Blog du Tristank

Migrating to . And still so terrific that 3 of 4 readers rated it "soporific"

TMG SP2 now out there

There I was, blathering away about Kerberos and SetSPN and sleeping – sleeping! – while the long-awaited-but-unnanounced TMG SP2 was released. And announced, I guess. The documentation’s still being updated (the release notes haven’t made it up yet), but you can try it out from here: Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2… Read more

PSA: You really need to update your Kerberos setup documentation with SetSPN -S!

Hi! You might remember me from such posts as Kerbie Goes Bananas, and SetSPN improvements for Windows 2008. Or something. I’m here with a public service announcement! Excitement! It’s been long enough since Windows 2008 (and the downlevel release of SetSPN) that I feel comfortable respectfully asking you to please: Search and Replace SetSPN -A… Read more

(The catchily-titled) TMG 2010 SP1 SU1 UR4 is out now!

That’s Forefront Threat Management Gateway 2010 + Service Pack 1 + Software Update 1 + Update Rollup 4 to its friends. This is the latest 2011 update for TMG – see the fix list at the KB article.   The larger list of ISA Server build numbers is still here – wonder if there’s… Read more

IRacing vs TMG 2010

Pre-blurb About a week ago, I signed up for iRacing again, after letting my subscription lapse back in, oh, looks like 2008. Time flies! Since then, I’ve been trying to get updates to install, but I’ve been having no luck with it – the update web page would just vanish when I ticked the updates… Read more

ISA 2000: The End Draws Near

While updating some documentation today and noticing it’s 2011 (when, exactly, did that happen?), I dug up the ISA Server 2000 Lifecycle information. Paraphrasing the table here:   Availability Mainstream Support Ends Extended Support Ends Internet Security and Acceleration Server 2000 Enterprise Edition 18/03/2001 11/04/2006 12/04/2011 That’s right, kids, it expires on April 12 this… Read more

Autoproxy might still be broken in current Java runtimes

A customer battling automatic proxy configuration issues with ISA/TMG, and PAC/WPAD.DAT pointed me at the following bug:;jsessionid=e70c81c1a56f7d856f2e50539c708?bug_id=6887492 Which, if I’m interpreting it right, is Closed. In Connect-speak, that would mean “not being worked on”. (If it was, or is, and a newer version fixes this, please let me know). From the TMG perspective, a… Read more

TMG Large Logging Queue: No More SQL Lockdowns?

What you say!? The new logging system in TMG 2010 is seriously cool, and it’s designed to cope with extended instances of SQL Server going away. Extended meaning multi-hour, but depending on disk space, it could be multi-day. Short Version There’s a good detailed description of it here, which I’ll try to crystallize: The most… Read more

More Network Inspection System updates

A new Vuln (vulnerability) NIS definition for Outlook Express / Windows Mail MS10-030 joins the recent Expl (exploit) definition for the Sharepoint XSS issue (currently an Advisory). The other type of signature is a Policy signature – not an exploit or a vulnerability per se, but a security feature an Administrator might want to enable…. Read more

TmgAdConfig (aka ADConfig, ADConfigPack)

To avoid you tearing your hair out trying to find it: The tool TMGADCONFIG.exe is included in the ADCONFIGPACK.exe download, available from this location, which extracts to the Program Files(x86)\Forefront TMG Tools\ADCONFIG folder by default. I was chasing it down with great vengeance and furious anger cos the examples on the web indicated that the… Read more