Joining a standalone server to an array in a workgroup deployment

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

There are a number of tasks you must do in Forefront TMG, before you can join the Forefront TMG server to a standalone array in a workgroup environment.

Prerequisite tasks include the following:

  1. On the Forefront TMG storage server, add the IP address of the standalone Forefront TMG server to the Remote Management Computers computer set.

  2. Install the CA certificate as a trusted publisher on the Forefront TMG computer certificates store.

  3. Establish an LDAP session with the storage server (as described in the following procedure).

To establish an LDAP session with the storage server

  1. Click Start, click Run, and type ldp.exe.

  2. From the Ldp menu, click Connection and then Connect.

  3. In Server, type the FQDN of the storage server.

  4. In Port, type 2172, and select the SSL check box.


    If there is a firewall between this server and the EMS, you must open TCP port 3847 on the firewall for the join operation to complete successfully.

  5. From the menu, click Connect and then select Bind.


    If you are logged on using a mirror account, you can click Bind as currently logged on user; otherwise, click Bind with credentials and specify the mirror account credentials, leaving the Domain empty.

If there are no errors in the connection, then you can join your Forefront TMG server to the array. For details on how to join a server to a standalone array, see Creating a standalone array.


Configuring an array of Forefront TMG servers
Configuring Forefront TMG for workgroup deployment


Preparing for installation in a workgroup environment