locked
TMG/UAG upgrade to latest builds & allow WindowsUpdate RRS feed

  • Question

  • I have a physical appliance which needs to updated to the latest versions of TMG & UAG:

    OS: Windows Server 2008 R2 Standard X64
    Current TMG build: 7.0.9027.400 (2010 Service Pack 1 Software Update 1)
    Current UAG build: 4.0.1752.10000 (Service Pack 1 (includes TMG SP1 Update 1)
    Current SQL build: 2007.0100.1600.022

    From searching online, it would appear the steps are as below, can someone confirm? Do I need all those reboots? Do I need all those 'Activate configuration' steps (and if yes, where do I do that as I cannot locate that feature)? Any redundant steps or extra steps I need to be aware of? Should I also upgrade the SQL instance?

    In addition, I cannot get the WindowsUpdates working from the server, it currently gives me Code 80244021. I've created a TMG firewall rule but that doesn't seem to have helped.

    Install UAG with SP1 as a clean installation [Already done]
    Install Update 1 for UAG SP1 [Already done]
    Backup TMG configuration and store in a secure location (done)
    Backup UAG configuration and store in a secure location (done)
    Apply latest Windows Updates (except for IE)
    Stop UAG Log service
    Install TMG SP2 (downloaded)
    Reboot
    Save and activate configuration
    Install TMG SP2 Rollup 4 (downloaded)
    Reboot
    Save and activate configuration
    Backup TMG configuration
    Install UAG SP2 (downloaded)
    Reboot
    Save and activate configuration
    Backup UAG configuration
    Install UAG SP3 (downloaded)
    Reboot
    Save and activate configuration
    Backup UAG configuration
    Install UAG SP3 Rollup 1
    Reboot
    Save and activate configuration
    Backup UAG configuration
    Install UAG SP4 (downloaded)
    Reboot
    Save and activate configuration
    Backup UAG configuration


    • Edited by JimCass Wednesday, June 11, 2014 8:07 PM
    Wednesday, June 11, 2014 7:31 PM

Answers

  • Hi Jim,

    As for the activation after each install - my experience show this can help so I would not skip it (some people report that all configuration disappear after upgrade when they did not activate).

    As for the reboots - only if the installation ask you to reboot - do it, if it does not ask - it is not needed.

    All the rest of the steps seems to be correct.

    Ophir.

    • Marked as answer by JimCass Wednesday, June 18, 2014 8:08 PM
    Friday, June 13, 2014 2:25 PM

All replies

  • Hi Jim,

    As for the activation after each install - my experience show this can help so I would not skip it (some people report that all configuration disappear after upgrade when they did not activate).

    As for the reboots - only if the installation ask you to reboot - do it, if it does not ask - it is not needed.

    All the rest of the steps seems to be correct.

    Ophir.

    • Marked as answer by JimCass Wednesday, June 18, 2014 8:08 PM
    Friday, June 13, 2014 2:25 PM
  • That's good to know. I also need assistance in configuring TMG to allow WindowsUpdates, please let me know what other information I can provide to isolate and resolve that issue.

    Friday, June 13, 2014 2:28 PM
  • Friday, June 13, 2014 3:46 PM
  • I've already gone through that document and set the proxy, etc. We are not using a WSUS server, nor am I trying to use the Update Center. It's the normal Windows OS updates which are failing.
    Friday, June 13, 2014 4:11 PM
  • Upgrade completed. TMG went as planned. I misinterpreted the installed UAG build so I had to install UAG SP1U1 first, but then it barked about using the wrong certificate in the HTTPS trunk. Uninstalled SP1U1 and attempted to save/apply and it barked about a incorrect server name in an application; the server had been decommissioned and replaced by another server, updated server name and it applied successfully. Re-installed SP1U1 and now no errors. Went through the remainder of the steps no problem, only requested reboot was after UAG SP4. Also installed SQL2008 SP3 and SP3CU17. WindowsUpdates magically began working with no further changes after all these patches were applied.
    Wednesday, June 18, 2014 8:08 PM