Requirements

  • Article

In order for the Forefront TMG Management Pack to function properly, there are a number of additional requirements:

  • Each Forefront TMG computer must be managed by System Center Operations Manager 2007.

  • Operations Manager must be configured to allow manual agent installations (approvals can be manual or automatic). Push installs require remote procedure call (RPC) and Server Message Block (SMB), which are blocked by default on Forefront TMG computers.

  • Operations Manager agents must be installed manually on the Forefront TMG computers (and approved in the Operations Console if not configured for automatic approval).

  • To enable monitoring of Forefront TMG computers, one of the following requirements must be met:

    • Forefront TMG computers must be in the same domain as the Operations Manager server, or in a domain with Kerberos trust to the Management Server’s domain.

    • If the preceding requirement is not met, digital certificates must be installed on the Forefront TMG computers and Operations Manager servers, and configured using the MomCertImport.exe tool.

  • An access rule must be configured in Forefront TMG to allow the Forefront TMG computer to communicate with the Management Servers. This will be from the Local Host network to the network, computer, or computer set representing the Management Servers on TCP port 5723. The access rule is per-array for Forefront TMG Enterprise Edition and per-server for Forefront TMG Standard Edition.

  • The Forefront TMG Management component (a Microsoft Management Console) should be installed on the local computer of the Operations Manager operator, or the task to start the console will fail.

  • If the Forefront TMG Management console is installed on the operator’s computer, the operator should be added to one of the following Forefront TMG roles:

    • Forefront TMG Administrator (Array or Enterprise Administrator in Enterprise Edition)—Allows full access to Forefront TMG monitoring and configuration.

    • Forefront TMG Auditor (Array or Enterprise Auditor in Enterprise Edition)—Allows full access to Forefront TMG monitoring, able to view Forefront TMG configuration, and able to configure logging and alerting.

    • Forefront TMG Monitoring Auditor (Array or Enterprise Monitoring Auditor in Enterprise Edition)—Allows full access to Forefront TMG monitoring only.

  • If the Forefront TMG Management console is installed on the operator’s computer, the operator’s computer should be added to one of the following Forefront TMG computer sets: Remote Management Computers or Enterprise Remote Management Computers. This permits the console on the computer to connect to the Forefront TMG RPC interface.

  • AdamSites.exe (https://go.microsoft.com/fwlink/?LinkId=168771) should be installed in the %ProgramFiles%\Microsoft Forefront TMG folder of the Forefront TMG computer hosting the configuration storage server (CSS) role (refer to Objects the Management Pack Discovers for more information) for the respective tasks to function.

  • Dnstools.exe (https://go.microsoft.com/fwlink/?LinkId=168772) should be installed in the %ProgramFiles%\Microsoft Forefront TMG folder of the Forefront TMG computer hosting the Firewall role (refer to Objects the Management Pack Discovers for more information) for the respective tasks to function.