Setting up TMG 2010 Where EMS is a Domain Member and Array Servers are in a Workgroup

  Introduction I have seen a number of cases where customers were installing TMG 2010 in a “hybrid” scenario. What I mean by this is that the EMS was part of the Domain but the Array Servers were in a workgroup. There are a couple of “gotchas” that I wanted to talk about today. Assumptions…

0

Using the Account Lockout Feature in TMG 2010

Introduction A much needed feature was added in Service Pack 2 for Forefront TMG 2010. This great new feature gives you the ability to lock accounts on TMG at the local level before accounts are actually locked out in the domain. The account lockout feature, when used properly, will prevent TMG from trying to authenticate…

1

ISA 2006 Service Pack, Hotfix, and Version Number Reference

  Below you will find the Internet Services and Acceleration Server 2006 version number and a link to their corresponding KB.   I started at Service Pack 1 because it is the minimum level you should be at to obtain support.   Service Pack, Hotfix Version                                                                                                                                  Reference Service Pack 1 5.0.5723.493 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17536 Hotfix 5.0.5723.500…

2

Identifying Failed Logon Attempts That Are Causing Account Lockouts in Threat Management Gateway 2010

In one of my previous posts entitled “ISA Server or Forefront TMG is Locking my Accounts Out”  I wrote about the frustration some companies experience with account lockouts.  In almost all cases, the cause for the account lockouts is that invalid user/password combinations have been saved on devices such as phones, tablets, or even on…

0

Setting Up and Troubleshooting LDAPS Authentication in Forefront TMG 2010

Lightweight Directory Access Protocol over SSL (LDAPS) is used in Forefront Threat Management Gateway (TMG) when the decision has been made not to join TMG to the Active Directory domain. LDAP is a protocol used to read and write to Active Directory and, by default, is not secure. LDAPS is secure but requires some extra…

7

Top Troubleshooting Tips to Try Before Calling Support for ISA/TMG

Today I wanted to give you a list of common things to try when troubleshooting an issue on Internet Security and Acceleration Server (ISA) or Forefront Threat Management Gateway (TMG). The next time you are facing an issue  with either product, I encourage you to walk down through the list and see if any of them…

2

ISA Server or Forefront TMG is Locking my Accounts Out

  I hear this statement pretty frequently from some of my customers and it is just not accurate. The logging on the Domain Controllers does show that the bad password attempts are coming from ISA or TMG. The reality here is that ISA/TMG is not randomly trying bad passwords for user accounts. It is also…

1

Creating a Rule to Bypass the Web Proxy Filter in ISA Server or Forefront TMG

  This is Keith Abluton with the Forefront Edge team at Microsoft. I had a case recently where a legacy application that was improperly coded was causing a critical situation for one of our customers. The application was used to send information to a server that was located on the Internet. I won’t bore you…

14