Could not bind port 80 on TMG with Windows Server 2008 R2 SP1

During a new implementation of a reverse proxy solution for Exchange Server 2010 OWA based on a Threat Management Gateway 2010 server. I encountered an issue where I couldn't bind port 80 for redirection to port 443. The server where i tried to install and configure TMG on was a Windows Server 2008 R2 SP1 machine.

The following post will guide you thought the issues i had and give you a solution to this problem.



During the installation of Service Pack 1 for Windows Server 2008 R2, the installation automatically installs the .NET Framework 3.5.1. feature. A side effect of installing this feature is that the "Web Server (IIS) role is dependent so this role will automatically install this role.

IIS shouldn't however be installed at all on a TMG machine. This will result in the binding of port 80 on the default network interface.

Before I figured it out, I received the following event in the event log.

Log Name:      Application  Source:        Microsoft Forefront TMG Web Proxy Date:          12-7-2012 14:59:13 Event ID:      14148 Task Category: None Level:         Warning Keywords:      Classic User:          N/A Computer:      --- Description: The Web Proxy filter failed to bind its socket to 0.0.0.0 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional.   To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.

 

After performing a netstat I could see that port 80 was already in use:

C:\Windows\system32>netstat -a | findstr "80"  TCP    0.0.0.0:80             WE-UTR01-TMG01:0       LISTENING TCP    10.31.1.98:8080        WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8008         WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8080         WE-UTR01-TMG01:0       LISTENING TCP    [::]:80                WE-UTR01-TMG01:0       LISTENING

 

After the removal of the Web Server (IIS) Role and .NET dependencies and performing the netstat again, I received the following information:

C:\Windows\system32>netstat -a | findstr "80"  TCP    10.31.1.98:8080        WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8008         WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8080         WE-UTR01-TMG01:0       LISTENING

 

So this looks OK. After configuring the Web Listener and Publishing rules voor Exchange 2010 OWA en ActiveSync i performed the netstat command again and received the following information:

C:\Windows\system32>netstat -a | findstr "80"  TCP    10.31.1.98:80          WE-UTR01-TMG01:0       LISTENING TCP    10.31.1.98:8080        WE-UTR01-TMG01:0       LISTENING TCP    8.8.8.8:80      WE-UTR01-TMG01:0       LISTENING TCP    8.8.8.8:80      194:20682              ESTABLISHED TCP    127.0.0.1:8008         WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8080         WE-UTR01-TMG01:0       LISTENING TCP    127.0.0.1:8080         WE-UTR01-TMG01:10168   TIME_WAIT

 

As you can see port 80 is now binded to both interfaces as it should be. After this I tested the redirection and it worked like a charm.

Good luck in solving this issue if you ever encounter it.