In part 1 Install and configure Forefront TMG 2010 Enterprise Management Server (EMS) for centralized Management—Step by Step, I illustrated how to configure Forefront EMS. In this second part, I will continue on additional configuration and verification required for a functional EMS.
Open Forefront TMG EMS Console, right click in the Forefront TMG Array, Click on Properties. Verify all the settings and Assigned Role. If you want you can add more members in administrator group.
Apply Changes, Click OK. Now create a Firewall Policy allowing HTTP and HTTPS traffic from internal to external network.
Create Connectivity verifiers for AD, DNS and Web as shown below.
Log on to a computer as a domain member in the internal network. Setup proxy in IE and test network.
Installation of certificates in TMG Servers:
Log on to Certificate Authority. Open CA management console. Right Click on Certificate Template, Click on Manage. Select Computer, Right click and Click on Properties. Click on Security Tab, Check Enrol. Then Apply and Click OK. Repeat the process for Web Server.
In the TMG server, open MMC console. Follow these screen shots.
Click on More Information…… you will be resented Certificate Properties. In the Name drop down list, select Common Name and Type a Name, Click Add and Type drop down Select DNS and Type FQDN of TMG server. Click Add. Apply and OK.
Now Export these certificate with Private Key.
Apply Changes. Click Ok.
Create Cache Drive preferably non systems partition. In this example, I am showing Cache drive in systems partition but in production environment you will have more then one partition in TMG server.