How to Reinstall Microsoft Forefront Threat Management Gateway on Windows Essential Business Server Security Server

[Today's post comes to us courtesy of Manish Kapoor]

INTRODUCTION

This article describes how to reinstall Microsoft® Forefront™ Threat Management Gateway, Medium Business Edition on Windows® Essential Business Server Security Server. This may be necessary as a last-effort troubleshooting step or to repair a damaged installation of Forefront TMG. The steps in this article will, of course, cause loss of network connectivity until Forefront TMG is reinstalled and reconfigured.

Important: Before using these steps, it is recommended that you make a complete backup of the Security Server.

There are four steps to uninstalling and reinstalling TMG on EBS:

1. 1. Backup the existing firewall settings

2. 2. Uninstall Forefront TMG from Security Server

3. 3. Install Forefront TMG on Security Server

4. 4. Restore the Forefront TMG firewall configuration

Backup the existing firewall settings

To save network firewall settings to an XML file

1. Click Start, click All Programs, click Windows Essential Business Server, and then click Windows Essential Business Server Administration Console.

2. Click the Security tab, and in the results pane, click Network firewall. In the tasks pane, click Save firewall settings.
   

3. In the Save as dialog box, choose a name and a location for the XML file that will contain the current configuration settings for the network firewall. Click Save to begin.

4. Click Close on the “the settings were successfully saved” dialog when it appears.

Uninstall Forefront TMG from Security Server

To uninstall Forefront TMG from the server, follow these steps:

1. From Control Panel open Programs and Features on the Security Server
2. Highlight “Microsoft Forefront Threat Management Gateway” and click on Uninstall/Change
     
3. The next screen gives the option to either remove or repair Forefront TMG from the server. Select the option to Remove and select next. 
     
4. Select whether you would like to retain the existing log files and cache files on the server. If you want to remove the files, do not check anything. If you wish to retain them, check both the options and select next.
      
5. The installation wizard will proceed with the removal of TMG from the server. Uninstalling TMG from Programs and Features also removes its LDS instance (ISASTGCTRL).
      
6. Reboot the server when prompted.

Reinstall Forefront TMG on Security Server

Forefront TMG can be reinstalled using the following steps:

1. Navigate to the following location on the Security Server
   •           %ProgramFiles%\Windows Essential Business Server\Bin\ISA
2. Double-click on ISAAutorun.exe to start TMG setup.
     
3. On the “Microsoft Forefront TMG Setup” screen, click on “Install Forefront TMG”.
     
4. Select “Install Forefront Threat Management Gateway” and click on next.
5. Accept the defaults on the Component Selection screen and click next.
     
6. On the Internal Network screen use these steps to configure your network settings:
   1. Click on Add
   2. In the “Addresses” window that comes up next, click on “Add Adapter”.
   3. Select the network adapter for your internal network and click OK, then OK again.    
        
   4. Once you are back to the “Internal Network” screen, click next.
7. Click Next to acknowledge the “Setup will restart these services on the server: SNMP Service, IIS Admin Service, World Wide Web Publishing Service and Microsoft Operations Manager Service” message.
8. Click “Install” to begin the setup of Forefront TMG on the server.

After installation has completed and Forefront TMG console is launched for the first time, the TMG console will launch the Getting Started Wizard.

Before proceeding to restore the settings, click on “Close” at the “Getting started wizard” screen. This brings up a confirmation window, asking “Are you sure you want to close the Getting Started Wizard?” Uncheck the box against “Automatically launch the wizard the next time the Forefront TMG Management console is launched” and click Yes.

Restore the Forefront TMG Settings

To restore the settings previously backed up before uninstalling Forefront TMG, use the following steps:

1. Launch the Essential Business Server Administration Console.

2. Click the Security tab, and then click on Network firewall. In the tasks pane, click Apply Saved Settings.

3. In the Open dialog box, choose the name and the location of the XML file saved in the “Backup the existing firewall settings” section of this article. Click Open to apply the settings.

4. Once the settings have been committed, a “the network firewall settings were applied successfully” dialog will appear. Click Close to dismiss the dialog.

If you were unable to back up your most recent settings before uninstalling Forefront TMG, you can restore TMG to the settings configured during the EBS installation using these steps:

%ProgramFiles%\Windows Essential Business Server\Data

1. Launch the Windows® Essential Business Server Administration Console on the Management server

2. Click on the Security tab

3. Highlight Network Firewall and click on Restore Default Network Firewall Settings under Network Firewall Tasks.

4. In the resulting dialog, click Yes to restore the default settings.

5. Click close to dismiss the “Default network firewall settings were successfully restored” dialog.