Forefront TMG can't overrides NPS settings.
Hello every one!

I install Forefront TMG 2010 with all service packs and Rollups on Windows server 2008R2 with all Microsoft updates

But when I configure VPN settings in Forefront TMG, I can set NPS policy settings at first VPN configuration in Forefront TMG.

But if I change some firewall rule after VPN configuration, Forefront TMG can't overrides NPS settings.

What I do wrong? I try to reinstall it on other PC, but the problem remains.

Thanks in advance!
April 28th, 2015 9:23am

Hi,

Have you tried to restart the TMG server?

>> I try to reinstall it on other PC, but the problem remains

What was that you tried to reinstall?

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
April 29th, 2015 12:24am

Hello! Thank you for your help!

Yes I try to restart Forefront services, but it can't solve my problem. After that Forefront can't override NPS policy.

Also I try to repair Forefront TMG via Control Panel -> Programs and components (appwiz.cpl) but it did not help.

I try to install Forefront to other PC with clean windows server 2008R2 with all updates, but problem remains.

I dont understand what I do wrong.

That's what I was doing:

1) Install Windows Server 2008R2

2) Install All windows updates

3) add routes to my internal network via cmd (route add -p {network} {mask} {gateway} )

4) Install Forefront TMG 2010 Enterprize

5) Install SP1, SP2, Last Rollup (Rollup 5)

6) Then I reboot server

7) Then I open TMG console and set network settings via Forefront wizard

8) Then I set web proxy policy via Forefront wizard

9) Then I open VPN configuration in Forefront console.

10) In VPN configuration I set VPN access groups, set PPTP (I configure vpn client access) set static ip address pool for vpn, and dns servers for vpn clients)

11) I apply VPN configuration and turn it on in TMG console.

12) On this step I check NPS policy settings, after first VPN apply I see my VPN access groups in NPS policy.

13) Then I add firewall rule in TMG console to allow VPN clients to several computers in my network, and add the group authorization (via Active Directory) to this rule.

14) I add authorization group from previous step to VPN access groups via TMG console in VPN configuration tab.

15) I apply configuration in TMG console.

16) After previous step i don't see new authorization group in NPS server policy, Forefront can't change that after I create firewall rule.

I don't understand what I do wrong.

Thanks in advance!
April 29th, 2015 2:33am

Because this scenario is very involved we would need you to open a support case with us. I searched our KB and there are no known issues with this that I can find. We would need to reproduce this and get application level tracing to truly understand what is going on.
Free Windows Admin Tool Kit Click here and download it now
May 7th, 2015 9:38am

Hello every one!

I found solution!

My problem appears due Red value - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reg item value is - dword:ffffffef

If you have this value before install Forefront TMG, you will have same error with NPS server after configure VPN settings and apply some Firewall rules in Forefront TMG.

How to solve this problem.

Install new server with Windows Server 2008 R2 with all microsoft updates.

Delete reg item HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reboot server, Then install Forefront TMG. Problem will be solved.

Also if you have some Group Policy in your domain, with reg parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents, add your TMG server to exception of this GPO.
  • Marked as answer by Darkw1nd 23 hours 53 minutes ago
May 18th, 2015 3:30am

Hello every one!

I found solution!

My problem appears due Red value - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reg item value is - dword:ffffffef

If you have this value before install Forefront TMG, you will have same error with NPS server after configure VPN settings and apply some Firewall rules in Forefront TMG.

How to solve this problem.

Install new server with Windows Server 2008 R2 with all microsoft updates.

Delete reg item HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reboot server, Then install Forefront TMG. Problem will be solved.

Also if you have some Group Policy in your domain, with reg parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents, add your TMG server to exception of this GPO.
  • Marked as answer by Darkw1nd Monday, May 18, 2015 7:30 AM
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2015 7:30am

Hello every one!

I found solution!

My problem appears due Red value - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reg item value is - dword:ffffffef

If you have this value before install Forefront TMG, you will have same error with NPS server after configure VPN settings and apply some Firewall rules in Forefront TMG.

How to solve this problem.

Install new server with Windows Server 2008 R2 with all microsoft updates.

Delete reg item HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents

Reboot server, Then install Forefront TMG. Problem will be solved.

Also if you have some Group Policy in your domain, with reg parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters\DisabledComponents, add your TMG server to exception of this GPO.
  • Marked as answer by Darkw1nd Monday, May 18, 2015 7:30 AM
May 18th, 2015 7:30am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics