Installing Forefront TMG SP1 on Forefront UAG

Forefront TMG Service Pack 1 (SP1) can be installed on servers running Forefront Unified Access Gateway (UAG), as follows:

1. Forefront TMG SP1 can be obtained from the Microsoft Download Center. For installation instructions, see Installing Forefront TMG SP1.

2. In a Forefront UAG array, Forefront TMG Service Pack 1 should be installed on each array member. Install SP1 on the array manager server first, and then on other array members. The build number for Forefront TMG Service Pack 1 is 7.0.8107.200. To verify that SP1 is installed on a specific server, in the Forefront TMG Management console, click Help and select About Forefront Threat Management Gateway. The build number appears after version.

3. It is recommended to stop Forefront UAG services before applying Forefront TMG SP1. This ensures that no Forefront TMG files are in use when applying the service pack.

4. Read more about Forefront TMG SP1 features in What’s new in Forefront TMG 2010 Service Pack 1.

5. Forefront TMG is installed on Forefront UAG servers automatically during Forefront UAG setup, and acts as a firewall to protect the Forefront UAG server. For more information about running Forefront TMG with Forefront UAG, see Supported Forefront TMG configurations.

Known issues

1. For an overview of known issues, read the Forefront TMG SP1 release notes.

2. When installing Forefront TMG SP1 on Forefront UAG, the installation wizard indicates that there are files in use. You can safely ignore this warning.

3. After installing Forefront TMG Service Pack 1, removing a Forefront UAG array member will not complete as expected and an error will be issued. As a workaround, do the following:

   1. Close the Forefront UAG Management console on the array member, and on the array manager server.

   2. Click Start, type appwiz.cpl, and press Enter. Right-click Forefront Threat Management Gateway, and select Uninstall/Change. In the installation wizard, select Repair, click Next, and then click Install.

   3. After Repair completes, do the following to verify that the array member has been removed:

      1. On the server you removed from the array, open the Forefront TMG Management console. Click the Monitoring node, and then click the Configuration tab. Under Configuration Status, verify that the server does not appear as an array member.

      2. On the array manager server, open the Forefront TMG Management console. Click the Monitoring node, and then click the Configuration tab. Under Configuration Status, verify that the server you removed from the array does not appear as an array member.

   4. In order to complete removal of the array member, you must first rejoin it to the array. Do this in the Forefront TMG Management console running on the server you removed from the array, as follows:

      1. In the Forefront TMG Management console, click the server_name node.

      2. In the Tasks pane, click Join array.

      3. On the Join Array Membership page, click Join a standalone array managed by a designated array member (array manager).

      4. On the Array Manager Details page, specify the IP address or FQDN of the array manager, and then click Finish.

   5. To verify that the server has rejoined the array, open the Forefront TMG Management console. Click the Monitoring node, and open the Configuration tab. Under Configuration Status, check that the server appears as an array member.

   6. From the Forefront UAG Management console on the array member you want to remove, run the Array Management Wizard to remove the server, as described in Removing an array member from an array.

   7. On the array manager, and run the Array Management Wizard. On the Defining Array Member Computers page, verify that the server does not appear in the list of array members.