FIX: The TMG remote management console does not display the status of the TMG 2010 server if certain Group Policy preferences settings are set

Article translations Article translations
Close Close
Article ID: 982604 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the scenario:
  • You set the Authenticated without exception value for the following Group Policy preferences setting for a domain:
    Computer Configuration\Administrative Templates\System\Remote Procedure Call\Restrictions for Unauthenticated RPC clients
  • You enable the following Group Policy preferences setting for the domain:
    Computer Configuration\Administrative Templates\System\Remote Procedure Call\RPC Endpoint Mapper Client Authentication
  • You install Microsoft Forefront Threat Management Gateway (TMG) 2010 on a computer in the domain.
  • For remote management, you install Forefront TMG 2010 Management on another computer in the domain.
  • On TMG 2010 server, you set the system policy that enables remote management. 
In this scenario, the remote management console does not display the status of the TMG 2010 server.

CAUSE

This issue occurs because the RPC filter in TMG 2010 rejects some of the binding messages that are used by the RPC runtime when these Group Policy preferences settings are set.

RESOLUTION

Service pack information

This problem is resolved in Forefront TMG 2010 Service Pack 1 (SP1).

For more information about how to obtain Forefront TMG 2010 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
981324 List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1

How to enable this hotfix after you install Forefront TMG 2010 SP1

To enable this hotfix, run the following script:
    Dim oFPC
    Dim oFirewallFilter
    Dim oVPS

    on error resume next

    err.Clear

    Set oFPC = CreateObject("FPC.Root")

    'Get the filter admin object
    Set oFirewallFilter = oFPC.GetContainingArray.Extensions.ApplicationFilters("{E331F638-AB86-4AA5-9B6A-2B0248C7B4FB}")
    if oFirewallFilter is nothing then
	Wscript.Echo "RPC filter ({E331F638-AB86-4AA5-9B6A-2B0248C7B4FB}) is not installed in array"
	WScript.Quit
    end if

    'Get the filters vendor parameters set object
    Set oVPS = oFirewallFilter.VendorParametersSets("{E331F638-AB86-4AA5-9B6A-2B0248C7B4FB}")

    'If this vendor parameters set does not exist, create it
    If oVPS Is Nothing Then
	WScript.Echo "Adding vendor parameters set ({E331F638-AB86-4AA5-9B6A-2B0248C7B4FB})"
	err.Clear
        Set oVPS = oFirewallFilter.VendorParametersSets.Add("{E331F638-AB86-4AA5-9B6A-2B0248C7B4FB}",False)
        oFirewallFilter.VendorParametersSets.Save
    End If

    'Add the needed parameters

    oVPS.Value("AllowAuthEndpointMapper") = 1


    oVPS.Save

    'Inform the user of the result
    if err.Number <>0 then
	Wscript.Echo "Fail to set parameters. error code is:" & err.number & " Desc:" & err.description
    else
        Wscript.Echo "Paramters were successfully added"
    end if

WORKAROUND

To work around this issue, disable the RPC filter in TMG 2010.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Forefront TMG 2010 Service Pack 1.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 982604 - Last Review: June 22, 2010 - Revision: 2.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
  • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbexpertiseinter kbsurveynew kbqfe KB982604

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com