Forefront Protection for Exchange Broke Threat Management Gateway

Posted on 2010-09-09
Medium Priority
Last Modified: 2012-05-10
I have an Edge server with Threat Management Gateway installed and properly configured to allow in/outbound mail flow.  Inbound email can only be received from our spam provider's relays, Postini to be specific.  

This was working fine until I installed Forefront Protection for Exchange.  After that, Postini's SMTP tests fail, and I get the following error in the Threat Management logs:

Log Type: Firewall Service
Status: No connection could be made because the target machine actively refused it
Rule: [System] Allow SMTP traffic to the local host for mail protection and filtering.

Under monitoring in TMG:
Email Policy – Configuration Failure
Description:  Command failed with error:  Cannot bind argument to parameter ‘Bindings’ because it is an empty collection.

There doesn't seem to be much in the way of configuration settings inside of FPE, I can't imagine what broke it, but I do know that mid-install, it had to restart the Transport role, and nothing's been the same since.


Question by:NAMEWITHELD12
  • 3

Accepted Solution

michael_b_smith earned 1000 total points
ID: 33638259
Did you just install Exchange 2010 sp1? See here: http://blogs.technet.com/b/isablog/archive/2010/09/01/problems-when-installing-exchange-2010-service-pack-1-on-a-tmg-configured-for-mail-protection.aspx

Don't make any manual changes! Call PSS. I believe there is a QFE available.

Author Comment

ID: 33638289
No on the SP1 -- the FPE installation was on the same disc as the install for the version of Exchange I loaded up...
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 1000 total points
ID: 33652683
Where have you installed FPE - on the FTMG box running the edge service or on the Exchange server or both?

Author Comment

ID: 33774861
Sorry, we abandoned the installation, never could get it to work. :(

Author Closing Comment

ID: 33774878
We discovered that the installation of the app was removing the rules we set up to allow email in/out through TMG.  We decided that with our external spam/virus protection service, and our back end scanning capabilities, that we didn't need the hassle.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question