From Microsoft only the Forefront TMG Retail (7.0.7734.100) version is available, so if you do a fresh install you need to apply at least the following updates:
- Service Pack 1 (7.0.8108.200)
- Service Pack 1 Software Update 1 (7.0.9027.400)
- Service Pack 2 (7.0.9193.500)
- Service Pack 2 Update Rollup 4 (7.0.9193.601)
These updates all take serious time to install when applied to a system. Not a bug issue, since you don’t have to attend the whole process. But when a new installation is part of the recovery strategy, time is precious.
To slipstream the files:
- Copy the Forefront installation media to a writable location
- Download the updates.
- Apply them using the Windows Installer (msiexec.exe) with the /a /p parameters.
Copy Installation Media
The installation media looks like the screenshot below, although the real installation magic is in the FPC folder. It is the FPC folder that contains the actual MSI of Forefront TMG.
Downloading the updates has never bin such a… Let’s say that the larger part of the updates can only be requested via e-mail. Although it is automated and an e-mail with the download link is directly sent to you, I do wonder why Microsoft made it like this.
Anyway, here are the “download” links:
- KB981324 Service Pack 1 (7.0.8108.200)
- KB2288910 Service Pack 1 Software Update 1 (7.0.9027.400)
- KB2555840 Service Pack 2 (7.0.9193.500)
- KB2870877 Service Pack 2 Update Rollup 4 (7.0.9193.601)
Make sure to get the updates for the right platform (x86 or x64).
Some updates provide a direct download to the MSP file which is a Windows Installer Patch file that can be applied to an existing MSI file. Others come in an exe that can be extracted by using the filename.exe /t switch.
I put together the following file structure:
- .\TMG 2010 SP1\TMG-KB981324-AMD64-ENU.msp
- .\TMG 2010 SP1 Software Update 1\TMG-KB2288910-amd64-ENU.msp
- .\TMG 2010 SP2\TMG-KB2555840-amd64-ENU.msp
- .\TMG 2010 SP2 Update Rollup 4\TMG-KB2870877-amd64-GLB.msp
Apply MSI Patches to Forefront TMG Installer
For success results the patches should be applied on a system that falls within the software requirements of Forefront TMG. I did this on a Windows Server 2008 R2 installation.
The common way of slipstreaming MSI updates is: msiexec.exe /a Product.msi /update Update.msp
Run msiexec.exe /? for more information on all parameters.
In this case it becomes:
msiexec /a .\7.0.9193.601\en-US\x64\FPC\MS_FPC_Server.msi /update \TMG 2010 SP1\TMG-KB981324-AMD64-ENU.msp
msiexec /a .\7.0.9193.601\en-US\x64\FPC\MS_FPC_Server.msi /update .\TMG 2010 SP1 Software Update 1\TMG-KB2288910-amd64-ENU.msp
msiexec /a .\7.0.9193.601\en-US\x64\FPC\MS_FPC_Server.msi /update .\TMG 2010 SP2\TMG-KB2555840-amd64-ENU.msp
msiexec /a .\7.0.9193.601\en-US\x64\FPC\MS_FPC_Server.msi /update .\TMG 2010 SP2 Update Rollup 4\TMG-KB2870877-amd64-GLB.msp
The end result is updated Forefront TMG installation media that installs out of the box with all updates.
I got a part of the information from Richard Hicks blog post. But this post is based on SP2 without Update Rollup 4.