We recently experienced an issue when upgrading 2 TMG Servers in a NLB to TMG SP2. As soon as we upgraded the first TMG to SP2 the TMG control service failed to start and the following was logged in the application logged “Microsoft Forefront TMG Control failed to start. The failure occurred during Security Watchdog notification processing because the system call ApplyAccessControlSettings failed. Use the source location 122.86.7.0.9193.540 to report the failure. The error description is: An attempt was made to reference a token that does not exist.”
After troubleshooting we believed the issue was due to us not “Draining and Stopping “ the NLB service on the Host we first updated.
So we followed the following plan
- Uninstalled TMG SP2 form the First Node
- All services started after this
- Opened the TMG console > Monitoring > Services
- Selected Network Load Balancing for the first node
- Choose Drain and Stopped selected service
- Once the Service had stopped we reinstalled SP2
- Once Reinstalled the TMG Control service started and we followed the same process for the 2nd Node and all worked
