We help IT Professionals succeed at work.

Manage Forefront TMG from System Center Essentials 2010

I am trying to get management of our TMG server (which is a VM on a Hyper-V host) working from our SCE 2010 server. I have manually installed the agent and the server appears in the list of computers. The alert status column appears as OK however the Update Status appears as Unknown as does the Operating System column. The Agent Status column appears as Loading (actually it seems to be showing as Loading on all our VMs, the Hyper-V hosts all appear fine, it is just the guests).

All servers are running Windows Server 2008 R2 Enterprise. The hosts are running Core.

TMG is running the full installation as is the SCE server. I have added in a WSUS traffic policy as per this blog (http://blogs.technet.com/b/isablog/archive/2009/11/28/using-windows-server-update-service-for-the-tmg-update-center.aspx) substituting 8531 for 8530 as that is what SCE uses for the Update server.

There is also a policy for the SCE agent with the System Center Operations Manager Agent Installation Port and the Sytem Center Operation Manager Agent Ports added.

As we have just had Patch Tuesday I know there must be at least one or two updates missing.

Is there something else I am missing in my configuration?
Watch Question


Not sure if this is related but when I run wuauclt.exe /detectnow to try and force an update I get the following error in the Windows Application Log recorded 3 times:

Log Name:      Application
Source:        Windows Error Reporting
Date:          11/06/2010 10:15:36
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Gallow-TMG.Gallowglass.local
Fault bucket , type 0
Event Name: WindowsUpdateFailure
Response: Not available
Cab Id: 0

Problem signature:
P1: 7.4.7600.226
P2: 80072ee2
P3: 00000000-0000-0000-0000-000000000000
P4: Scan
P5: 101
P6: Managed

Attached files:

These files may be available here:

Analysis symbol:
Rechecking for solution: 0
Report Id: e48b0dda-7539-11df-af64-00155d900e01
Report Status: 0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <TimeCreated SystemTime="2010-06-11T09:15:36.000000000Z" />
    <Security />
    <Data>Not available</Data>
Keith AlabasterEnterprise Architect
Top Expert 2008

Just check the FTMG SYSTEM policy as opposed to the FIREWALL policy and make sure you have enabled the System Center Operations Manager policy.


Yes, the policy is enabled and the SCE system is added in as a computer set on the To tab
Looks like the issue was to do with a WPAD DNS entry that was pointing to our old Proxy while we got TMG up and running. Weird that despite turning off the proxy setting everywhere possible (including WINHTTP) Windows Update still wanted to use it.