An enterprise node is incorrectly added in the Microsoft Forefront Threat Management Gateway 2010 (TMG 2010) MMC after you run a repair on TMG 2010 SP1 Update 1 (Build 7.0.9027.400) on a Standalone Server or a Standalone Array node as shown below.




Also, in System Node in the TMG 2010 MMC on the Server Tab you will see it as EMS Managed array.



When this happens, you won't be able to add that server to an array because it thinks it's already part of an array. To fix it we need to install TMG 2010 SP1 Update 1 Rollup 3 and run the script below as well.

TMG SP1 Update 1 Rollup 3 :

http://support.microsoft.com/kb/2498837 

Script :

Script begins
===========

try
{
MakeStandalone(true);
}
catch(err)
{
WScript.Echo("Script execution error: " + err.number + ". " + err.description);
WScript.Echo("Script exiting...");
WScript.Quit(err.number);
}

function GetDSObject(objectSubPath)
{
var objectPath = "LDAP://localhost:2171/" + objectSubPath;
WScript.Echo("Connecting to EMS: localhost");
var dsObj = GetObject(objectPath); // bind with the current user credentials (defaults)
return dsObj;
};

function MakeStandalone(newStandaloneMode)
{
var arrRootObj = this.GetDSObject("CN=Array-Root,CN=FPC2");

var standaloneMode = arrRootObj.msFPCStandaloneMode;
WScript.Echo("old standaloneMode = " + standaloneMode);
arrRootObj.Put("msFPCStandaloneMode", newStandaloneMode);
arrRootObj.SetInfo();

standaloneMode = arrRootObj.msFPCStandaloneMode;
WScript.Echo("new standaloneMode = " + standaloneMode);
};

Script ends
=========

Copy this script to notepad and Save is as standalone.js (Java Script) and run it from elevated command prompt (eg cscript standalone.js)

After installing the update and running the script we will see the correct standalone array / node in the TMG 2010 MMC:



Author: Junaid Jan | Security Support Escalation Engineer - Forefront Edge Team