Symptom

Consider a scenario where Forefront TMG 2010 is using an internal WSUS Server in order to obtain updates. The Server where TMG is installed is able to obtain all Windows related updates but it is not able to obtain NIS signature. If the TMG Administrator changes Windows Update option to point to Microsoft Update (cloud) it works fine.

Cause

WSUS is not configured to download Forefront TMG NIS updates.

Resolution

Make sure that NIS is enabled on WSUS as shown in the image below:



Once this is enabled and WSUS is able to download NIS updates, go back to Forefront TMG and perform the following steps:
1. Restart TMG Job Scheduler Service.
2. Open command prompt with elevated privileges and run wuauclt /detectnow
3. Open Forefront TMG Console, click Update Center and Refresh.

You can also review %windir%\WindowsUpdate.log to verify if NIS is getting the updates. You should see an entry as shown below:



Additional Resource

Troubleshooting NIS on Forefront TMG