One issue that you will come across while working with TMG 2010 & Forefront Protection 2010 for Exchange Server is the integration between the two. By default, once you have both TMG & Forefront in the same box and has configured “Email Policy” in TMG, the TMG takes full control of the Forefront configuration. Any configuration change that needs to be made to Forefront has to be made in TMG.
If you act clever and make the changes in Forefront console, TMG will periodically check & overwrite the Forefront config with what is being configured on TMG. This is something to bear in mind.
Now, some users find alerts being generated in the TMG console once in three minutes or so saying that “TMG detected changes in Microsoft Exchange Server or Microsoft Forefront Protection configuration, and reapplied the e-mail policy configuration”.
An error will be logged in the event viewer as well with event id 31506.
This error generation happens every 3 minutes and it gets to a point where your event viewer has thousands of these error messages. You get the same alerts in the “Alerts” tab in the “Monitoring” node in TMG console. This looks to be a bad coding from the Forefront team that neither are they exposing all Forefront options to be configured in TMG console nor letting us to make a change in Forefront.
Until the team sorts this issue of overwriting, you can disable the integration between Forefront & TMG and you will be able to configure your desired settings in Forefront. To do that, open the TMG console and navigate to the “Troubleshooting” node (last one) and click on “Control Email Policy Configuration Integration” button on the right hand side.
Select “Disabled” and click OK.
Apply the changes.
Make sure that the integration is disabled by navigating to “Email Policy” node.
No more 31506 errors!