If you deploy Microsoft Threat Management Gateway 2010 (TMG) and the Exchange 2010 Edge role on the same machine, you may encounter an issue where HTTP Redirect in TMG fails.

If you monitor the TMG packets when attempting to connect to http://mail.domain.com/owa, TMG will report a "Denied Connection” with the following status:

The policy rules do not allow the user request.

In the Event Log you may also see an Event ID 14148 Warning with the following text:

The Web Proxy filter failed to bind its socket to 172.x.x.x port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service


When you install Exchange 2010 Edge role on a W2k8 R2 Server, the prerequisites instruct you to install features using the PowerShell commands below:

Import-Module ServerManager

Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

This will also install WWW Publishing service and it will bind to port 80. Because the WWW Publishing service is already bound to port 80, when you install TMG it will be unable to redirect requests since it will be unable to bind to port 80.


As a workaround, stop the WWW Publishing service, then restart the TMG firewall service. If your rules are setup correctly the HTTPS Redirect should now work.

An alternative temporary solution is to delay the start of the WWW publishing service on startup so TMG has a chance to bind to port 80 first.


Pre-requirements to Install E-Mail Protection Role on TMG : http://technet.microsoft.com/en-us/library/ee207141.aspx

Troubleshooting E-Mail Protection Feature on TMG : http://social.technet.microsoft.com/wiki/contents/articles/2702.aspx#TShootEP

More Information

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!