Release Notes for Forefront TMG 2010 SP2

These release notes provide information and describe late-breaking issues that relate to Microsoft Forefront Threat Management Gateway (Forefront TMG) 2010 Service Pack 2 (SP2). It is important that you read the information that is contained in this document before you install Forefront TMG SP2.

Acquiring the service pack

The Forefront TMG service pack is available for download from the Microsoft Download Center (, and as an optional update via Microsoft Update.

Functionality available in Forefront TMG 2010 SP2

Forefront TMG 2010 SP2 adds new functionality to the existing set of Forefront TMG 2010 features. For information about the new functionality, see What's new in Forefront TMG 2010 SP2.

Support for Forefront Unified Access Gateway (UAG)

It is recommended that you install this service pack on computers running Forefront UAG. Forefront TMG SP2 has been tested and is fully supported on Forefront UAG.

Installing Forefront TMG 2010 SP2

It is recommended that you install the service pack in the order described in Installing Forefront TMG Service Packs.

You should be aware of the following installation and deployment issues before and after installing Forefront TMG SP2:

  • It is recommended that you complete the upgrade of all Enterprise Management Servers (master and replicas) and all the array members of an array before you configure the new SP2 features in the array.

  • In a mixed environment, in which some array members have been upgraded to SP2 and others have not, the servers that are running Forefront TMG 2010 SP1 with Update1 continue to run with the same policy and do not receive policy updates. Note that the not yet updated servers also:

    • Process and log traffic as normal.

    • Produce data for reports.

    • Can be monitored from the Management console of an SP2 array member, an SP2 Enterprise Management Server, or via SP2 remote management.

    • Do not show upgraded arrays or array members in the Management console.

  • In most cases, you are not required to restart the computer after upgrade.

  • If you are logging to a remote SQL database, you are required to migrate the log database to the new schema. For instructions, see Upgrading a remote SQL database for Forefront TMG SP1.

Known issues

The following issues relate to the configuration and operation of Forefront TMG SP2:

Firewall service user

  • Reload failure with local user



    After configuring the Firewall service user as a local user, reloading the configuration fails.


    If you want to configure a different user for the Firewall service, you must configure a domain user.


    Configure a domain user for the Firewall service. See Kerberos authentication on an NLB array.

  • Uninstall failure



    After configuring the Firewall service user as a domain user, you cannot uninstall Forefront TMG SP2.


    Reconfigure the Firewall service user to be the network service, then you can uninstall Forefront TMG SP2.

SP2 software updates

Forefront TMG SP2 includes bug fixes that were released subsequent to the original release version of Forefront TMG 2010. Links to all of the fixes are described in the Microsoft Knowledge Base (KB) article KB 2555840.

Related Topics