Request to connect from an array member to the configuration storage server may fail

Applies To: Forefront Threat Management Gateway (TMG)

Cause

In a standalone array with multiple array members, a request to connect from an array member to the configuration storage server may fail.

Solution

As a workaround, create a new DNS entry pointing to the IP address on the intra-array network of the configuration storage server, register the intra-array name in the Kerberos database using the Setspn.exe utility, and change the array properties to use the new DNS entry.

For example: In the scenario where the configuration storage server is installed on a computer named fw1.contoso.com register fw1a.contoso.com, where fw1a.contoso.com is pointing to the intra-array IP address of the configuration storage server.

To register the new name in the Kerberos database run these commands:

• setspn -a ldap/fw1a.contoso.com FW1A

• setspn -a ldap/fw1a.contoso.com:2171 FW1A

Modify the configuration storage server array property on the configuration storage page to fw1a.contoso.com.