Problems when installing Exchange 2010 Service Pack 1 on a TMG configured for Mail protection

TMG can be configured in a Mail protection role. In such configurations Forefront Protection for Exchange and Exchange Server (edge transport role) are installed on the same machine as TMG.

We have identified problems when installing Microsoft Exchange Server 2010 Service Pack 1 (SP1) that was released last week on such deployments.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

Root cause

SP1 made some changes to the SDK including removing some of the existing cmdlets (see more information here).

When Email protection is configured on TMG and Spam Filtering functionality is enabled, TMG uses one of the cmdlets that has been removed (get-antispamupdates) in SP1. As a result, Microsoft Forefront TMG Managed Control service fails to start and the event viewer will contain a message that the service terminated with the following error : %%-2146233088 :

clip_image002clip_image004

 

What we are doing to address this problem

The TMG team is fully committed to addressing this problem and is working on a fix which will be publically available soon. We recommend refraining from installing Exchange 2010 SP1 on TMG machines until the fix is available. We will publish another blog post when the fix becomes available.

Update: A fix for this problem is now available for download as part of Software Update 1 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1.

If you are already affected by this problem and need urgent assistance, please contact Microsoft support (http://support.microsoft.com).

Thank you for your patience,

Gabriel Koren