Missing BDA hook rules – impact and potential root cause

Some of you may have already heard and know what NLB is and how it works as described in the general Network Load Balancing Overview [http://technet.microsoft.com/en-us/library/cc725946.aspx]. An integral part of a TMG NLB solution is Bi-direction affinity, which is well described at the following link: Bi-Directional Affinity in ISA Server [http://blogs.technet.com/b/isablog/archive/2008/03/12/bi-directional-affinity-in-isa-server.aspx]. Bi-directional affinity creates multiple…


How to create a CNG HTTPSi cert using a 2008r2 CA

In a previous article we explained how to create a self-signed CNG certificate, suitable for the HTTPS Inspection feature, which can be used to inspect sites using an SHA-256 certificate. In this article we will explain how to generate a similar certificate using your internal CA based on Windows 2008 R2. Using a certificate issued…


TMG SP2 Rollup 5 now available

We are happy to announce the availability of Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 5 is available for download here: Rollup 5 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2   Please see KB Article ID: 2954173 for details of the fixes included in…


TMG Web Listener Certificate "Private Key handle error" 0x80090016

You may face an issue with a certificate assigned to a listener that suddenly becomes invalid and therefore the incoming SSL connection are dropped. Restarting the service you will show the following error: Event Source: Microsoft Firewall Event ID: 14060 Description: Description: Cannot load an application filter Web Proxy Filter ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code…


TMG 2010 – YOU CANNOT REMOTELY CONNECT TO TMG SERVER WHEN IT’S PUBLISHING RDP PROTOCOL

If some of you recently tried to publish RDP protocol through TMG server, and suddenly lost the possibility to perform TS connections to the TMG server itself, you may find this post useful! In TMG 2010, a System Policy rule exists allowing RDP traffic from a white-list of workstations to the TMG server itself. Thanks to…