KB: HTTP Redirect in Threat Management Gateway 2010 fails when the Exchange 2010 Edge role is installed

  • Article

hotfixHere’s a new Knowledge Base article we published today. This one talks about an issue where HTTP redirects in TMG 20101 fail if the Exchange Edge role is installed on the same box:

=====

Symptoms

If you deploy Microsoft Threat Management Gateway 2010 (TMG) and the Exchange 2010 Edge role on the same machine, you may encounter an issue where HTTP Redirect in TMG fails.

If you monitor the TMG packets when attempting to connect to http://mail.domain.com/owa, TMG will report a "Denied Connection” with the following status:

The policy rules do not allow the user request.

In the Event Log you may also see an Event ID 14148 Warning with the following text:

The Web Proxy filter failed to bind its socket to 172.x.x.x port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service

Cause

When you install Exchange 2010 Edge role on a W2k8 R2 Server, the prerequisites instruct you to install features using the PowerShell commands below:

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

This will also install WWW Publishing service and it will bind to port 80. Because the WWW Publishing service is already bound to port 80, when you install TMG it will be unable to redirect requests since it will be unable to bind to port 80.

Resolution

As a workaround, stop the WWW Publishing service, then restart the TMG firewall service. If your rules are setup correctly the HTTPS Redirect should now work.

An alternative temporary solution is to delay the start of the WWW publishing service on startup so TMG has a chance to bind to port 80 first.

More Information

Pre-requirements to Install E-Mail Protection Role on TMG : http://technet.microsoft.com/en-us/library/ee207141.aspx

Troubleshooting E-Mail Protection Feature on TMG : http://social.technet.microsoft.com/wiki/contents/articles/2702.aspx#TShootEP

=====

For the most current version of this article please see the following:

2682632 : HTTP Redirect in Threat Management Gateway 2010 fails when the Exchange 2010 Edge role is installed

J.C. Hornbeck | System Center & Security Knowledge Engineer

Get the latest System Center news on Facebook and Twitter :

clip_image001 clip_image002

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/