I was at a customer today to install a new TMG Enterprise with the Exchange 2010 Edge Transport role installed together with Forefront for Exchange 2010.
After the installation TMG didn’t update the Cloudmark antispam engine.
I found the below error:
12226 The certification authority that issued the SSL server certificate supplied by a destination server is not trusted by the local computer.
Nice error Microsoft !!!!
So to solve the problem I created an exception for lvc.cloudmark.com in the HTTPS policy.
But that didn’t solve the problem – the TMG still blocked the certificate so I also created an exception for the localhost in the HTTPS inspection, and now it worked .
Hope it can help others, until Microsoft changes the certificate for the cloudmark update servers.