Comments on: howto://Installing Microsoft Forefront TMG 2010, part one

By: Ed Fisher

Ed Fisher — Tue, 27 Mar 2012 12:51:28 +0000

Ah, you cannot install TMG on a DC.

By: ashish

ashish — Tue, 27 Mar 2012 12:18:11 +0000

i m installing it on windows server 2008 r2 64 bit version. and it is domail controller to….

By: Ed Fisher

Ed Fisher — Tue, 27 Mar 2012 12:05:25 +0000

Sounds to me like you are either trying to install on a workstation, or you are missing prerequisites. Did you run Windows Update and then Preparation Tool? What operating system are you using?

By: ashish

ashish — Tue, 27 Mar 2012 07:47:18 +0000

both first and third option are frozen in prepairation tool.

By: ashish

ashish — Tue, 27 Mar 2012 07:45:49 +0000

hi,

im not able to selelct Forefront TMG services and Management. i can only select forefront TMG management only. pls give me any resolution for how do i resolve it. im installing it on domain server and it is having active directory.

By: Will

Will — Wed, 18 Jan 2012 15:29:59 +0000

Good info, cheers mate.

Problem being is that our LAN is part of a Local Authority WAN and they have the public IPs on their routers. We just connect to their network from our router and they manage our connectivity to the outside world.

Thanks for your help, it’s much appreciated

By: Ed Fisher

Ed Fisher — Wed, 18 Jan 2012 15:11:15 +0000

Okay, so you do need to have an interface of the TMG on the “outside” and one on the “inside” to do reverse proxy (secure web publishing.)

If your existing router only gives you one publicly routable IP you may have to redo your network so that your TMG is the default gateway on the inside, and has the one public ip.addr on the outside, but from traceroutes to you, it looks like you are on a small subnet, therefore…

Router->TMG external in DMZ->TMG internal in Internal->inside Parental Gateway

Router will forward all necessary traffic (assume TCP 80 and 443) to the ip.addr on the TMG external.
You’ll publish using a listener on the TMG, and make all requests appear to come from the TMG so responses from the Parental Gateway route back properly.

By: Will

Will — Wed, 18 Jan 2012 14:57:39 +0000

Hi Ed,
Thanks for the reply.
We want to setup TMG more for incoming traffic. We host our own Parental Gateway for access to their child’s data/reports etc. According to the developers of the Parent Gateway (Capita), in order to setup a password challenge and ‘reset via email’ procedure we need to have a ISA or TMG server in place.
Hope that makes sense.

By: Ed Fisher

Ed Fisher — Wed, 18 Jan 2012 13:17:06 +0000

Will,
What is it you want to do? Define that, and I can answer your questions better, but in short…
Internet-Router-TMGexternal-TMGinternal-internal clients would be one way to do it, but really depends on whether you want to use TMG to reverse proxy (publish) internal resources, or use TMG as a proxy for your clients. If you want to use it as a client proxy, one NIC is fine and configure your clients to use it as a proxy, no need to use as a default gateway.
Two NICs are required for the best security components of TMG, but they must be on different networks so the TMG routes traffic through…on the same subnet there will be no routing.
Of course, if you don’t have admin access to the router/squid, you may be faced with a very difficult task..again, depends on what you are hoping to accomplish.
HTH
Ed

By: Will

Will — Wed, 18 Jan 2012 11:29:55 +0000

I work in a school, so have an LA provided Router and Squid Proxy that sits on our LAN and provides us with external connection.

How would TMG integrate into a setup like this? Referring particularly to the 2x NICs. Would we need to configure the TMG “external” card to point at the router. Would our clients then need to have their default gateway address pointing at the “internal” card of the TMG? Will there be any issue with the 2 NICs being on the same subnet?

By: Ed Fisher

Ed Fisher — Thu, 17 Nov 2011 18:02:49 +0000

Bengt
Have you published the mail server protocols (SMTP) yet? Use the firewall console, right click, publish a new mailserver to permit inbound email.
Ed

By: Bengt Olsson

Bengt Olsson — Wed, 16 Nov 2011 21:03:23 +0000

Hey!
like your guides you have done about tmg 2010
my problem is i can send out not receive.
i have checked both server there have exchange 2010 hub, cas, mailbox no problem but are something with receive connectors what i can see but how can seeking was is wrong
not sure what is wrong here

Best regards
Bengt Olsson

By: Ed Fisher

Ed Fisher — Sat, 10 Sep 2011 11:46:48 +0000

Open an administrative cmd prompt.
Enter this command
netstat -ano | findstr 2171
That will tell you what the PID is for the process listening on port 2171.
Launch task manager, add the column for PID and sort on it. Find the PID that you got in the netstat command, and then either uninstall or reconfigure that to use an alternate port.
HTH
Ed

By: Albert

Albert — Sat, 10 Sep 2011 10:20:30 +0000

Need help.. how can I go ith this to fix this error

Configuration storage server cannot be installed because port required for installation is currently being used by another service port :2171

By: Ed Fisher

Ed Fisher — Thu, 09 Jun 2011 16:37:45 +0000

Thanks for the update! Glad you got it all sorted.
Ed