When you try to install a replica of Microsoft Forefront Threat Management Gateway (TMG) 2010 Enterprise Management Server (EMS), the installation fails, and then you receive the following error messages:
ISA setup CA ERROR : ReplicateCssSecretsMasterKey_install: StgCssImportMasterKey failed, hr=0x80070002
Setup failed while copying the encryption key used for storing configuration secrets, to the replicated Configuration Storage server. As a result, storing and exporting secrets, such as user credentials, will not be available on this Configuration Storage server.
Additionally, these error messages are logged in the Forefront TMG 2010 installation log.
The installation log is located in the following folder:
The name of the log file is ISAFWSV_<ran_num>.LOG. <ran_num> is a placeholder for a random three-digit number.
This issue occurs because an error in the Forefront TMG 2010 installation code.
To resolve this issue, follow these steps:
Contact CSS to obtain the software update that is described in the following Microsoft Knowledge Base (KB) article:
2433623 Software Update 2 for Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
Create a slipstreamed installation that includes this software update. To do this, follow these steps:
Copy the whole Setup DVD for Forefront TMG 2010 RTM to c:\TMG on your local hard disk drive.
Download Forefront TMG 2010 Service Pack 1 (SP1) from the following Microsoft webpage.
Download information for Forefront TMG 2010 SP1
Run the following command. This command slipstreams Forefront TMG 2010 SP1 into a RTM slipstreamed installation.
msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB981324-amd64-ENU.msp /qb /L*v c:\tmg\sp1.log
Download Update 1 for Forefront TMG 2010 SP1 from the following Microsoft webpage.
Download information for Software Update 1 for Forefront TMG 2010 SP1
Run the following command. This command extracts the .msp files from Update 1 for Forefront TMG 2010 SP1:
TMG-KB2288910-amd64-ENU.exe /t <DestinationPath>
Run the following command. This command slipstreams Update 1 for Forefront TMG 2010 SP1 into the slipstreamed installation.
msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB2288910-amd64-ENU.msp /qb /L*v c:\tmg\sp1update1.log
Run the following command. This command slipstreams this hotfix into the slipstreamed installation.
msiexec /a c:\tmg\fpc\ms_fpc_server.msi /p TMG-KB2433623-amd64-GLB.msp /qb /L*v c:\tmg\sp1update1-2433623.log
Run Setup.exe for the slipstreamed installation to install the replica of the Forefront TMG 2010 EMS. .
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates