Installing Forefront TMG services in unattended mode

  • Article

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

You can install Forefront TMG using an unattended server setup. In order to run the installation in unattended mode, you prepare the setup information in a file that is used by the setup process during installation. In this mode, running a command triggers the setup, and reads the settings from an answer file. You do not need to monitor the installation process, and enter setup information when prompted by the setup process. This mode is recommended for deployments of multiple Forefront TMG servers.

Note

  • To run an unattended setup, you must be a member of the Administrators group on the local computer.

  • It is recommended to disable the screen saver before performing an unattended installation; otherwise, the installation process will pause if the computer's screen saver is activated.

To run an unattended setup

  1. Create an answer file with the required parameters, or you can modify the Forefront TMG sample installation answer file (InstallStandaloneServer.ini). See below for a description of the Answer file parameters.

  2. At the command prompt, type the following:

    PathToISASetup \Setup.exe [/r]/v" /q[b|n] FULLPATHANSWERFILE=\"PathToINIFile\Filename.ini\""

    where:

    • PathToISASetup is the path to the Forefront TMG installation files. The path can be the root folder of the Forefront TMG CD or a shared folder (on your network) that contains the Forefront TMG files.

    • /r indicates an unattended reinstallation.

    • /q sets the user interface level:

      • q, qn—No user interface.

      • qb—Basic user interface; only setup progress bar and error messages.

    • PathToINIFile is the path to the folder that contains the unattended installation information.

    • Filename .ini is the name of the answer file.

    For example, the following command performs an unattended installation using the sample InstallStandaloneServer.ini as the answer file. It is located in drive C:\Microsoft Forefront TMG.

    /v" /qn FULLPATHANSWERFILE="C:\Microsoft Forefront TMG\Unattended_Setup_Sample\InstallStandaloneServer.INI\""

Note the following:

  • The InstallStandaloneServer.ini file contains configuration information that is used by Setup in unattended mode. It has no effect on an interactive Forefront TMG setup.

  • If you do not specify a parameter in the file, the default value is used.

  • The InstallStandaloneServer.ini file is located in the following folder on the Forefront TMG CD:

    FPC\Unattended_Setup_Sample

  • In an Enterprise configuration, there are a number of additional sample answer files, as described in the following table.

    File name Description

    InstallStandaloneServer.ini

    Installs a computer running Forefront TMG services.

    InstallRemoteManagement.ini

    Installs TMG management only.

    InstallEnterpriseManagementServer.ini

    Installs an Enterprise Management server.

    Uninstallserver.ini

    Uninstalls a server.

Answer file parameters

The following table describes the entries and values in the InstallStandaloneServer.ini file of the server.

Entry Description Required or optional

PIDKEY

Specifies the product key. This is the 25-digit number located on the back of the Forefront TMG CD case.

Required for all installation scenarios.

UPDATESUPPRESS

By default, Forefront TMG initiates a system wide scan for updates using Windows Update. If this parameter is specified, Forefront TMG does not initiate the scan for updates.

Optional.

INTERNALNETRANGES

Specifies the range of addresses in the Internal network. InstallStandaloneServer.ini must specify at least one IP address; otherwise, setup fails. The syntax is:

N From1-To1,From2-To2,... FromN-ToN
where N is the number of ranges and From1-To1 are the starting and ending IP addresses in each range.

Required.

InstallDir={install_directory}

Specifies the installation folder for Forefront TMG. If not specified, the value defaults to the first disk drive with enough space. The syntax is:

Drive :\ Folder

The default folder is: %Program Files%\Microsoft Forefront TMG

Optional for all installation scenarios.

COMPANYNAME=Company_Name

Specifies the name of the company installing the product.

Optional for all installation scenarios.

DONOTDELLOGS = {0|1}

If value is set to 1, the log files on the computer are not deleted. The default is 0.

Optional for uninstalling.

DONOTDELCACHE = {0|1}

If value is set to 1, the cache files on the computer are not deleted. The default is 0.

Optional for uninstalling.

ADDLOCAL= {Storage_Server,MSFirewall_Management }, {MSFirewall_Management}, { Storage_Server,MSFirewall_Services, MSFirewall_Management}

Specifies a list of features (delimited by commas) that should be installed on the computer for each installation scenario: EMS (Storage_Server,MSFirewall_Management) Forefront TMG Management only (MSFirewall_Management) and Standalone Server (Storage_Server,MSFirewall_Services, MSFirewall_Management)

Tip

In the EMS scenario, Storage_Server refers to the EMS server, and in the standalone scenario, it refers to the configuration storage server.

Optional for all installation scenarios. Not supported for repair or install modes.

REMOVE=ALL

Specifies that all of the features should be removed from the server.

Optional for all installation scenarios.

IMPORT_CONFIG_FILE =Importfile.xml

Not supported.

Not supported.

MIGRATION_PASSWORD

Not supported.

Not supported.

Enterprise: ARRAY_AUTHENTICATIONMETHOD

This parameter is no longer supported

  

Enterprise:

ARRAY_DESCR

Describes the array.

Default: Empty.

Optional

Enterprise:

ARRAY_MODE

Specifies that the server installation creates a new array. Possible value: New

Default: New.

Optional

Enterprise:

ARRAY_DNS_NAME

Specifies the name that Firewall and Web proxy clients use when connecting to the array.

Default: Computer name.

Optional

Enterprise:

ARRAY_ENTERPRISEPOLICY

Specifies which enterprise policy to use. Default: Array Policy Only.

Required when installing a server to a new array. Should not be specified when installing Enterprise Management server.

Enterprise:

ARRAY_INTERNALNET

Specifies the range of IP addresses in the new array's internal networks. Defines the description of the new array.

N From1-To1,From2-To2,... FromI-ToI
where N is the number of ranges, and FromI-ToI are the starting and ending IP addresses in each range.

Required when installing Forefront TMG services

Enterprise:

ARRAY_INTERNALNET_ENTERPRISE_NETS

Specifies the names of enterprise networks that are included in the array's Internal network.

Syntax: "network1" "network2"…"networkN".

If a network name contains quotation marks ("), replace them with two quotation marks ("").

Optional if ARRAY_INTERNALNET is specified.

Should not be specified when installing an Enterprise Management server.

Enterprise:

ARRAY_NAME

Specifies the name of the new array.

Default: Computer name (for new array installation).

Optional. Not used when installing the Enterprise Management Server scenario.

Enterprise:

CLIENT_CERTIFICATE_FULLPATH

Not supported.

Not supported.

Enterprise:

ENTERPRISE_DESCR

Describes the enterprise.

Default: Empty.

Optional when installing the Enterprise Management Server scenario.

Enterprise:

ENTERPRISE_MODE

Specifies whether the Enterprise Management server is a new enterprise or is a replica of an existing Enterprise Management server. Possible values: New or Replica.Default: New.

Optional. Used when installing Enterprise Management Server.

Enterprise:

ENTERPRISE_NAME

Specifies the name of the enterprise.

Default: Enterprise.

Optional. Used when installing Enterprise Management Server.

Enterprise:

HOST_ID

Specifies the host ID of the array member. Each array member must have a different host ID number.

Default: Automatically assigned.

Optional. Not used when installing Enterprise Management Server.

INTRA_ARRAY_ADDRESS_IP

Defines the IP address used for communication by Forefront TMG computers that are in the same array. The IP address must be an IP address on the Forefront TMG computer.

Optional. Not used when installing Enterprise Management Server.

SERVER_CERTIFICATE_FULLPATH

Specifies which server certificate to use.

Optional when installing the following:

  • Enterprise Management Server scenario.

  • Standalone server.

Required in scenarios containing workgroups or untrusted domains.

SERVER_CERTIFICATE_PASSWORD

Specifies the password for the server certificate. You must set SERVER_CERTIFICATE_PASSWORD when an encrypted certificate is specified in SERVER_CERTIFICATE_FULLPATH.

Optional when installing the following:

  • Enterprise Management Server scenario.

  • Standalone server.

Required in scenarios containing workgroups or untrusted domains.

STORAGESERVICE_ACCOUNT

Not supported

Not supported.

STORAGESERVER_COMPUTERNAME

Specifies the fully qualified domain name (FQDN) of the Enterprise Management server to which to connect.

A replica Enterprise Management server (when ENTERPRISE_MODE is set to Replica.

STORAGESERVER_CONNECT_ACCOUNT

Specifies the name of the user account that will be used to connect to the STORAGESERVER_COMPUTERNAME. Default: User account that is currently logged on.

Optional when installing Enterprise Management server replica.

STORAGESERVER_CONNECT_PWD

Specifies, in plaintext, a password for the STORAGESERVER_CONNECT_ACCOUNT. Default: password for the user who is currently logged on.

Optional when installing Enterprise Management Server replica.

STORAGESERVICE_PWD

Not supported.

Not supported.

SUPPORT_EARLIER_CLIENTS

Specifies whether clients running earlier versions of Firewall Client or an earlier operating system version can connect to this Forefront TMG array. Possible values: 0 (default) or 1.

Optional. Not used when installing Enterprise Management Server scenario.

Tasks

Installing Forefront TMG services in interactive mode

Concepts

Installing Forefront TMG services
Planning to install Forefront TMG