Thursday, 24 June 2010

Forefront TMG 2010 Service Pack 1 is Released!

Key SP1 Features and Enhancements:

New Reports
• The new User Activity report displays the sites and site categories accessed by any user.
• All Forefront TMG reports have a new look and feel.
Enhancements to URL Filtering
• You can now allow users to override the access restriction on sites blocked by URL filtering. This allows for a more flexible web access policy, in that users can decide for themselves whether to access a blocked site. This is especially useful for websites that have been incorrectly categorized.
• You can now override the categorization of a URL on the enterprise level; the override is then effective for each enterprise-joined array.
• Denial notification pages can now be customized for your organization's needs.
Enhanced Branch Office Support
• Collocation of Forefront TMG and a domain controller on the same server, which can help reduce the total cost of ownership at branch offices.
• When installed on a computer running Windows Server 2008 R2, SP1 simplifies the deployment of BranchCache at the branch office, using Forefront TMG as the Hosted Cache server.
Support for publishing SharePoint 2010
• Forefront TMG SP1 supports secure publishing of SharePoint 2010.

SP1 Problem Fix details:

SP1 Release Notes:

SP1 Installation Guide:

SP1 Download available from here:

I also noticed a section in the release notes titled ‘Support for Forefront Unified Access Gateway (UAG)’ which is encouraging, but I am yet to find any specific deployment documentation on this (assuming it is actually different to native TMG deployments of course).

Please Note: Make sure you read the install guide prior to installation, especially with reference to running the MSP file from an elevated command prompt and other known issues.


Friday, 18 June 2010

Forefront TMG NLB Fix KB980674 also Applies to Forefront UAG NLB Deployments

I recently discovered that the TMG NLB fix provided in KB980674 should also applied to Forefront UAG array deployments that are configured to use integrated NLB.

At first glance, the KB article appears to be related to the use of NLB with site-to-site VPNs and also does not even mention Forefront UAG. However, if you read the KB carefully you will see this note:

Note The scope of this problem is actually larger than IPsec site-to-site VPN. The problem that is described here may occur in any array-based TMG 2010 deployments for which integrated NLB is enabled when NLB WMI events such as node convergence are triggered. Site-to-site VPN that has NLB enabled is the most visible example.

Therefore, any Forefront TMG deployment that is configured with integrated NLB will benefit from this fix.

Considering the fact that Forefront UAG installs and utilises Forefront TMG, this fix is therefore also necessary for Forefront UAG array deployments that are configured to use integrated NLB.

I am advised that the KB article will be updated accordingly.

Hope this helps…