]TMG 2010 SP2 Rollup 5 - None Available Worker threads

Similar Messages

• Domain functional level 2003 -- 2008 and TMG 2010 (sp2 rollup 2)

  Hi,
  We want to raise our domain and forest functional level from 2003 to 2008. All DC's have been on 2008 or 2008R2 for about two years.
  I cannot find if there is any impact on TMG 2010 sp2 rollup 2. Does anyone know if this will bring any issues?
  Thanks!

  No impact. From a TMG perspective, go ahead.
  Hth, Anders Janson Enfo Zipper

• IOS 5.1.1 and MS Exchange server 2010 SP2 Rollup 2 compatibility

  Hello to the community,
  Microsoft Exchange Server updated to a new version 2010 SP2 Rollup 2 so I would like to know if iOS 5.1.1 (9B206) is fully compatible with it. We run the 2010 SP1 Rollup 5 of MS Exchange Server.
  Thanks in advance.

  That is not how i read your problem.  It sounded like propagating to Exchange was fine, but changes from Exchange did not get updated in Unity Connection right away.  My symptoms were that the voicemail message arrived in Outlook immediately.  If I read it or deleted from the phone, then Outlook reflected that right away too.  But if I read it or deleted it in Outlook, it took awhile for the phone MWI to go off.  In fact, when I just read it, I'm not sure it ever went off, but when I deleted it, it eventually went off.
  We have our voice servers (including Unity Connection), sitting behind Cisco ASA firewalls.  We allow all traffic outbound from the voice servers, but restrict it coming inbound.  I have a server group for the Exchange servers that allows any port through.  I did not remember to add the new Exchange 2010 servers to this group.  TCP port 7080 appears to be the only port used.  I do not know how the voicemail eventually got deleted in Unity before, unless it eventually came from one of the Exchange 2007 servers.  But I definitely saw port 7080 getting blocked, and once we opened it up, the updates from Exchange to Unity happened within seconds.

• Exchange Server 2010 SP2 Rollup 8

  Hi All,
  I currently have MS Exchange 2010 SP2 rollup 4-v2  and I am planning to update to SP2 rollup 8. I have few questions below. My exchange is setup as a two member DAG.
  1. Do I need to uninstall any updates before I apply SP2 rollup 8?
  2. Microsoft article says that Rollup updates are not shown automatically in windows updates when setup in a DAG. In my case when I go to control panel/windows updates I do see SP2 rollup 8 along with other updates. Does that mean that I can install
  from there directly?
  3. Is it necessary to put exchange server in maintenance mode when applying rollups OR  can I simply run from windows update each server at a time?
  Thanks

  Hi,
  First read this:
  End Of Exchange 2010 SP2 Support
  1. If you have any interim updates installed, then they must be uninstalled before you can upgrade your Server(s). Since SP2 is no longer supported, you really should be on SP3 by now +
  RU5
  2. Microsoft article regarding updates to DAG Members is not up to date. Rollups are visible in Microsoft Update and this changed, if I remember correctly, in SP2 RU3 or RU4 which included critical security updates. It is possible to install them from
  WU, but you will have better control if you install them manually from an elevated command prompt.
  3. Not necessary but its recommended, especially on DAG Members.
  I know that the Exchange 2010 Forum can be a bit hard to find, but here you have the link to it if you have other questions regarding that version
  http://social.technet.microsoft.com/Forums/exchange/en-US/home?forum=exchange2010 . The topic here is Exchange 2013.
  Martina Miskovic

• Exchange 2010 SP2 Rollup 6 installation

  The system requirements state that "interim updates" should be removed prior to installing Rollup 6. I have rollup 4 installed.  Does this need to be uninstalled prior to installing rollup 6?

  My understanding is an interim update is one that is released like a fix for a certain rollup version.  for example, if you get a fix from Microsoft that is just for Exchange 2010 SP 2 RU 2 and not for any other version, them you would need to remove
  that to go to a higher RU level.  In most cases the RU you install will detect this and inform you of any of these updates.  in you case RU 4 is not considered an interim update.
  See here for more information -
  http://technet.microsoft.com/en-us/library/ff637979(v=exchg.141).aspx.
  JAUCG - Please remeber to mark replies as helpful if they were or as answered if I provided a solution.

• How to configure two TMG 2010 Standard Edition for High Availability

  I've classic scenario.
  TMG2010 as Edge Firewall, with two NICs, one from ISP and the other for LAN.
  I've standard edition, and i want to setup two TMG2010.
  Can i create some high availability with these two tmg2010 in some way??
  maybe some NLB?? to share their internal IP and Public IP?
  in case that TMG01 fails, the services to be offered by TMG02?
  Regards
  Lasandro Lopez

  Hi，
  Thank you for your post here.
  I do not think it is  a good idea.
  Please refer to the article below:
  http://www.experts-exchange.com/Microsoft/Windows_Security/Q_28014001.html
  Best Regards
  Quan Gu

• Remove internal network . TMG 2010 SP2

  Hello,
  I used to have a TMG with three networks: Internal, Perimeter, External.
  Now, due to a change in the design, I would like to remove the internal network, but I cannot.
  I thought it was harmless if I just removed the NIC (vmware) , but I am having some issues and I think it is best practise to remove such network (the network card is removed)
  I can't figure this out.
  Thanks in advance!
  Luis Olías Técnico/Admon Sistemas . Sevilla (España - Spain)

  Hi,
  Would you please elaborate the issues that you have encountered?
  According to your description, it seems that you have configured the network template as a 3-leg perimeter and now you want to change it to a back firewall template.
  Personally, I don’t think it is appropriate to just remove the internal network adapter and network range.
  It is possible to change the network design after the initial installation by
  launching the Getting Started Wizard. However, I am not sure if it is possible to launch the Getting Started Wizard in the TMG Management console for you now. If not, in these scenario, maybe you need to reinstall TMG and
  reconfigure the network template.
  Best regards,
  Susie

• Hyper-V 2012 and TMG 2010/NLB

  Hi there,
  I have an issue with TMG 2010 on Hyper-V 2012 - the Setup:
  - Windows 2012 Hyper-V
  - TMG 2010 SP2 Rollup 4 running on W2K8 R2
  TMG 2010 (Array Node1) Network
  Internal Interface: 10.0.0.10/24 (Route to 192.168.11.0/24 over 10.0.0.1)
  IntraArray: 192.168.10.10/24
  Perimeter: 10.0.60.10/24 GW 10.0.60.100
  TMG 2010 (Array Node2) Network
  Internal Interface: 10.0.0.11/24 (Route to 192.168.11.0/24 over 10.0.0.1)
  IntraArray: 192.168.10.11/24
  Perimeter: 10.0.60.11/24 GW 10.0.60.100
  Domain Controllers:
  192.168.11.10
  192.168.11.11
  The NICs of the TMG VMs are configured with the correct VLANs and on the Perimeter Interface as well as on the Internal Interface I activate MAC Address Spoofing.
  Once I activate NLB on the Perimeter Interface all works fine. But NLB on the internal Interface does not work - I see that NLB got configured on Array Node 1 but the second one does not get the config nor is able to sync it´s configuration with Array
  Node 1. ALso the Servers are not able to communicate with the Domain Controllers anymore. Once I deactivate MAC Address Spoofing on the internal Interface and remove NLB the Server are able to speak to the Domain Controllers...
  Any suggestions?

  Hi,
  Can I just confirm you are using TMG console to enable NLB?
  Also did you enable set this reg key on both your TMG servers? You need to make sure MAC Spoofing is enabled too.
  HKLM\System\CurrentControlSet\Services\TCPIP\Parameters
  IPEnableRouter RegDword 1
  after enabling the key you may need to reboot both nodes.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• TMG 2010 report problem Operation has timed out

  Hello.
  I stuck and i'm really need assistance
  We has a TMG 2010 RTM version and i decide to update it to latest rollup and SP (dumb head)
  So at now we have TMG 2010 SP2 rollup 4.
  Before i update TMG reports work fine but at now reports not working at all.
  When i try execute a report ( or shedule daily or weekly report) i have same issue 
  Error 31289:
  The report "Daily" could not be generated. Report Server error information: The report Daily could not be generated. Report Server error information: The operation has timed out.
  The error occurred on object 'Reports' of class 'Reports Configuration' in the scope of array 'TMG`
  I read all guidliness( include this http://www.isaserver.org/tutorials/Microsoft-Forefront-TMG-How-to-use-SQL-Server-2008-Express-Reporting-Services.html) and not find something useful.
  Settings correct, and i not changed any settings.
  And at now my ideas end i ask your help.

  That would be expected as the RAT key does not exist by default on a TMG system. You will need to create it and the subkeys referenced along with the values.
  Create as described in the article. 
  Hth, Anders Janson Enfo Zipper

• Supporting of Broadcast and Multicast in TMG 2010 !

  I have installed TMG 2010 SP2 at Windows 2008 R2.
  So, as I read TMG blocks as broadcast as multicast.
  And such built-in only one way default behaviour is not right.
  I want in my own (as user/admin) define whether it is necessary to me or not as following there have to be ability to switch it on/off such option, for example as checkboxes for each network (address range) defined by default/user - one for broadcast and
  one for multicast.
  So, please add such functionality to kernel mode driver and to service in the next nearest SP or rollup.
  And/or tell how is it possible to switch it on at Tmg 2010 SP2 and later.
  There are some important services relying on broadcast: NetBios, Dhcp, some Alladin hardkey protection, some special soft.
  If somebody of MS techinians will send registry parameter for this or specially designed driver, all will under my responsibility only.

  I didn' t find Threat Management Gateway
  topic at https://connect.microsoft.com/directory
  Please open such topic at  https://connect.microsoft.com/directory.
  I will post suggestion or you can do so in your own.
  I see this as following: next roll up adding two checkboxes and also two array input fields for Each Rule: multicast traffic checkbox and array where some (one or more) IP addresses can be put and broadcast traffic checkbox with also array input (for example
  192.168.0.255 and 255.255.255.255 - both IP, not mask) .
  For example, I want to allow out/in (from LocalHost/to LocalHost) for NetBios 137, 138 port services broadcast, but drop out/in Dhcp Broadcast and allow out only
  Sentinel HASP License Manager uses port 1947 broadcast. Of, course this example is for/from internal net only
  So, and admins/users uses of Tmg only may define in their own or decide whether it is necessary at all and what rule/rules is/are necassary for.
  Warning message can be appeared if admin set multicast and/or broadcast checbox for external net (differs from lan and localhost) but if it is necessary admin can continue anyway to do so.
  Or may be make global settings (also 2 checkboxes and 2 array input control) but if it set to on, multicast/broadcat will allow if allowing appropriate rule (for examplee for NetBios) exist if drop Dhcp rule exist additionally to NetBios allowing rule, so
  multicast/broadcast will be allowed to NetBios nd will not be dropped for Dhcp.
  And some changes are necessary to make in kernel mode driver as I suppose.
  I can become a first tester. :))))))))
  P. S.: At the moment even outgoing traffic with sender IP of LocalHost (for example 192.168.0.100) and destination IP of broadcast (192.168.0.255) is blocked also.

• Error 1603 when installing Rollup 4 for Exchange 2010 SP2

  Hi There,
  I have began upgrading our Exchange servers to Rollup 4 for Exchange 2010 SP2 last week and the first 3 servers all successfully installed it without any problems.  However I have hit a problem with my 4th server.
  I am receiving the 'common' error 1603 in my Application log and I have already ran through many potential fixes to this problem on various posts on this and other forums, but to no avail.
  I have tried the following without success:
  Turning off UAC
  Running from elevated CMD prompt
  Running from elevated Powershell command
  Removing and re-adding "Exchange Trusted Subsystem" from the Administrators group
  Re-downloading the RU4 install package to the local disk on the server
  Adding more RAM and CPU resources
  I have watched the installation process and it seems to update of the native assembly files and comes to the "Starting Services" process, with which it appears to do fine as I have watched the Services starting within Server Manager while this has been running,
  but then all of a sudden just begins "Rolling back actions".
  The only difference with this server to the others is the fact that a colleague of mine had to recover this server within the last 6 months and ran the Setup /m:RecoverServer command
  to do so, could this have anything to do with it?
  I have installed Exchange 2010 Service Pack 2 on this server since the recovery though.
  I am running out of ideas so any help would be greatly appreciated.

  skippy-85,
  Any updates on this Issues?
  In case if the issue stands
  resolved, Please mark Solution for this Thread and close this.
  In case if you still have
  the issue with the RU4 installation do let us know!
  Thanks
  Exchangeexperts.in ~ ( Exchange | 2003/2007/2010/E15(2013)) ~Mark this if Helpful~ This Information is provided "AS IS" and confers no Rights!!

• We stopped receiving event about lockout users after we installed rollup 4 for tmg with sp2

  We have implemented Account Lockout Feature in TMG 2010 (http://www.ntsystems.it/post/ActiveSync-ForeFront-TMG-and-AccountLockoutThreshold.aspx). We configured
  alert definition to send alert when problem occure. After we installed rollup 4 we stopped receiving  event about this probloem ("The limit of consecutive logon failures has been reached...."). How can we resolve this problem? We have implented
  a script which send this information automatically to user with problem. This is very important for us.
  Event description:
  Source: Microsoft Forefront TMG Web 
  Event ID: 32581
  Level: Error
  Text: limit for consecutive logon failures has been reached. Additional logon attempts by domain.local\user.name will be automatically rejected for the next 300 seconds

  Hi,
  Before going further troubleshooting, we should confirm if account lockout works fine now.
  Please refer to the article below to check some limitations on this function.
  http://blogs.technet.com/b/isablog/archive/2012/11/01/using-the-account-lockout-feature-in-tmg-2010.aspx
  Is there any other different information after you install Rollup 4? Or what something else do you change during update to RU4?
  Best Regards
  Quan Gu 

• SBS2011 (Exchange 2010 SP2) - limiting cache size doesn't appear to work

  Hi All,
  Hoping for some clarification here, or extra input at least.  I know there are other posts about this topic such as
  http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/5acb6e29-13b3-4e70-95d9-1a62fc9304ac but these have been
  incorrectly marked as answer in my opinion.
  To recap the issue.  The Exchange 2010 store.exe process uses a lot of memory.  So much in fact it has a negative performance impact on the server (sluggish access to the desktop etc).  You can argue about this all day - it's by design
  and shouldn't be messed with etc but the bottom line is that it does use too much memory and it does need tweaked.  I know this because if you simply restart the Information Store process (or reboot the server) it frees up the memory and the performance
  returns (until its cache is fully rebuilt that is).  I have verified this on 4 different fresh builds of SBS2011 over the last 6 months. (all on servers with 16GB RAM)
  I have scoured the internet for information on limiting how much memory exchange uses to cache the information store and most articles point back to the same two articles (http://eightwone.com/2011/04/06/limiting-exchange-2010-sp1-database-cache/
  and
  http://eightwone.com/2010/03/25/limiting-exchange-2010-database-cache) that deal with exchange 2010 and exchange 2010 SP1, notably not exchange 2010 SP2.  Ergo most articles are out of date since exchange 2010 SP2 has been released since these articles
  were posted.
  When testing with our own in house SBS2011 server (with exchange 2010 SP2) I have found that specifying the min, max and cache sizes in ADSIEDIT has varying results that are not in line with the results documented in the articles I mentioned above. 
  I suspect the behaviour of these settings has changed with the release of exchange 2010 SP2 (as it did between the initial release and SP1).
  Specifically here's what I have found using ADSIEDIT;
  If you set the msExchESEParamCacheSize to a value - it doesn't have any effect.
  If you set the msExchESEParamCacheSizeMax to a value - it doesn't have any effect.
  If you set the msExchESEParamCacheSizeMin to a value - it always locks the store.exe process to using exactly this value.
  I have also tested using combinations of these settings with the result that the size and max size values are always ignored (and the store.exe process uses the maximum available amount of memory - thus causing the performance degradation) but as soon as
  you specify the min value it locks it to this value and it doesn't change.
  As a temporary solution on our in-house SBS2011 I have set the min value to 4GB and it appears to be running fine (only 15 mailboxes though).
  Anyone got some input on this ? thank you for your time.

  I concur with Erin. I'm seeing the same behaviour across all SBS2011 boxes, whether running SP1, SP2 or SP3.
  If a minimum value is set, the store cache size barely rises above the minumum. I have one server with 32GB RAM. Store.exe was using 20GB of RAM, plus all the other Exchange services which total 4GB+. That left virtually no free RAM and trying to do
  anything else on the server was sluggish at best.
  All the advise is that setting a maximum alone has no effect and a minimum must be set too. But when set, the store cache size barely rises above the minimum. I have set a 4GB minimum and 16GB max, but 5 days later it's still using only slightly more than
  4GB and there's 8GB free. Now the server as a whole is responsive, but doing anything with Exchange is sluggish.
  Just saying leave Exchange to manage itself is not an answer. The clue is in the name - Small Business Server. It's not Exchange Only Server - there are other tasks an SBS must handle so leaving Exchange to run rampant is not an option. Besides, there are
  allegedly means to manage the Exchange cache size - they just don't apparently work!
  I'm guessing nobody has an answer to this so the only solution is to effectively fix the cache size to a sensible value by setting min and max to the same value.
  Adam@Regis IT

• Rollup 8 for Exchange 2010 SP2 causes EWS error with bad parameter for Exchange.MailboxReplicationService.ProxyService

  When I installed Rollup 8  for Exchange 2010 SP2 it caused an error in EWS
  EWS failed with the error:
  exchange web service could not load file or assembly Exchange.MailboxReplicationService.ProxyService bad parameter
  When I uninstalled the rollup all worked fine again.
  Any ideas, Thanks in advance?

  Hi,
  To apply this update rollup, you must have Exchange Server 2010 SP2 installed. And remove all interim updates for Exchange Server 2010 SP2 before you apply this update rollup. Please check your installation deployment by the following article:
  Install the Latest Update Rollup for Exchange 2010
  http://technet.microsoft.com/en-us/library/ff637981.aspx
  Description of Update Rollup 8 for Exchange Server 2010 Service Pack 2
  http://support.microsoft.com/kb/2903903/en-us
  If all requirements and preparations are configured properly, please collect your error logs to check your installation. It would be helpful to post some event logs here for further analysis.
  Thanks,
  Winnie Liang
  TechNet Community Support

• AutoDiscover not working after Exchange 2010 SP2 - SP3 update.

  Hi Everyone, 
  I'm sorry if this is a really simple thing, but i've played around for hours and exhausted google.
  I run a 2010 exchange server for everyone at the office, and today I updated from 2010 SP2 to SP3.
  The problem I have is auto discover no longer accepts anyones username or password. If you set the account up on the client machine by manually entering the details everything works great.
  All the DNS records are correct and have been working for 2+ years. I have recreated the Autodiscovery virtual directory in EMC.
  If i manually browse to mydomain/Autodiscover/Autodiscover.xml, when asked for a username and password it says it incorrect. I can then log in to OWA with the same credentials and it works. 
  Thanks,
  Garrett
  The Microsoft Connectivity Analyzer is attempting to retrieve an XML Autodiscover response from URL https://mydomaincom.au:443/Autodiscover/Autodiscover.xml for user mydomain.com.au.
  The Microsoft Connectivity Analyzer failed to obtain an Autodiscover XML response.
  Additional Details
  An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
  HTTP Response Headers:
  Transfer-Encoding: chunked
  Connection: keep-alive
  Content-Type: text/html
  Date: Wed, 22 Apr 2015 00:44:51 GMT
  Set-Cookie: __cfduid=dc0261b4643b5dbe27f750bbc28bfef7c1429663490; expires=Thu, 21-Apr-16 00:44:50 GMT; path=/; domain=.macarthurcs.com.au; HttpOnly
  Server: cloudflare-nginx
  WWW-Authenticate: Negotiate,NTLM,Basic realm="mydomain.com.au"
  X-Powered-By: ASP.NET
  CF-RAY: 1dad4d701ae911c5-SJC
  Elapsed Time: 3357 ms.
  Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com.au:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.

  Hi,
  Based on my knowledge, the above issue is caused by the loopback check being enabled. Please follow the steps below to disable loopback on the CAS servers:
  1. Run regedit, in Registry Editor, locate and then click the following registry key:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
  2. Right-click Lsa, point to New, and then click DWORD Value.
  3. Type DisableLoopbackCheck, and then press ENTER.
  4. Right-click DisableLoopbackCheck, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Quit Registry Editor, and then restart your computer.
  Hope this can be helpful to you.
  Best regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Amy Wang
  TechNet Community Support