Recently, I saw the following entry in Event log of the test external server:
The reasons are obvious – we moved the virtual server with deployed Forefront TMG 2010 from subnet 192.168.1.x to the (test) subnet 192.168.2.x.
Let the server, where Forefront TMG is deployed, is called TMGServer. Its first static IP-address is 192.168.1.2, and newly assigned address is 192.168.2.2. We changed the virtual network connection, and changed IP-address of Local Area Connection to 192.168.2.2 (and all other settings). And now, we should change the following settings of Forefront TMG.
1. Addresses of predefined Computer Sets.
Log to server, start Forefront TMG Management Console, expand the tree Forefront TMG (TMGServer), and click Firewall Policy. On the right-hand side click the tab Tasks, choose the horizontal tab Network objects, and expand the node Computer Sets. Actually, it necessary to check values of all underlying objects, but in my case three of them contains addresses from the old network: Array Servers, Managed Server Computers, and Remote Management Computers.
Here, 220.127.116.11 is IP-address of the external connection. By the way, check the object Domain Controller, and make sure that addresses of the domain controllers are correct.
2. Address of TMGServer in the registry.
As we found out later, not all settings Forefront TMG shows in the management console. The following registry values should be changed in the registry to the new IP-address:
Guids depend on a particular environment.
3. SQL Server configuration
Forefront TMG (as his old brother, ISA Server) uses two SQL instances: MSFW and ISARS. After installation, the services are bound to (internal and external) IP-addresses of the server. Therefore it should be changed.
Click Start button, choose All Programs, Microsoft SQL Server 2008, Configuration Tools and start SQL Server Configuration Manager. Then expand SQL Server Network Configuration node, click on Protocols for MSFW, and then double click on TCP/IP row. In the dialog window TCP/IP Properties internal and external addresses of TMG servers should be corrected. The changes for ISARS SQL instance are the same.
4. Reboot the server.
1. All used IP-addresses, names of servers, workstations, domains, are fictional and are used exclusively as a demonstation only.
2. Information is provided «AS IS».