Important Notes Regarding VPN for TMG RC

image While there are rumors out there that TMG may have gone RTM recently, I haven’t been able to confirm those rumors, so until I hear otherwise, the RC is that way to go with TMG right now. No problems with that, since you’ll be able to upgrade your RC version to RTM when it becomes available.

However, while you’re working with TMG RC, there are some thing you need to know about VPN connectivity that are specific for the RC right now.

Check this out:

  • “If you have configured a Virtual Private Network (VPN) and have not installed Windows Server 2008 Service Pack 2 (SP2), a potential failure of the Routing and Remote Access Service may disrupt VPN functionality. To avoid this, install Windows Server 2008 SP2.
  • RADIUS or VPN authentication may not function for localized user names in deployments in which the Network Policy Server (NPS) is installed on Windows Server 2008 R2, because NPS on Windows Server 2008 R2 uses Unicode for all authentication methods, by default, while legacy clients or authentication methods other than Extensible Authentication Protocol use ANSI. To prevent this problem, configure both the NPS server and the connecting client to support ANSI instead of Unicode. For information, see I cannot connect when my user name contains Unicode characters (http://go.microsoft.com/fwlink/?LinkId=165830).
  • The Routing and Remote Access service (RRAS) may crash when several connections are established concurrently on the Forefront TMG server. When this service crashes, all existing virtual private network (VPN) connections are terminated and no new VPN connections can be established. To recover from this, you would have to manually restart the Forefront TMG server. To avoid this problem, it is recommended that you install a hotfix that is provided by Microsoft. For information, see The Routing and Remote Access service may crash when there are several connections established concurrently on a computer that is running Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkId=165831).”

There you go. The rest of the VPN configuration works very nicely. Make sure to check out the SSTP feature!

HTH,

Tom

Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer

image
Prowess Consulting www.prowessconsulting.com

PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top