Removing a failed member from TMG 2010 EMS array RRS feed

  • Question

  • Production Setup:

    We have 2 TMG 2010 SP2 servers in an EMS array

    The Configuration Storage server is one of our 2010 CAS servers.

    Issue: One of the TMG servers failed and we are unable to gracefully disjoin it from the ems array. It will not disjoin from the working Tmg giving the following error:

    SSL is enabled for the Local Host Network. You must specify a certificate to use for SSL authentication. The changes cannot be applied.

    The error occurred on object 'Local Host' of class 'Network' in the scope of array 'TMG-Array'.

    Further info:

    When checking our web listener I see that the public certificate is not listed any more on the Certificates tab, that's simply blank. Before the one Tmg server started with its eventual failure the certificate was listed and viewable there.

    Checking the working Tmg member local computer store in Personal certificates our public is there.

    And checking on the working Tmg but this time in mmc to Certificates - Service (ISASTGCTRL) on local computer, the ADAM_ISASTGCTRL\Personal store is empty.


    1. Does our public certificate need to show up there in ADAM_ISASTGCTRL\Personal store? The confusing nature of the situation is that our access rules through TMG are currently working despite the web listener showing no actual certificate.

    2. Is there a way to manually clean out the failed Tmg server? Perhaps correcting the certificate issue will allow us to then disjoin the failed member without that error that currently is thrown.

    Tuesday, August 20, 2013 5:33 PM


  • You are in completely the wrong area.  This section is for Forum Issues only.  You might want to start somewhere like this to have a better chance at an answer.
    • Marked as answer by bsett Tuesday, August 20, 2013 9:46 PM
    Tuesday, August 20, 2013 8:38 PM