Keep me posted

  • [アーティクル]

***Updated with TMG SP2 Rollup 3, Jan 2013***

A few months ago, I discussed the topic of the types of updates that are or may be available for UAG (https://blogs.technet.com/b/ben/archive/2010/12/06/types-of-updates-available-for-uag.aspx). What I failed to address is the TMG side of the house. As you probably know, UAG comes with TMG, but TMG is developed separately, and receives Service Packs, updates and patches separately from UAG.

Sometimes, the two go together. For example, UAG SP1 includes SP1 for TMG as well. In fact, it’s actually includes Software Update 1 for TMG SP1 (KB2288910) as well, which bring TMG to build no. 7.0.8108.200. The question many administrators are asking themselves (and asking us, of course) is which version SHOULD they install, and when. The answer is quite simple: as a general rule, Microsoft recommends installing all available updates on a UAG server, and this relates to UAG itself, TMG, SQL, the Operating System and any OS component*. The easiest way to achieve this is by subscribing to Microsoft Update, which can be enabled via UAG’s Getting Started Wizard:

clip_image002

* As you probably know (and should, if you don’t), Microsoft does not support installing additional software on the UAG Server, so you should not have additional components on the system that require updating.

At the time of writing, the latest updates for a UAG include:

1. SP1 for Windows Server 2008 R2*

2. SP1 for UAG

3. SP1 Update 1 for UAG

4. SP2 for TMG

5. SP2 for UAG

6. Rolleup 3 for TMG SP3

7. SP2 for SQL Server 2008

8. SP3 for UAG

* Some updates for Windows 2008 R2 SP1 have been released, and it’s likely that more updates will be released in the future. You should install these as well, and the easiest way to know that you have all is to use Windows Update.

Just like UAG, TMG updates are cumulative for rollups, so after a UAG SP1 installation, TMG is already at Update-1 level, and you can install sp2 directly, with no need to install Rollup 1, 2 or 3 beforehand. After that, you can go straight to SP2 RU3, without needing to install SP2 RU1 or SP2 RU2.

If you are installing a brand new server, then the easiest path would be to install Windows 2008 R2 with SP1 integrated (slip-streamed), and install UAG SP1 integrated on it. After this, install TMG SP2, UAG SP1 Update 1, UAG SP2 and UAG SP3, as well as SP2 for SQL. If you are running an existing server that’s running SP1, all you have to do install UAG SP1 update 1, TMG SP2, UAG SP2 and UAG SP3…and Windows Server 2008 R2 SP1. Naturally, as more updates come out in the future, check back here to see if I updated this post.

Comments

  • Anonymous
    June 06, 2011
    Hi Ben, Would like to know if SP2 for SQL Server 2008 is mandatory for UAG. Nothing was mentioned about the SP2 for SQL Server 2008 update for UAG and TMG in the technet sites. Can you please clarify whether this update is mandatory? Thanks, Christopher.

  • Anonymous
    October 12, 2011
    Hi Ben, Any thoughts of updating this page :-) and any advise on my previous question :-) Thanks, Christopher.

  • Anonymous
    October 13, 2011
    Update with TMG SP2 and UAG SP1 U1. As for your question, this is not the place to ask them - in the future, please use our support form at social.technet.microsoft.com/.../forefrontedgeiag The answer, though, is that it is NOT mandatory. Our approach is that one should install ALL available updates, but we don't force you to do anything. It is up to you to read through the update's release notes and decide if the risks imposed by not updating are OK for you or not. If I were a security officer, I would do my best to install ALL updates, ASAP, because one can never know who's lurking in the corner, waiting to exploit your systems.

  • Anonymous
    October 13, 2011
    Thanks Ben. I thought since it was mentioned I can clarify it here. In the future I'l be using the forum. Thanks again.