Hello every one!

I have a problem with configuration VPN server on Forefront TMG on Windows Server 2008R2 with latests microsoft updates.

I install Forefront TMG on on Windows Server 2008R2 with latest updates.

Then, I configure startup wizard where I set network configuration and etc.

Next, I set VPN settings, I set DHCP pool, DNS servers, Access groups for VPN, and set PPTP.

After apply this settings, service RemoteAccess doesn't start. I try to reboot server but service doesn't start.

But it's not one problem.

When I add VPN Access groups in Forefront, and apply configuration, I don't see changes in network policy server (nps.msc) Groups don't add to policy in network policy server.

Screenshot
If I start RemoteAccess manually and add new VPN Access groups in policy in network policy server, I can use VPN server, and connect to forefront server.

But I don't understand why TMG Forefront can't apply this settings in nps.msc and services.

What I do wrong?

I Use Windows Server 2008R2

Forefront TMG RTM 7.0.7734.100

Hi,

Please check the blogs below to see if you missed any steps.

http://www.vkernel.ro/blog/creating-a-pptp-site-to-site-vpn-with-tmg-2010

http://www.isaserver.org/articles-tutorials/configuration-security/Implementing-Secure-Remote-Access-PPTP-Forefront-Threat-Management-Gateway-TMG-2010-Part2.html

Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Best Regards,

Joyce

Hello! Thank you for your help!

I see this link http://www.isaserver.org/articles-tutorials/configuration-security/Implementing-Secure-Remote-Access-PPTP-Forefront-Threat-Management-Gateway-TMG-2010-Part2.html

But I don't use RADIUS server in my Forefront TMG VPN configuration.

I configure client VPN Access via PPTP

When I configure TMG VPN settings, I set VPN Access groups. After that NPS server change and apply TMG network policy correctly.

But if I change some TMG firewall policy, and then I  try to add VPN Access groups (screenshot - http://i.gyazo.com/34a34ba18a01c58689e5e3cddbc52585.png) NPS server can't change and apply TMG network policy correctly.

Now I have a two Access groups in TMG VPN settings http://i.gyazo.com/34a34ba18a01c58689e5e3cddbc52585.png

And I have a NPS server network policy with not correctly settings http://i.gyazo.com/1dd973ca9cc2a228d54a53d88ca90009.png

Forefront can't change NPS server network policy. I don't undesrtand where problem.

I try to reinstall TMG on new machine, but problem problem persists.

Can anyone help me?

Thanks in advance!

Hello every one!

I found solution!

My problem appears due Red value - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reg item value is - dword:ffffffef

If you have this value before install Forefront TMG, you will have same error with NPS server after configure VPN settings and apply some Firewall rules in Forefront TMG.

How to solve this problem.

Install new server with Windows Server 2008 R2 with all microsoft updates.

Delete reg item HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reboot server, Then install Forefront TMG. Problem will be solved.

Also if you have some Group Policy in your domain, with reg parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents, add your TMG server to exception of this GPO.

• Marked as answer by Darkw1nd 11 minutes ago