Consider the following scenario:
You use a Microsoft Forefront Threat Management Gateway 2010 array that contains several users in a workgroup.
You delegate the administration of the array to a user account that is not part of the built-in administrator account.
The user account is mirrored on each member server of the array and is part of the local Administrators group of each member server.
You use the user account to open Microsoft Management Console (MMC) in Forefront Threat Management Gateway from one of the following:
A member server that is not the "Report Server"
A Forefront Threat Management Gateway remote management computer.
You try to monitor the Forefront Threat Management Gateway services on the Services tab.
In this scenario, you notice that the SQL Server (ISARS) and SQL Server Reporting Services (ISARS) services are running on the Report Server and that these services report the following status error:
Service status cannot be determined: Access is denied.
Note This same status error can be seen for the Email protection service if the service is being used on the array. Additionally, the following services display the same status error:
Exchange Edge Transport Server role
Microsoft Protection for Exchange Server 2010
This problem occurs because Forefront Threat Management Gateway does not set the service permissions in such a way that the user account can query the status of the services.
To resolve this issue, install the hotfix package that is described in the following Microsoft Knowledge Base article:
2689195 Rollup 2 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates