Problems when installing Exchange 2010 Service Pack 1 on a TMG configured for Mail protection


TMG can be configured in a Mail protection role. In such configurations Forefront Protection for Exchange and Exchange Server (edge transport role) are installed on the same machine as TMG.

We have identified problems when installing Microsoft Exchange Server 2010 Service Pack 1 (SP1) that was released last week on such deployments.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

Root cause

SP1 made some changes to the SDK including removing some of the existing cmdlets (see more information here).

When Email protection is configured on TMG and Spam Filtering functionality is enabled, TMG uses one of the cmdlets that has been removed (get-antispamupdates) in SP1. As a result, Microsoft Forefront TMG Managed Control service fails to start and the event viewer will contain a message that the service terminated with the following error : %%-2146233088 :

clip_image002clip_image004

 

What we are doing to address this problem

The TMG team is fully committed to addressing this problem and is working on a fix which will be publically available soon. We recommend refraining from installing Exchange 2010 SP1 on TMG machines until the fix is available. We will publish another blog post when the fix becomes available.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

If you are already affected by this problem and need urgent assistance, please contact Microsoft support (http://support.microsoft.com).

Thank you for your patience,

Gabriel Koren


Comments (14)

  1. pwny says:

    Do you guys talk to each other at MS?  Like, ever?

  2. Jan says:

    Some updates about release date of TMG hotfix ?

  3. prp says:

    If you've already applied SP1 on a TMG server, is there any way to remove it?

  4. Michael says:

    Is there already a release date for this hotfix?

  5. Jan says:

    TMG guys some updates about hotfix release ?

  6. Jer says:

    Update would be much appreciated… we've been dealing with a flood of spam for 2 weeks now.

  7. Ray says:

    it has been reported that the fix has been released for this issue and will be available on 9/21/2010

  8. Alan says:

    I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.

    Control service is now failing with the following error

    The Microsoft Forefront TMG Managed Control service terminated with the following error:

    %%-2146233079

  9. Daniel says:

    same problem here …

    "I have just patched with TMG SP1 and the rollup patch. Then applied Exchange SP1.

    Control service is now failing with the following error

    The Microsoft Forefront TMG Managed Control service terminated with the following error:

    %%-2146233079"

  10. MSBugFinderAndSolutionMaker says:

    I have had this problem several times and it is always fixed after running the following command.

    Get-IPBlockListEntry | Remove-IpBlockListEntry

    It has something to do with another bug (no words from MS yet about this one) that stops the Managed Control from starting if you block list entires are to many.

    Hope this fixes you problem :)

  11. doublehorn says:

    In case anyone from the MS TMG team is monitoring this forum, I have exhausted all the online data that I can find to resolve this problem where the TMG Managed Control Service can't be started after SP1 installation. I'd happily pay the $259 support fee if I had any confidence the problem was solvable via that channel, but the truth is enough people are having this problem that there must, must, must be a fix for the problem coming soon as a patch to SP 1 Update1, which did not allow the service to be started.

    SP1 Update 2 anyone? Good thing this is a pre-production system….. my Cisco ASA lives to fight another day.

  12. IT hole says:

    Great, well done, I had an issue with my malware protection on my TMG 2010 for 2 weeks and couldn't understand the source or cause of the issue.

    My installation of Forefront protection on the edge server FAILED, Exchange Transport Service wouldn't restart. Thought to check for Updates to see if there was a fix and…..

    SP1 Update fixed the issue immediately. Pays to check for updates! However saying this how are admins supposed to know this stuff out of the box, there should be a precursory warning explaining this issue before installation?

    It was a few hours worth of searching the internet to locate a reasonable post explaining the issue! We admins tend to be quite busy with our users and existing infrastructure maintenance, I had to uninstall the Forefront initially and come back to it later, of course in the meantime without Forefront installed there were warnings and reduced functionailty to have to deal with.

  13. MRVirtual says:

    Hi there,

    is there any info available if we are facing similar problems when installing Exchange 2010 SP2?