Missing BDA hook rules – impact and potential root cause

Some of you may have already heard and know what NLB is and how it works as described in the general Network Load Balancing Overview [http://technet.microsoft.com/en-us/library/cc725946.aspx]. An integral part of a TMG NLB solution is Bi-direction affinity, which is well described at the following link: Bi-Directional Affinity in ISA Server [http://blogs.technet.com/b/isablog/archive/2008/03/12/bi-directional-affinity-in-isa-server.aspx]. Bi-directional affinity creates multiple…


How to create a CNG HTTPSi cert using a 2008r2 CA

In a previous article we explained how to create a self-signed CNG certificate, suitable for the HTTPS Inspection feature, which can be used to inspect sites using an SHA-256 certificate. In this article we will explain how to generate a similar certificate using your internal CA based on Windows 2008 R2. Using a certificate issued…


TMG SP2 Rollup 5 now available

We are happy to announce the availability of Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 5 is available for download here: Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2   Please see KB Article ID: 2954173 for details of the fixes included in…


TMG Web Listener Certificate "Private Key handle error" 0x80090016

You may face an issue with a certificate assigned to a listener that suddenly becomes invalid and therefore the incoming SSL connection are dropped. Restarting the service you will show the following error: Event Source: Microsoft Firewall Event ID: 14060 Description: Description: Cannot load an application filter Web Proxy Filter ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code…