Link to home
Start Free TrialLog in
Avatar of jbla9028
jbla9028Flag for United States of America

asked on

Upgrade TMG 2010 to Latest roll up 5

I am working to upgrade our threat management gateway 2010 servers to Rollup 5. I am fairly new to the TMGs, taking on responsibilities from another Admin. I am hoping to get some insight into the upgrade process but online info is kind of scarce. Right now all my servers are running TMG 2010 SP2 BASE. There have been 5 rollups released. Do I need to do each of them consecutively or do I just need to do #5 to get all the changes/fixes? I have 2 TMGs at each site that are paired together. My plan is to shutdown them one by one, and snapshot the server. Also to do a configuration XML backup prior to doing the rollups. Are there any gotchas I need to account for that I may be missing? the TMGs are on the DMZ. I am not planning any special exchange backups. they are backed up as part of the nightly backup process. As far as I can tell this upgrade really doens't touch exchange itself right? Any help from anyone who's performed these upgrades will help greatly! thanks!
ASKER CERTIFIED SOLUTION
Avatar of Dirk Mare
Dirk Mare
Flag of South Africa image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jbla9028
jbla9028
Flag of United States of America image

ASKER

Just a heads up. The install was pretty easy and didn't require much effort. I was on SP1 base. I went straight to Rollup 5 without having to do 1,2,3, and 4 first. My process was to shutdown each TMG server. Snapshot in VMWare. One thing I didn't realize, being so new to TMG and not being the person who installed the product. Part of the install, requires you to point to the storage server. In our environment , it was a separate machine. It may be advisable to have a good backup of that machine as well. The upgrade itself was pretty uneventful but we got a lot of use from the rollup. Some issues that we notice fixed were that the log querying now works properly. We were getting errors running logs from any time periods other than Live for some reason. Another fix, which requires you to run a quick VB script, allows you to now see failed logins with the actual user names of the referenced account. Previously failed logins would show up as anonymous. now they show up was domain\username (!)  . I can search for (!) for client username and now see all failed logons which has been extremely helpful in lockout situations.