How safe to remove TMG Logs having extension *.llq


  • TMG 2010 on windows 2008 R2 low disk space into active partion C: drive

    After running tool I found 98.3% of space is occupied by Log files located under C:\Program files\Microsoft Forefront Threat Management Gateway\Logs

    The log files named as ISALOG_72D6EDF5_xxxxxx.llq (where xxxx are numbers)

    How safe it is delete or remove these log files?

    Muhammad Mehdi

    Monday, March 11, 2013 2:46 AM


All replies

  • Hi,

    check if TMG is curently logging to SQL database. if this is the case you can safly delete the LLG files:

    regards Marc Grote aka Jens Baier - - -

    Monday, March 11, 2013 7:19 AM
  • Hi,

    Thank you for the post.

    This looks like KB2256054. Please install TMG 2010 SP2 and see if it fixes the problem.


    Nick Gu - MSFT

    Wednesday, March 13, 2013 4:32 AM
  • Thanks Muhammed.

    To confirm this fixes TMG's failure to start services issue.

    Additionally installing SP2+RU5 did not help.





    Sunday, January 14, 2018 6:34 PM
  • Hello Guy's

    i luckyliy stumbled over this Post (thanks to nick gu for the link) and it helped me resolve my issue.

    I disabled TLS 1.0 on the TMG for security reaons.

    This lead to a communicaiton Problem with the local sql Server, so the TMG server wrote the log file to these local llg files.
    TMG won't autodelete this log files so the hard drive will run out of space and the TMG will shutdown all network connections.

    Solution: reenable TLS 1.0 :)



    Sunday, February 18, 2018 1:49 PM
  • Hi Guys

    We have 2 TMG 2010 running with only TLS 1.2. 

    The trick seems to be: enable TLS 1.2 through registry, disable TLS 1.0 and TLS 1.1, Update all SQL Server AND Client components to support TLS 1.2, Enabled .NET to default to TLS 1.2 through registry AND oddly enough play with the FIPS registry key (I have 1 TMG with FIPS disabled and another were FIPS needs to be enabled - this took me some time to find :-)).

    SQL Server and Client updates:

    Reg keys:

    Windows Registry Editor Version 5.00



    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]





    Note - on 1 tmg LLQ files are committed to SQL with FIPS key value = 0, on the other it only works if FIPS key value = 1

    If you afterwards have a service that won't start it might be caused by the FIPS flag. You might find this solution interesting (disabling FIPS check for particular exe) :

    Hope this helps somebody

    Thursday, August 30, 2018 5:41 AM