TMG with edge on HA mode RRS feed

  • Question

  • Hi, we have current TMG 2010 and EDGE 2010 on single server serving exchange publishing and smtp email filtering. Since it is running on single server we need to move these TMG+EDGE to HA mode.

    Single server is in Workgroup Model

    I have tried installaing second server with TMG and joined to an array of existing TMGedge server, this connectes via certificate, joining to array was success and in sync.

    In this setup i have few queries,

    1) Is it possible to place TMG+EDGE role in workgroup HA mode. (TMG domain environment i cant have edge with TMG, hence i can choose only workgroup), if not what is the alternate

    2) New TMG server shows configuration in sync (Green Color), but after shutdown TMG+edge server (first TMG), new server (TMG2) could not able to connect to configuration storage and cant able to bring online i.e Set as array manager

    3) After disjoining the new TMG server from array, it looks like fresh without any rules created, is it by design or TMG2 is not synced with TMG1?

    4) Unable to make TMG2 server as array manager getting error "Service not available or disabled"

    5) What is the best way to have TMG and EDGE in HA?

    Ganesh P

    Ganesh P

    Wednesday, June 27, 2012 6:28 PM


All replies

  • 1) Yes, see http://technet.microsoft.com/en-us/library/dd440989.aspx

    2) Why are you trying to change the array manager?

    3) Yes, because it reverts back to the ruleset it had before it was joined to the array

    4) see #2

    5) Need more details on what you are aiming for, but yes, having an array with TMG and Exchange Edge works. Do note that the servers has to be identically configured.

    Hth, Anders Janson Enfo Zipper

    Thursday, June 28, 2012 9:25 AM
  • Let me explain more on this topic.

    I have One Server with TMG+EDGE running on it, Say TMG1 which serves for OWA and SMTP filtering

    Secondly i want to introduce the same servers roles TMG+EDGE say TMG2 and enable HA between them.

    Here is the procedure i followed, if anything i missed out please correct me.

    Since TMG1 is already running, hence im not touching it now

    1) Import the certificates for authentication and verified on both the servers

    2) Install TMG server and edge server role on the new server called TMG2

    3) Joined to the standalone array of TMG1, with sync was successful (Green)

    4) After taking TMG1 to down state, TMG2 could not able to connect with the console. Hence started the server TMG1 and connected without any issue.

    5) Enabled NLB (windows nlb), switched off TMG1, after this i can able to connect to configuration from TMG2 server, but so much delay in accessing the console.

    6) Now i'm not able to do any configuration from TMG2 server, since TMG1 is failed.

    I have few more question:

    1) If i'm not using Windows NLB and want to use hardware load balancer, if i face the issue mentioned in point#4 then how do i bring the second server TMG2 online with writable mode.

    Now answering you question anders,

    Question #2, #4: Since TMG1 is down and could not able to make changes using TMG2

    Question#5: HA with two workgroup based products. even if one server is down and be able to do changes in rules.

    Ganesh P

    Ganesh P

    Thursday, June 28, 2012 10:19 AM
  • 2, 4, 6) the array member has a read only version of the configuration and hence you cannot make any changes to your ruleset.

    If you would like to have a writable version of the configuration at all times, you should have a look at deploying an EMS. If you want HA on that, you need to connect it to your internal domain and install a replica. For true HA, this is what you need.

    From my point of view, you will not have true HA as long as you only have one configuration store.

    If you stick with only having one store, you will have to promote the member to manager and then handle the previous manager when/if it comes back online.

    Hth, Anders Janson Enfo Zipper

    Thursday, June 28, 2012 10:46 AM
  • Ok..now i got it.

    But in standalone array scenario, TMG1 server failed and it will not come up. as you said i tried to promote the member to manager but i get the below error..

    Error Code: 0x80070422

    Messager: The Service cannot be started, either because it is diabled or because it has no enabled devices associated with it.

    If this is cleared then my issue is resolved.

    Ganesh P

    Thursday, June 28, 2012 11:01 AM
  • Hi,

    Thank you for the post.

    Please apply to this kb and see if it works: http://support.microsoft.com/kb/2659700.


    Nick Gu - MSFT

    Friday, June 29, 2012 8:28 AM