Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft Forefront TMG - TMG Storage 101
In this tutorial we will show you where Forefront TMG stores configuration settings and how Forefront TMG saves a copy of the TMG configuration in the internal registry .
Before we begin to show you how Forefront TMG stores its configuration data, I want to show you a new technique used in Forefront TMG. There are two different terms that we need to familiarize:
- EMS (Enterprise Management Server)
- CSS (Configuration Storage Server)
EMS
Enterprise Management Server is a server used to manage TMG Enterprise Array or even a standalone server. EMS must be installed on a member server that does not have other Forefront TMG services. Installation on the Windows Domain Controller is also not supported. You do not have to purchase the TMG registration for EMS installed. If you are an experienced user with ISA Server 2006 Enterprise, then Forefront TMG EMS is almost the same as the Configuration Storage Server (CSS) used in ISA Server 2006 Enterprise with a few other points. With Forefront TMG, you can join or disjoin into an array array after installing TMG. This allows the enterprise configuration to be more flexible because you do not have to uninstall and reinstall the Forefront TMG Server to join other TMG arrays. You can also upgrade the Forefront TMG Standard version to Forefront TMG Enterprise without reinstalling.
CSS
The Configuration Storage Server (CSS) is used for all internal TMG installations and provides storage space for the TMG Server configuration. EveryForefront TMG server has an internal CSS. When the TMG Administrator joins the server into a TMG Array, the internal TMG Server will use the Enterprise Management Server (EMS). When Enterprise CSS is applied, internal CSS (AD-LDS instance) will be disabled.
Let's take a look at installing the Active Directory Lightweight Directory service. The Forefront TMG Setup tool will install Windows Server AD-LDS. AD-LDS will be used by Forefront TMG to store TMG configuration data.
Microsoft Forefront TMG - TMG Storage 101 Picture 1 Figure 1: Installed AD-LDS services
The ISASTGCTRL service is the AD-LDS service for the Windows AD-LDS instance. The Forefront TMG storage service (ISASTG) is responsible for storing TMG configuration in AD-LDS and in the internal Windows registry.
Connect to the Forefront TMG configuration via ADSIEDIT
Because the AD-LDS instance uses the same directory structure as Active Directory, we can connect to the AD-LDS instance through tools like the LDP ADSIEDIT and other LDAP tools. For example in this article, we will use ADSIEDIT to connect to the AD-LDS instance. Launch ADSIEDIT and select CN = FPC2 as the CN, specify the server name with port 2171, then you can connect to the data store of the AD-LDS instance.
Microsoft Forefront TMG - TMG Storage 101 Picture 2 Figure 2: Connection with AD-LDS via ADSIEDIT
As shown in the figure, you will see the entire Forefront TMG configuration.
Note : We can change and add entries in the TMG configuration through ADSIEDIT, but we do not recommend using ADSIEDIT to change the settings, if you do not like the results of the changes. there.
Microsoft Forefront TMG - TMG Storage 101 Picture 3 Figure 3: Configuring Forefront TMG in ADSIEDIT
Microsoft Forefront TMG Storage
During the installation of Forefront TMG, a service called Microsoft Forefront TMG Storage (ISASTG) will be created to provide Forefront TMG configuration storage space and allow interaction with the internal registry used to save the configuration. TMG locally.
Microsoft Forefront TMG - TMG Storage 101 Picture 4 Figure 4: Forefront TMG storage (ISASTG)
ADAM_ISASTGCTRL
The AD-LDS instance will install a service called ADAM_ISASTGCTRL, which is the service used to control the locally installed AD-LDS instance. This service will be stopped and set to start type DISABLED when the Forefront TMG Enterprise Server joins an array managed by Forefront EMS.
Microsoft Forefront TMG - TMG Storage 101 Picture 5 Figure 5: AD-LDS instance
AD-LDS database location
The Microsoft Forefront TMG AD-LDS instance is stored in the Forefront TMG installation directory in a subdirectory called ADAMData.
Microsoft Forefront TMG - TMG Storage 101 Picture 6 Figure 6: Location of AD-LDS database
Configure Forefront TMG in the Registry
The Forefront TMG configuration will be stored in the internal AD-LDS instance if Forefront TMG Server is a standalone server or managed by a local array. A copy of the Forefront TMG configuration is also stored in the local registry under HKEY_LOCAL_MACHINE. Each time a new TMG configuration change is applied by the Forefront TMG management interface, the local registry will also be updated. The Forefront TMG Storage service is responsible for this task.
Microsoft Forefront TMG - TMG Storage 101 Picture 7 Figure 7: Forefront TMG configuration in the registry
TMG services have been stopped (TMG Storage)
If you stop the Forefront TMG Storage service, the registry keys will be deleted and automatically re-created after the service has been successfully restarted.
Microsoft Forefront TMG - TMG Storage 101 Picture 8 Figure 8: No Forefront TMG registry entries after the TMG storage service has been stopped
Join Array
If you decide to join the Forefront TMG server into an array managed by an EMS (Enterprise Management Server), it is possible without canceling and reinstalling Forefront TMG. Launch the TMG Management console and start the Join Array Wizard.
Microsoft Forefront TMG - TMG Storage 101 Picture 9 Figure 9: Join an array managed by an EMS Server
During the join of the TMG EMS, the local ISASTGCTRL service will be stopped and disabled.
Microsoft Forefront TMG - TMG Storage 101 Picture 10 Figure 10: The ADAM ISASTGCTRL service is disabled
Conclude
In this tutorial we introduced you to where Forefront TMG saves Forefront TMG configuration settings. Forefront TMG Standard and Enterprise use AD-LDS to save the configuration but copy the TMG configuration stored in the local registry. If the Forefront TMG Enterprise Server joins an array managed by an EMS, the local AD-LDS instance (controlled by the ISASTRGCTRL service) will be disabled.
Marvin FryYou should read it
- Storage configuration
- Storage class in C / C ++
- Data storage: That day and now
- 10 tips to keep cloud storage safe and secure
- The best 'cloud storage' data storage services today
- How to reduce the 'System' storage on iPhone or iPad
- 8 best storage management and monitoring software
- How to store data on Bloom for free
- Microsoft Forefront TMG - Backup and restore capabilities
- Steps to initially set up a new SSD on Windows 10
- Microsoft Forefront TMG - Forefront TMG SDK
- Troubleshooting Forefront TMG
Maybe you are interested
How to fix BOOTMGR is missing error when starting Windows
Install and configure the solution to handle email on TMG 2010 Firewall - Part 1: Installation
Install and configure email handling solutions on TMG 2010 Firewall - Part 2: E-Mail Policy
Install and configure email handling solutions on TMG 2010 Firewall - Part 3
Install and configure email handling solutions on TMG 2010 Firewall - Part 4
Install and configure email handling solutions on TMG 2010 Firewall - Part 5
Basic knowledge
Comparison between Laptop, Netbook and Smartphone- Instructions for buying tabletop machines: Explain technical details
- Try Microsoft Forefront Identity Manager 2010
- Use GUI to create PowerShell scripting using PowerGUI
- Instructions for purchasing desktop computers: Shopping tips
- Microsoft Forefront TMG - Webserver load balancing
Comparison between Laptop, Netbook and Smartphone
Instructions for buying tabletop machines: Explain technical details
Try Microsoft Forefront Identity Manager 2010
Use GUI to create PowerShell scripting using PowerGUI
Instructions for purchasing desktop computers: Shopping tips
Microsoft Forefront TMG - Webserver load balancing