Continuing on my series with MP fixing (how much time wasted running after MS mistakes, when will they understand MPs development is a job on its own and bring it back to the OpsMgr team instead of wasting time in useless cross product training?) today is the day of TMG (MP version 7.0.7695.100). This is another example of poorly written not tested MP. There are plenty of errors in the MP and several noisy monitors and rules (more or less the same stuff we had with ISA 2006 MP), worse if you have a mixed environment with ISA and TMG Servers all your ISA servers will be discovered as TMG ones and several monitors and rules will start to complain and terminate in error.
Being tired of doing someone else job, I just modified the MP the bare minimum to correct this issue. This is a suboptimal mod because a registry discovery is typically not enough to differentiate between ISA Server and TMG Server (and here I make another digression on common engineering criteria, why the TMG setup doesn’t record the product version and setup parameters in the registry? How can it be?). The shortcut I took is the match the TMG token in the service description, this helps for TMG servers not for Microsoft.Forefront.TMG.EnterpriseManagement.ServerRole (i.e. the ADAM only stuff). Anyway that was enough for me, you can find the fix here.
Hope this help. Use it at your own risk.
When you implement the TMG MP you must be aware that by default, the Local System Account is not in the TMG Admins group, so the monitoring is impaired unless:
- you add LSA to your TMG server admins group
- you define your own monitoring account with admin rights and add it as a runas account in OpsMgr
Just to be clear you must add one of them here:
This posting is provided "AS IS" with no warranties, and confers no rights.