Request to connect from an array member to the configuration storage server may fail
Applies To: Forefront Threat Management Gateway (TMG)
Cause
In a standalone array with multiple array members, a request to connect from an array member to the configuration storage server may fail.
Solution
As a workaround, create a new DNS entry pointing to the IP address on the intra-array network of the configuration storage server, register the intra-array name in the Kerberos database using the Setspn.exe utility, and change the array properties to use the new DNS entry.
For example: In the scenario where the configuration storage server is installed on a computer named fw1.contoso.com register fw1a.contoso.com, where fw1a.contoso.com is pointing to the intra-array IP address of the configuration storage server.
To register the new name in the Kerberos database run these commands:
setspn -a ldap/fw1a.contoso.com FW1A
setspn -a ldap/fw1a.contoso.com:2171 FW1A
Modify the configuration storage server array property on the configuration storage page to fw1a.contoso.com.