If the certificate contains a private key, you will need to provide the certificate password, which is recorded in Row 4 (Secure Channel SSL Certificate password) of Table 4b: Secure Channel SSL Certificate.Ĭopy the certificate file from the location specified in the worksheet to a folder on the local hard disk. The location of the Secure Channel SSL certificate is recorded in Row 1 (Secure Channel SSL Certificate location and Filename) of Table 4b: Secure Channel SSL Certificate. You must import the Secure Channel SSL certificate into both the Personal store of the local computer account and the Personal store of the Microsoft Forefront TMG Firewall service account (fwsvc). Import the Secure Channel SSL certificate Join the TMG server computer to the on-premises Active Directory domain if it is not already a domain member.įor more info about deploying TMG 2010 in a domain environment, see Workgroup and domain considerations.
For more information, see Installing Forefront TMG Service Packs.
#Configuring forefront tmg 2010 twoleg install
Install all the available service packs and updates for TMG 2010. For more information on installing TMG 2010, see Forefront TMG Deployment.
Install Forefront TMG 2010 if it is not already installed. If you have not already installed TMG 2010 and configured it for your network, use this section to install TMG 2010 and prepare the TMG system.
#Configuring forefront tmg 2010 twoleg how to
Troubleshooting can involve comparing log events from TMG logs, SharePoint Server ULS logs, Windows Server event logs, and Internet Information Services (IIS) logs on multiple servers.įor more information on how to configure and use logging in TMG 2010, see Using diagnostic logging.įor more information on general TMG 2010 troubleshooting, see Forefront TMG Troubleshooting.įor more information on troubleshooting techniques and tools for SharePoint Server hybrid environments, see Troubleshooting hybrid environments. Identifying the component that is causing a connection failure can be challenging, and TMG logs are the first place you should look for clues. Logging plays an important role in troubleshooting issues with connectivity and authentication between SharePoint Server and SharePoint in Microsoft 365. TMG 2010 includes both diagnostic logging and a real-time logging interface. > For more info about TMG network topology considerations, see Workgroup and domain considerations.ĭeploying TMG 2010 for use in a SharePoint Server hybrid environment in a back-to-back configuration is theoretically possible but has not been tested and may not work. However, you can configure client certificate authentication only for users in the domain to which the TMG server is joined, so this practice cannot be followed for hybrid environments. The TMG server has to be joined to this domain to use SSL client certificate authentication, which is used for authenticating inbound connections from SharePoint in Microsoft 365.Īs a general best practice for edge deployments, you normally install Forefront TMG in a separate forest (rather than in the internal forest of your corporate network), with a one-way trust to the corporate forest. The TMG server has to be a domain member in the Active Directory domain forest that contains your Active Directory Federation Services (AD FS) 2.0 server.
TMG has to be deployed in an edge configuration, with at least one network adapter connected to the Internet and configured for the external network in TMG and at least one network adapter connected to the intranet network and configured for the internal network in TMG. Before you beginīefore you begin, there are a few things you need to know: This article tells you how to set up Forefront Threat Management Gateway (TMG) 2010 for use as a reverse proxy for a hybrid SharePoint Server environment.įor complete information about Forefront Threat Management Gateway (TMG) 2010, see Forefront Threat Management Gateway (TMG) 2010. APPLIES TO: 2013 2016 2019 Subscription Edition SharePoint in Microsoft 365