Event 14518 of Forefront TMG 2010

Recently, I saw the following entry in Event log of the test external server:

EventID 14158 entry in Event Log
Event log entry

The reasons are obvious – we moved the virtual server with deployed Forefront TMG 2010 from subnet 192.168.1.x to the (test) subnet 192.168.2.x.
Let the server, where Forefront TMG is deployed, is called TMGServer. Its first static IP-address is 192.168.1.2, and newly assigned address is 192.168.2.2. We changed the virtual network connection, and changed IP-address of Local Area Connection to 192.168.2.2 (and all other settings). And now, we should change the following settings of Forefront TMG.

1. Addresses of predefined Computer Sets.

Log to server, start Forefront TMG Management Console, expand the tree Forefront TMG (TMGServer), and click Firewall Policy. On the right-hand side click the tab Tasks, choose the horizontal tab Network objects, and expand the node Computer Sets. Actually, it necessary to check values of all underlying objects, but in my case three of them contains addresses from the old network: Array Servers, Managed Server Computers, and Remote Management Computers.

Changes in Managed Server Computers object
Managed Server Computers object
Changes in Array Servers object
Array Servers object
Changes in Remote Management Computers object
Remote Management Computers

Here, 200.100.100.50 is IP-address of the external connection. By the way, check the object Domain Controller, and make sure that addresses of the domain controllers are correct.

2. Address of TMGServer in the registry.

As we found out later, not all settings Forefront TMG shows in the management console. The following registry values should be changed in the registry to the new IP-address:
HKLM\IsaStg_Cache\Arrays\{Guid}\Servers\{Guid}\msFPCIntrArrayAddress,
HKLM\IsaStg_Eff1\Arrays\{Guid}\Servers\{Guid}\msFPCIntrArrayAddress,
HKLM\IsaStg_Eff2\Arrays\{Guid}\Servers\{Guid}\msFPCIntrArrayAddress;
where Guids depend on a particular environment.

3. SQL Server configuration

Forefront TMG (as his old brother, ISA Server) uses two SQL instances: MSFW and ISARS. After installation, the services are bound to (internal and external) IP-addresses of the server. Therefore it should be changed.
Click Start button, choose All Programs, Microsoft SQL Server 2008, Configuration Tools and start SQL Server Configuration Manager. Then expand SQL Server Network Configuration node, click on Protocols for MSFW, and then double click on TCP/IP row. In the dialog window TCP/IP Properties internal and external addresses of TMG servers should be corrected. The changes for ISARS SQL instance are the same.

SQL Configuration Tools
SQL Configuration Tools
Changes in TCP/IP Properties
TCP/IP Properties

4. Reboot the server.


1. All used IP-addresses, names of servers, workstations, domains, are fictional and are used exclusively as a demonstation only.
2. Information is provided «AS IS».

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s