none
TMG SP1 SU1 doesn't resolve one of the issues generated from the installation of Exchange Service Pack 1 (if it's a matter of SP...)

    Question

  • Hi all, i have the following situation:

    installed Exchange SP1 on edge together with TMG SP1.
    TMG managed control stops responding.
    installed SU1 and seemed not to resolve everything, but at least mail flow...
    afteer another Windows Update, TMG stopped working at all.
    we uninstalled/reinstalled TMG (since it's the last component to install in the chain when setting UP edge + FP + TMG.. and we made it with success in the past).
    We applied the old configuration (backed up) and it doesn't digest the thing: it throws the errors:

     

    Event ID:      21209
    Description:The Forefront TMG configuration agent was unable to upload the configuration to the Forefront TMG services. This could be due to a corrupt configuration. The Forefront TMG configuration agent is reverting the configuration back to the last known configuration. The service that failed to load the configuration is: IsaManagedCtrl.
    The failure is due to error: 0x80131500

    Monitoring Alerts:
    Description: Configuration changes saved to the configuration storage server could not be applied to Forefront TMG services. After 5 attempts to apply the changes, Forefront TMG postpones any new attempts to apply these changes, and will only renew attempts when a new configuration is saved to the configuration storage server. Recent alerts may indicate the reason for this failure.

    as soon as we disable the e-mail protection from inside tmg, the problem goes away and the configuration is in sync between the cache and the engine.

    no action seems to resolve the problem...
    we tried to reboot, to modify the mail policy, to recreate it from the wizard, to change settings, to recreate the edge subscription and then recreate the e-mail protection policy from the wizard.
    TMGBPA doesn't suggest anything.
    we already have the "get-antispamupdate" issue described here: http://www.zerohoursleep.com/2010/08/do-not-install-exchange-2010-sp1-on-your-edgetmg-server/.

    we're stuck. Can anyone shed some light on this? Thanks in Advance.


    Diego Castelli - MCSA 2003, MCP ISA 2004, MCTS Forefront. ITA: Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta" quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Edited by Diego Castelli Thursday, September 30, 2010 1:39 PM better title
    Thursday, September 30, 2010 12:35 PM

Answers

  • Hello Diego,

    What probably is happening is that there is a mismatch configuration in between TMG and Exchange Edge (or FPE). For example: there are settings on FPE that were manually added (such as IP Block List) and were not added via TMG Console. When this happens, TMG Managed Control Service will fail to start. Another scenario is described here: http://blogs.technet.com/b/yuridiogenes/archive/2010/09/03/tmg-e-mail-protection-feature-x-exchange-2010-sp1.aspx , which also will cause a similar issue as the one that you are having.

    For the send connector in the Exchange Edge, one reason for that is that the SMTP Route on TMG doesn't match with the connectors in the Exchange Edge config, hence once you enable the SMTP Connector on Exchange Edge, TMG Managed Control Service will detect the change and will re-apply the policy according to the current TMG Configuration.

    HTH,

     


    Yuri Diogenes [MSFT] - http://blogs.technet.com/yuridiogenes
    • Marked as answer by Diego Castelli Wednesday, October 06, 2010 8:43 AM
    Tuesday, October 05, 2010 5:42 PM
  • Thanks Yuri,

    my Manager Control service is started...

    Anyway you confirmed me what i was thinking.
    i ended up re-installing the Whole Machine 'cause that was the faster solution (in our case).

    Thanks for the infos!


    Diego Castelli - MCSA 2003, MCP ISA 2004, MCTS Forefront. ITA: Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta" quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Diego Castelli Wednesday, October 06, 2010 8:43 AM
    Wednesday, October 06, 2010 8:43 AM

All replies

  • Never mind the title, SU1 was not installed 'cause someone dropped the last state and revert to a snapshot. Anyway the problems  with the Mail policies persists...

     


    Diego Castelli - MCSA 2003, MCP ISA 2004, MCTS Forefront. ITA: Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta" quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, September 30, 2010 1:22 PM
  • it pointed out that send connectors in the Edge was disabled.
    We enaled them and, after a short winner-dance, they've auto-magically disabled again.

    Worth nothing to say that, during the period in which those are disabled, we don't receive any mail.

    Any suggestion yet?


    Diego Castelli - MCSA 2003, MCP ISA 2004, MCTS Forefront. ITA: Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta" quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, October 01, 2010 8:16 AM
  • Hello Diego,

    What probably is happening is that there is a mismatch configuration in between TMG and Exchange Edge (or FPE). For example: there are settings on FPE that were manually added (such as IP Block List) and were not added via TMG Console. When this happens, TMG Managed Control Service will fail to start. Another scenario is described here: http://blogs.technet.com/b/yuridiogenes/archive/2010/09/03/tmg-e-mail-protection-feature-x-exchange-2010-sp1.aspx , which also will cause a similar issue as the one that you are having.

    For the send connector in the Exchange Edge, one reason for that is that the SMTP Route on TMG doesn't match with the connectors in the Exchange Edge config, hence once you enable the SMTP Connector on Exchange Edge, TMG Managed Control Service will detect the change and will re-apply the policy according to the current TMG Configuration.

    HTH,

     


    Yuri Diogenes [MSFT] - http://blogs.technet.com/yuridiogenes
    • Marked as answer by Diego Castelli Wednesday, October 06, 2010 8:43 AM
    Tuesday, October 05, 2010 5:42 PM
  • Thanks Yuri,

    my Manager Control service is started...

    Anyway you confirmed me what i was thinking.
    i ended up re-installing the Whole Machine 'cause that was the faster solution (in our case).

    Thanks for the infos!


    Diego Castelli - MCSA 2003, MCP ISA 2004, MCTS Forefront. ITA: Questo post è fornito "così com'è". Non conferisce garanzie o diritti di alcun tipo. Ricorda di usare la funzione "segna come risposta" per i post che ti hanno aiutato a risolvere il problema e "deseleziona come risposta" quando le risposte segnate non sono effettivamente utili. Questo è particolarmente utile per altri utenti che leggono il thread, alla ricerca di soluzioni a problemi similari. ENG: This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Diego Castelli Wednesday, October 06, 2010 8:43 AM
    Wednesday, October 06, 2010 8:43 AM
  • Hello Diego, sorry to hear that you have to rebuild the box.

    From now on just make sure to always manage FPE an Edge configuration via TMG Console. As I said before, changing settings directly (via UI or PowerShell) on FPE or Edge will cause this issue that you were facing.

    Regards,

     


    Yuri Diogenes [MSFT] - http://blogs.technet.com/yuridiogenes
    Wednesday, October 06, 2010 11:57 AM