Troubleshooting the Installation of Forefront TMG 2010

  • Article

This topic provides guidance for diagnosing and resolving installation issues you may encounter with Forefront TMG when:

  • Upgrading to Windows Server 2008 R2
  • Installing from a network drive
  • Group Policy enforces Windows Firewall

**Tip: **
For the complete flow of troubleshooting Forefront TMG installation problems, download the Troubleshooting Forefront TMG Services SuperFlow (http://go.microsoft.com/fwlink/?LinkID=182922) at the Microsoft Download Center.
 

Upgrading to Windows Server 2008 R2

If you installed Forefront TMG on a computer running Windows Server 2008, and you want to upgrade the operating system to Windows Server 2008 R2, you must perform a clean installation of Windows Server 2008 R2. The supported upgrade path is:

  1. Export the Forefront TMG configuration.
  2. Perform a clean installation (not an upgrade) of the new operating system.
  3. Install Forefront TMG.
  4. Import the Forefront TMG configuration.

NOTE: If you install TMG on a Windows 2008 R2 server that was upgraded from Windows Server 2008, the TMG installation will fail. The installation must be performed on a "clean" installation of Windows Server 2008 R2 and not one that was upgraded from a previous version.

Installing from a network drive

If you are running the Performance Tool or Setup from a shared drive, make sure that the computer automatically reconnects to this drive after system restart. These two applications may require or initiate a restart, and failure to locate them after restart may result in a failed installation.

Group Policy enforces Windows Firewall

When installing Forefront TMG on a computer that is joined to a domain in which Group Policy enforces Windows Firewall, the installation will fail. This occurs because Setup tries to disable the Windows Firewall. As a workaround, you can direct Setup to ignore this error by adding a flag to the Windows Registry.

Tip: 
It is recommended that you back up the registry before making any changes.

  1. Open the Windows Registry using the command regedit.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RAT\Stingray\Debug\SETUP.
  3. Right-click IGNORE_WINDOWS_FIREWALL_GPO_ENFORCEMENT, select Modify, and change the Value data to 1.