TMG fails to load after enabling Kerberos authentication in HA scenario

Author: Luis Fernandes July 12, 2020 21:11

Versions / Builds Affected

Any TMG version

Status

Resolved

Problem Summary

TMG fails to load after enabling Kerberos Authentication in HA scenario.

TT / JIRAID

990

How to Identify

Customer sets up a high availability (HA) TMG environment and enables Kerberos authentication as outlined here: http://blogs.technet.com/b/isablog/archive/2011/10/12/new-in-sp2-kerberos-authentication-in-load-balanced-scenarios.aspx In this setup it is suggested to run the TMG Firewall service under an domain user account which member only of a dummy group (and NOT a local nor domain admin). When configuring this the TMG Firewall service fails to load and the following event is logged: Event ID: 14146 Source: Microsoft Forefront TMG Web Proxy Forefront TMG failed to load Web Filter DLL D:\TMG2010\\WebMonPlg.dll

Workaround / Fix Details

Make the TMG Firewall service account a local admin (this might pose a security risk).

Required Actions

Explain the workaround. Explain that WebMonitor has not been designed with this scenario in mind.

Articles in this section