TMG sources outgoing packets with Secondary IP addresses

  Hello Everyone! We’ve seen a few cases lately dealing with TMG servers sourcing outgoing packets with secondary IP addresses that have been added to the NICs. This could cause issues in communications between nodes or possibly other issues. One such example that I have seen come across is where a customer had a TMG…


How to implement PEAP-MSCHAPv2 as authentication method for VPN connections in TMG 2010

As you may know, there is a known security vulnerability for the authentication method MS-CHAPv2. The following TechNet article provides some detailed information about it: Microsoft Security Advisory (2743314) Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure http://technet.microsoft.com/en-us/security/advisory/2743314 You may consider moving away from PPTP VPN connections which are configured to use this authentication method…


How to determine if a client request contains a Multi-Line Header

  This post is about an issue that I came across, while working on a case recently. SCENARIO: The scenario was a simple website publishing through ISA server 2006. While accessing the HTTPS website from a client, we were seeing a Failed Connection attempt in the ISA logs. More specifically, the error message was pointing…


Using the Account Lockout Feature in TMG 2010

Introduction A much needed feature was added in Service Pack 2 for Forefront TMG 2010. This great new feature gives you the ability to lock accounts on TMG at the local level before accounts are actually locked out in the domain. The account lockout feature, when used properly, will prevent TMG from trying to authenticate…


TMG 2010 – Error “setup failed while registering Forefront TMG managed performance monitor” prompted while installing or repairing the TMG installation

It can happen while installing Forefront TMG 2010 or during a repair that we hit the following error: To this error is also normally linked to the ISA managed control service not starting correctly and errors as the following in the application event viewer: On the other hand it is also possible to hit the…


TMG Logging to LLQ

One of the problems causing TMG to log to LLQ instead of the database is the presence of orphaned databases in the local SQL Server instance. In other words you may have some databases that are registered on the local SQL Server but the corresponding .mdf and .ldf files are missing from the disk. This…


Important Information Regarding Changes to Forefront Product Roadmaps

Today, as a result of our effort to better align security and protection solutions with the workloads and applications they protect, Microsoft is announcing changes to the roadmaps of some of the security solutions made available under the Forefront brand. As part of this effort, the next release of Forefront Online Protection for Exchange, which…


Sent Items delayed when publishing Outlook Anywhere through TMG

  Problem When publishing Exchange 2010 “Outlook Anywhere” via TMG 2010, you may find that some of your external Outlook users may intermittently experience issues sending email. They may report, when sending a new email, that the email may get “stuck” in the Outbox folder. The users may find that the email will be sent…