Consider the following scenario in Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 1 (SP1):
- You configure a site-to-site virtual private network (VPN) connection from a remote TMG site to your corporate TMG network.
- You join the remote TMG site to the corporate TMG domain and then restart the domain controller.
- You create a new array on the server that is running Microsoft Enterprise Management Server (EMS) where the remote TMG site is to be joined.
- You export the remote TMG site that includes the site-to-site VPN connection information.
- You import the remote TMG site configuration to the new array on the EMS without importing server-specific information.
- You join the imported remote TMG site to the created and prepared array.
In this scenario, the site-to-site VPN connection does not connect. Additionally, the following error message is logged in the Application event log:
The Forefront TMG computer specified as the connection owner for VPN site-to-site network "name" is not valid. Either the connection owner is not configured in the array, or the specified computer was removed from the array. This network will be disabled.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about how to letbclients on remote networks connect to resources on your corporate network by establishing a site-to-site virtual private network (VPN), visit the following Microsoft TechNet website:
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
Description of the standard terminology that is used to describe Microsoft software updates