  • What is a good medium priced printer for MacPro

    I just purchased for the first time a MacPro 15 Is there a preferred wireless printer that is not over priced?