Newly added Network adapter not showing up in RRAS with Forefront TMG


Recently I came across a situation where one of our customers using Forefront TMG could not add a static route in RRAS based on a newly added network adapter.

In this post, I will describe the steps required to get the adapter available in RRAS.


After adding a new network adapter (called LAN2 in this blog) to a server with Forefront TMG 2010 installed, the new adapter is listed in “Control Panel\Network and Internet\Network Connections” but it does not appear in “Network Interfaces” of the Routing and Remote Access (RRAS) console.

Therefore, it is not possible to add a new static route using the new interface (LAN2) as it is not available in the Interface list box (Figure 1).


Figure 1

Any other setting using the new added interface will not be possible in the RRAS.

How to get the new network adapter to show up?

Here is an example (Windows 2008 R2 / TMG 2010 SP2)

1. Before adding the extra network adapter, we have 2 NICs (LAN and WAN) (Figure 2)


Figure 2

2. Right after adding the new LAN2 adapter and restarting the TMG server, LAN2 is showing up in the “Network Connections” (Figure 3) but not in the RRAS Network Interfaces (Figure 4).


Figure 3


Figure 4

Note that you can see the 3 NICS in the TMG console (Networking\Network adapters).

To make the new network adapter LAN2 available in RRAS, follow the steps below.

3. Disable Routing and Remote Access (Figure 5)


Figure 5

4. Configure and Enable the Routing and Remote Access (Figure 6)


Figure 6

5. Then choose “Custom configuration” and “LAN routing” (Figure 7)

Note: What you choose is actually not really important as it is going to be overwritten by TMG later on.


Figure 7


Figure 8

6. If prompted agree to Start the service


Figure 9

7. The new network interface LAN2 is now available in the RRAS (Figure 10)

Therefore, adding a static route using LAN2 is possible.


Figure 10

8. The Routing and Remote Access is back online but the RRAS configuration was reset. Therefore we have to reapply the stored TMG RRAS settings.

As you may know, Forefront TMG takes over the Routing and Remote Access settings with its own configuration. (To know more about this behavior:

The trick here is to modify any setting in TMG configuration and then apply the change. For instance, you can just add a description to an Access rule.

Forefront TMG will overwrite the Routing and Remote Access settings with its own “good” configuration.

Now we have the “good” RRAS configuration and the possibility to use the new added interface in RRAS.


Olivier Bertin

Support Engineer

Microsoft CSS Forefront Security Edge Team

Technical Reviewers

The “Escalation Engineers team”

Microsoft CSS Forefront Security Edge Team

Comments (8)

  1. Ken Grainger says:

    I don't think TMG has anything to do with this at all.  I had this issue on a straight RRAS server.  Add another NIC and it didn't add it.  Removing/re-Adding the service didn't fix it because it didn't reconfigure the service.  That was on 2008 R2.

  2. randy says:

    Agreed. TMG not part of the issue. This just plain RRAS doing this

  3. Carlos R. Gomez says:

    I cannot believe that googleing for this show me this webpage… actually the issue still exists on Windows Server 2012 and 2012 R2…. Good job, only 2 years has passed and the problem is still there…. do you really listen to your customers or partners…. I began to think NO.

  4. Beep says:

    Problem still exists – thanks for the post, it got me going again.

  5. Peter says:

    Ok, muchas gracias, en un Win 2012 R2 me paso lo mismo.

  6. Hi Olivier,
    I have a unique situation I request for insights or assistance. We have a server (Win2k8 R2) with Forefront TMG configured (with a Firewall Policy) to allow networks over our WAN infrastructure (protocols FROM Internal TO External,Perimeter and Localhost) . However, when there’s only one branch office that is not able to reach this TMG server to access a web application that has worked on all other branch offices. This branch office network is in the range of WAN networks allowed.
    The server has 2 NICs, Local Area Conn (LAC) 3 and 4. LAC3 is configured with no gateway (on networks with 172.16.*.*) , and LAC 4 is configured with a different IP (192.168.*.*) and with the default gateway of

    Under TMG, on checking the properties of the above configured policy, under the FROM tab, I clicked on source Internal>Edit>Internal Properties>Addresses Tab>Add Adapter> to view the two LACs listed i.e. LAC 3 and LAC 4. Upon selecting on LAC 4 interface, I noticed a problem, LAC4 is not supposed to reach local area and WAN networks i.e. 172.16.*.* but it shows networks associated with it are the LAN/WAN networks.

    Question is, how do I stop LAC 4 from associating itself with LAN/WAN networks on 172.*.*.*? I believe this will help in resolving the issue of this one branch network reaching the server web application. Is there anything outside TMG that I can do to dissociate LAC4 from and remain on 192.168.*.* and the default route? Pls help


  7. Patrick says:

    Worked for me. 2012r2. Thanks!

    1. Michael says:

      Also for me. 2012R2

Skip to main content