A fatal error occurred when attempting to access the SSL server credential private key.
I have faced the following error at a client when trying to setup a Forefront TMG 2010 array in a work group environment, however this error is not related to TMG itself so you might encounter it in any setup when your server is using Certificates for server authentication.
When building my Forefront TMG 2010 Array the server designated as configuration storage started logging in the the event log the below error every other minute, I did try to issue another certificate for it and even uninstalled and installed TMG again but nothing did the trick.
Error
A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.
The solution to my problem was granting the Network Service Read permission on the certificate and this is how I did it
Do NOT install Exchange 2010 SP1 on your Edge/TMG server
If you are running Exchange 2010 Edge on Forefront TMG do NOT install Exchange 2010 SP1 on it yet. Doing so will lead to crash your TMG Managed Control service with the error
The Forefront TMG Managed Control service failed to initialize. Error information: Command failed with error: The term 'Get-AntiSpamUpdates' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again
ISA/TMG installation fails with Unable to Connect to configuration Storage Server
While installing ISA or TMG Enterprise Edition the installation might fail with the following error
Setup failed to connect to the specified configuration storage server computer. This may be because the local computer needs to be added to the Replicate configuration storage server computer set. Error code = 0x8007203a
On TMG the error will look like this
You get “Iashlpr initialization failed” error after installing DHCP on Windows 2008R2
After installing DHCP server on windows 2008 R2, you notice that your system event log will be filled with Errors Event ID: 1070 “Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. So DHCP server cannot talk to NPS server. It could be that IAS service is not started.”
Event ID: 1070
Source: DHCP-ServerIashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. So DHCP server cannot talk to NPS server
At first I have ignored this error since it wasn’t affecting my DHCP Server behavior, everything was working fine, and clients were obtaining proper IP addresses and network settings.
Until I had to configure WPAD entry in order to enable TMG Firewall Client to automatically detect the TMG server. TMG clients were failing to automatically detect the TMG Server, I start troubleshooting the issue, I tried everything add/remove the WPAD entry, changing the WPAD value, etc… but all my trials were unsuccessful.
ISA/TMG/IAG/UAG what is the difference!
Lot of people are confused about the difference between ISA/TMG/IAG/UAG, so I thought it would be a good idea to share this information hopping it will clear up this confusion.
Microsoft has lately released the “Forefront Threat Management Gateway (TMG)” formerly known by “Internet Security and Acceleration Server (ISA)”.
Microsoft has also released the “Forefront Unified Access Gateway (UAG)” formerly known by “Internet Access Gateway (IAG)”. By the way both products are run on 64bits only
So this means that TMG is the new version of ISA and UAG is the new version of IAG, mmm pretty simple right?
What is the Difference between TMG and UAG?