Forefront TMG can be installed only on a single computer; installing this release of Forefront TMG on an array of computers is not supported.

Enabling the feature Progress Notifications, which informs clients of the progress of files as they are downloaded and inspected, causes the following issue: if a client clicks Back in the browser window after downloading a file, the file is displayed as a page of random binary data.

In previous versions of this product (Microsoft Internet Security and Acceleration (ISA) Server 2006 and 2004), the administrator had the option to require 128-bit encryption for HTTPS traffic. This option has been removed in this release, as Windows Server® 2008 requires at least this level of encryption for Secure Sockets Layer connections.

The default IPsec tunnel mode settings are not suitable for site-to-site virtual private network (VPN) connections between a Forefront TMG computer and an ISA Server 2006 computer, because the servers have different default IPsec settings. Trying to establish a VPN connection between the sites by using the default settings will not succeed.

In such a deployment, be sure to modify the IPsec settings on the Forefront TMG server to match those on the ISA Server 2006 computer.

When configuring Forefront TMG by using the System Configuration wizard (step two of the Getting Started wizard), using a relative domain name (e.g., oslo, when the fully qualified domain name is oslo.europe.contoso.com) in order to join the server to a domain appears to succeed. However, after restarting the server, logging in with domain credentials causes a trust relationship error message.

Preventing the issue

Correcting the issue

This release of Forefront TMG supports up to 300 licensed users.

Installation of Forefront TMG Management console is supported only on Windows Vista® and Windows Server 2008 operating systems.

Use Remote Desktop Connection in order to remotely administer the Forefront TMG server. Using other forms of remote administration is not recommended.

The reports "Top Web Sites" and "Top Malware Web Sites" may not display correctly in a Web chaining deployment.

Forefront TMG reporting services are supported only when logs are recorded to a local Microsoft SQL Server® Express 2005 database.

TCP port 8008 is used for reporting purposes; assigning this port for any other purpose will interfere with Forefront TMG reporting services.

If you are running an add-in developed by a third-party vendor for a previous version of ISA Server, contact the provider in order to check on the availability of an updated version for Forefront TMG.

After viewing the Site-to-Site Settings summary, the Apply and Discard changes buttons appear. Reviewing the Site-to-Site settings does not cause a change to the system; you can safely click Discard.

Manually stopping the Windows® Firewall service (MpsSvc) is not recommended. In order to modify the VPN configuration, the Windows Firewall must be running.

To verify that the Windows Firewall service is running, from the command line of the Forefront TMG computer, run the command sc query mpssvc. If the state is not running, run the command net start mpssvc in order to restart the Windows Firewall.

Installation of Forefront TMG in a workgroup configuration is not supported. Forefront TMG must be part of a domain.

Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results from the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2008 Microsoft Corporation. All rights reserved.

Microsoft, Forefront, SQL Server, Windows, Windows Vista, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.