A replica installation of Forefront TMG 2010 EMS fails and a "0x80070002" error is logged

Article translations Article translations
Article ID: 2449161 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When you try to install a replica of Microsoft Forefront Threat Management Gateway (TMG) 2010 Enterprise Management Server (EMS), the installation fails, and then you receive the following error messages:
ISA setup CA ERROR : ReplicateCssSecretsMasterKey_install: StgCssImportMasterKey failed, hr=0x80070002
Setup failed while copying the encryption key used for storing configuration secrets, to the replicated Configuration Storage server. As a result, storing and exporting secrets, such as user credentials, will not be available on this Configuration Storage server.

Additionally, these error messages are logged in the Forefront TMG 2010 installation log.

Notes
  • The installation log is located in the following folder:
    %systemroot%\temp
  • The name of the log file is ISAFWSV_<ran_num>.LOG. <ran_num> is a placeholder for a random three-digit number.

CAUSE

This issue occurs because an error in the Forefront TMG 2010 installation code.

RESOLUTION

To resolve this issue, follow these steps:
  1. Contact CSS to obtain the software update that is described in the following Microsoft Knowledge Base (KB) article:
    2433623 Software Update 2 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
  2. Create a slipstreamed installation that includes this software update. To do this, follow these steps:
    1. Copy the whole Setup DVD for Forefront TMG 2010 RTM to c:\TMG on your local hard disk drive.
    2. Download Forefront TMG 2010 Service Pack 1 (SP1) from the following Microsoft webpage.
      Download information for Forefront TMG 2010 SP1

      Run the following command. This command slipstreams Forefront TMG 2010 SP1 into a RTM slipstreamed installation.
      msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB981324-amd64-ENU.msp /qb /L*v c:\tmg\sp1.log
    3. Download Update 1 for Forefront TMG 2010 SP1 from the following Microsoft webpage.
      Download information for Software Update 1 for Forefront TMG 2010 SP1

      Run the following command. This command extracts the .msp files from Update 1 for Forefront TMG 2010 SP1:
      TMG-KB2288910-amd64-ENU.exe /t <DestinationPath>
    4. Run the following command. This command slipstreams Update 1 for Forefront TMG 2010 SP1 into the slipstreamed installation.
      msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB2288910-amd64-ENU.msp /qb /L*v c:\tmg\sp1update1.log
    5. Run the following command. This command slipstreams this hotfix into the slipstreamed installation.
      msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB2433623-amd64-GLB.msp /qb /L*v c:\tmg\sp1update1-2433623.log
  3. Run Setup.exe for the slipstreamed installation to install the replica of the Forefront TMG 2010 EMS. .

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2449161 - Last Review: November 17, 2010 - Revision: 1.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
    • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbqfe kbfix kbsurveynew kbexpertiseinter KB2449161

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com