FIX: Forefront TMG 2010 does not generate reports if a disjoint namespace exists in the domain

Article translations Article translations
Close Close
Article ID: 982820 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

Consider the scenario:
  • You install Microsoft Forefront Threat Management Gateway (TMG) 2010 in a domain.
  • A disjoint namespace exists in this domain.
  • You configure a report job that publishes to a directory. 
In this scenario, Forefront TMG 2010 does not generate the report, and you receive an access denied error. 

CAUSE

This issue occurs because Forefront TMG 2010 creates the wrong principal name when Forefront TMG 2010 queries Forefront TMG 2010 Enterprise Management Server for the password of the user account.

RESOLUTION

This issue is resolved in Forefront TMG 2010 Service Pack 1 (SP1).

For more information about how to obtain Forefront TMG 2010 Service Pack 1, click the following article number to view the article in the Microsoft Knowledge Base:
981324 List of problems that are fixed in Forefront Threat Management Gateway 2010 Service Pack 1

How to enable this fix after you install Forefront TMG 2010 SP1

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. In Registry Editor, locate the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\COM
  2. On the Edit menu, point to New, and then click DWORD Value.
  3. Type USE_DISJOIN_PRINC_NAME for the name of the DWORD, and then press ENTER.
  4. Right-click USE_DISJOIN_PRINC_NAME, and then click Modify.
  5. In the Value data box, type 1.
Important Follow these steps only if the Forefront TMG 2010 EMS server and the firewall server are in the same domain. 

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 982820 - Last Review: June 22, 2010 - Revision: 2.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
Keywords: 
kbexpertiseinter kbsurveynew kbqfe KB982820

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com