Newly added Network adapter not showing up in RRAS with Forefront TMG

 

Recently I came across a situation where one of our customers using Forefront TMG could not add a static route in RRAS based on a newly added network adapter.

In this post, I will describe the steps required to get the adapter available in RRAS.

Symptom

After adding a new network adapter (called LAN2 in this blog) to a server with Forefront TMG 2010 installed, the new adapter is listed in “Control Panel\Network and Internet\Network Connections” but it does not appear in “Network Interfaces” of the Routing and Remote Access (RRAS) console.

Therefore, it is not possible to add a new static route using the new interface (LAN2) as it is not available in the Interface list box (Figure 1).

image

Figure 1

Any other setting using the new added interface will not be possible in the RRAS.

How to get the new network adapter to show up?

Here is an example (Windows 2008 R2 / TMG 2010 SP2)

1. Before adding the extra network adapter, we have 2 NICs (LAN and WAN) (Figure 2)

image3

Figure 2

2. Right after adding the new LAN2 adapter and restarting the TMG server, LAN2 is showing up in the “Network Connections” (Figure 3) but not in the RRAS Network Interfaces (Figure 4).

image6

Figure 3

image

Figure 4

Note that you can see the 3 NICS in the TMG console (Networking\Network adapters).

To make the new network adapter LAN2 available in RRAS, follow the steps below.

3. Disable Routing and Remote Access (Figure 5)

image

Figure 5

4. Configure and Enable the Routing and Remote Access (Figure 6)

image

Figure 6

5. Then choose “Custom configuration” and “LAN routing” (Figure 7)

Note: What you choose is actually not really important as it is going to be overwritten by TMG later on.

image

Figure 7

image

Figure 8

6. If prompted agree to Start the service

image

Figure 9

7. The new network interface LAN2 is now available in the RRAS (Figure 10)

Therefore, adding a static route using LAN2 is possible.

image

Figure 10

8. The Routing and Remote Access is back online but the RRAS configuration was reset. Therefore we have to reapply the stored TMG RRAS settings.

As you may know, Forefront TMG takes over the Routing and Remote Access settings with its own configuration. (To know more about this behavior: http://technet.microsoft.com/en-us/library/ee796231.aspx#hbsdfghserrty5)

The trick here is to modify any setting in TMG configuration and then apply the change. For instance, you can just add a description to an Access rule.

Forefront TMG will overwrite the Routing and Remote Access settings with its own “good” configuration.

Now we have the “good” RRAS configuration and the possibility to use the new added interface in RRAS.

Author

Olivier Bertin

Support Engineer

Microsoft CSS Forefront Security Edge Team

Technical Reviewers

The “Escalation Engineers team”

Microsoft CSS Forefront Security Edge Team