We replaced a single TMG 2010 server with a pair of TMG 2010 servers using NLB for internal and external NIC’s. That process in itself was somewhat of a challenge. Along the way we found a bug that was introduced in TMG 2010 SP1. On the single server (non SP1), we had a HTTP listener using a custom port of 8080 (this was for TFS just so you know). On the new servers, we added SP1 for TMG 2010 before adding any rules and then tried to add the HTTP listener on port 8080. However, in the listener properties, as soon as we change the HTTP port and tried to apply we received this error: “This Web Listener is configured to use SSL. You must specify a certificate for use in this Web Listener.”
You can duplicate this by simply creating a new listener, click on the Connections tab, change HTTP port to anything other than 80 and try to apply as shown below.
After seeing the error you may notice that without SP1, the Certificates tab will have all it’s options disabled if you don’t check Enable SSL on the Connections tab. However, after applying SP1 those options on the Certificates tab are not getting disabled and I guess there’s code that keys off that resulting in the erroneous error message we received.
We opened a case with Microsoft and it was confirmed that this is a issue introduced with TMG 2010 SP1 and they are working on a fix. Currently, I see two workarounds:
So there you have it. Just select any SSL cert to get you going even though you may be adding a non-SSL rule/listener. I hope this saves you some time and headache.
Click here to cancel reply.
Remember my details
Notify me of followup comments via e-mail