MSExchange.org Monthly Newsletter of September 2010 Sponsored by: Red Gate
Welcome to the MSExchange.org newsletter by Henrik Walther, Exchange MVP, MCA: Messaging (Exchange Ranger) Apprentice, MCTS Windows Server 2008, MCITP Exchange 2007, MCSE 2003 Messaging/Security. Each month we will bring you interesting and helpful information on Exchange Server. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: email@example.com
1. Exchange 2010 SP1 and TMG configured for Mail Protection issue
Welcome to the September 2010 edition of the MSE Newsletter! This month I want to talk about the issue many of you have experienced when you tried to install Exchange 2010 Service Pack 1 on a Threat Management Gateway (TMG) server configured for mail protection.
First of all, for those of you wondering what I mean by TMG in mail protection mode, I will start with a brief description...
Microsoft Forefront Threat Management Gateway (TMG), Microsoft's application layer firewall solution and Exchange 2010 Edge Transport role can now be installed together on the same server. This can be an attractive configuration especially for SMORGs (small and medium organizations) which want to publish Exchange services in a highly secure fashion and have an efficient spam/virus filtering solution based on the Exchange Edge Transport server role without the need to invest in more than one physical or virtual machine. As those of you working for or with SMORGs know, organizations of these sizes are bound by very limited IT budgets and among other things must do whatever they can to keep the server count down.
To combat this issue, SMORGs began to deploy TMG servers configured in mail protection mode using Exchange 2010 RTM and TMG 2010 and things worked pretty well except for a few minor issues. Then Exchange 2010 SP1 was released and the SMORGs that had deployed TMG servers configured in mail protection mode, of course, wanted to upgrade the Edge Transport server role on these boxes to Exchange 2010 SP1.
Unfortunately for SMORGs, the installed Exchange 2010 SP1 suddenly experienced issues with the Forefront TMG Managed Control service. It failed to start and an error saying something like "The Microsoft Forefront TMG Managed Control service terminated with the following error: %%-2146233088". The result was that SMORGs that installed Exchange 2010 SP1 were flooded with spam messages as the TMG box could not filter spam and other unwanted messages.
The reason why this issue occurred was because the Exchange team removed some cmdlets with SP1. And one of them was the Get-AntiSpamUpdates cmdlet which the aforementioned service relied on. The issue is described in a little more deail in this blog post on the TMG team blog.
This is a very serious issue that should never have happened, so the TMG team had to come out with a fix ASAP. Approximately a month after Exchange 2010 SP1 RTM'd, the TMG team has now released software update 1 for TMG 2010 SP1, which among other things (which you can read about here) includes a fix that resolves the issue. You can download the fix here.
Until next month,
2. Order Henrik Walther's Exchange Server 2007 book
3. MSExchange.org Learning Zone Articles of Interest
We have a great group of articles in the Learning Zone that will help you get a handle on your most difficult configuration issues. Here are just a few of the newer and more interesting articles:
4. KB Articles of the Month
Below you find the Exchange 2003, 2007, and 2010 related KB articles that were published since the last MSE newsletter.
Exchange Server 2010
Exchange Server 2007
Exchange Server 2003
No Exchange 2003 KB articles have been published since the last MSE Newsletter.
5. MSExchange News of the Month
6. Ask Henrik Walther a question
We're planning to buy a hardware load balancing solution from a third party vendor, so that we can load balance Exchange client traffic to our Exchange 2010 CAS array.
Do you know which HLB vendors are certified by Microsoft?
Microsoft maintains a list of the certified vendors here. Bear in mind though that this doesn't necessarily mean that vendors not listed doesn't work properly with Exchange 2010. Actually there are several HLB vendors that are going through the certification process as I write this.