Configure custom HTML error message on Forefront TMG 2010 and redirect users to corporate notice

Log on to Forefront TMG Server, Browse to %Program Files%Microsoft Forefront TMGerrorhtmls . Copy default.htm file and paste inside a folder called banned. Now modify the file using Microsoft Office word and add corporate logo and notice. Once you have modified this file, it will automatically create a folder named default_files containing this logo files. Now in an IIS server, copy the banned folder to %windir%inetpubwwwroot to publish a website that will be sub-domain to your domain for example .

If you do not want sub-domain then you can publish this site as . For this article, i am going to publish custom error url as sub-domain.

Log on to an IIS server. right click on IIS server, Click Add web Site, Type Site Name, Point Physical Path as shown on the picture. In the host name, type FQDN of the web site. You don’t need to create a separate web server to do this you can add web site to an existing web server.

 3 4


Log on to DNS server, Open DNS management console, right click on forward lookup zone, add CNAME

 6 7

Log on to Forefront TMG server as an administrator, click Networking, right click on internal network, click on property, click on web browser, check Bypass proxy for web servers in the network.


Apply changes and click ok. Open internet explorer and test newly created website.


From the TMG console, click web access policy, In the Tasks Tab, click on configure web access policy,

 12 13


  16 17  

 21 22

Here, cache drive shown in system partition, however in production environment setup cache drive in separate partition.

24 23 

  26 11

Right click on newly created deny policy, click on property, click on action tab, on the redirect web client box type custom url to redirect  users.


To test this policy, log on to a computer using a test username and browse any website classified in the banned category. you will be redirected to new website as follows.



Relevant Articles

How to configure WPAD server

TMG step by step

1 thought on “Configure custom HTML error message on Forefront TMG 2010 and redirect users to corporate notice

  1. Hi Raihan
    I have same design as discuss by milind. Detail is given below.
    1 ASA fire wall(external interface is connected to the switch 2960 which is further connected to WAN router)
    2. ASA Firewall (Internal interface in connected to switch 2960, which is further conneted to the TMG( external interface). and 3.the web server is connected to the switch.
    4. TMG is further connected to the CORE SWITCH (mean layer
    3 switch.)
    5. which is futher connecte to other switches.
    6. servers (exchane sever , database server are connected to one of these switches.

    Please reply that this network desgin will work if not then suggest any change



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.