Hi,
I have recently upgraded UAG to SP3 and wanted to try Windows 8. I can see the infra tunnel, but the connectivity assistant on Win 8 doesn't appear to have two factor built in. Is this not a supported config with Win 8 yet?
Thanks
Ian
Hi,
I have recently upgraded UAG to SP3 and wanted to try Windows 8. I can see the infra tunnel, but the connectivity assistant on Win 8 doesn't appear to have two factor built in. Is this not a supported config with Win 8 yet?
Thanks
Ian
Sorry I know this question has been addressed in various forms but i've been unable to find a categorical answer. Can the two public IPs required for Teredo be NAT'd to internal DMZ IPs on the DA server, or must the external interface on the DA server still have two public IPs directly assigned to it?
I read a technet article stating that the DA server can be put behind NAT but is then restricted to IP-HTTPS only, yet my colleague is says he has deployed DA NAT'ing the two external IP addresses through to two DMZ IPs on the DA server.
Thanks.
i am especially interested in how domains are added there.
roys99
I have an issue with a user's DirectAccess Connectivity Agent not working. If I try to start the service i get the following error message: "Windows could not start the DirectAccess Connectivity Assistant Service on Local Computer" "Error 1075: The dependecy service does not exist"
I removed agent from "Programs and Features" restarted the computer and tried to reinstall software but the software fails at the part where serive needs to start.
Anyone know a fix?
I have a lab environment with both UAG and SharePoint running in a single forest, single domain environment. I am able to publish RDP sessions, SSRS pages, and a variety of other websites via UAG, but I cannot publish any SharePoint sites. My environment is setup as follows:
Domain: contoso.com (not my real domain name)
UAG Server (2010 SP2): uag.contoso.com (10.0.0.99)
SharePoint Server (2010): sharepoint.contoso.com (10.0.0.25)
Internal SharePoint Site: https://sharepoint.contoso.com:443
The UAG Server has a wildcard SSL certificate of *.contoso.com. PKI services are setup with self signed certificates for internal servers.
Based on the following article: http://technet.microsoft.com/en-us/library/dd861445.aspx
I have setup a UAG Application as follows:
Step 1: Select Application: "Microsoft SharePoint Server 2010"
Step 2: Application Name: "UAG SharePoint Site"
Step 3: Select Endpoint Policies: Default accepted
Step 4: Deploying an Application: "Configure an application server"
Step 5: Addresses: sharepoint.contoso.com
Path: "/"
HTTPS port: "443"
Public host name: "SharePoint"
Replace the host header with the following: "SharePointExt.contoso.com"
Step 6: Authentication "Use SSO" configured to authenticate off contoso.com
Step 7: Portal Link - Defaults selected, "Open in a new Window" checked
Step 8: Authorization "Authorize all users"
SharePoint Configuration:
Public URLs: Default - https://sharepoint Internet - https://sharepoint.contoso.com
Internal URL:
Internal URL: https://localhost Zone: "Default" Public URL for Zone: https://sharepoint
Internal URL: https://sharepoint Zone: "Default" Public URL for Zone: https://sharepoint
Internal URL: https://sharepointext.contoso.com Zone: "Internet" Public URL for Zone: https://sharepoint.contoso.com
Internal URL: https://sharepoint.contoso.com Zone: "Internet" Publich URL for Zone: https://sharepoint.contoso.com
After setting all SharePoint configurations, I restart IIS on sharepoint.contoso.com. Locally,https://sharepoint.contoso.com opens correctly. I sign into UAG on a non-domain joined machine. Select the SharePoint link. Internet Explorer displays the following: "Internet Explorer cannot display the webpage". The website link in the address bar is now https://sharepoint.contoso.com instead of the UAG url that normally hides the web address. Nothing is registered in the UAG web monitor Event Viewer when accessing the site. I have verified that the SharePoint server's firewall is not blocking the site by enabling logging and by repeating the process with the firewall disabled.
I cannot seem to figure our where my configuration issue is. I've also tried creating a blank sharepoint site on port 80 in an attempt to rule out an SSL issue. I get the same results. Any suggestions from the brilliant UAG people out there? As stated before, my UAG environment can publish any other non-SharePoint website without issue.
We're having an odd issue with Direct Access lately. Some (but not all) clients are having an issue accessing some (but not all) servers. Specifically, servers to which we have drives mapped, though the issue affects all means of access - UNC, RDP, web, etc.
We've traced the issue to our internal DNS - The servers that the affected clients can't reach have both an IPv4 and IPv6 address listed (which in and of itself is expected and should not be a problem). However, if we delete the IPv6 record, then the affected clients can then reach that server.
That should be the end of it, at least as far as the work-around is concerned, except that the IPv6 records keep coming back. I've disabled IPv6 (or at least unchecked it - have not yet gone so far as to completely uninstall v6.) on the problem servers, and also unchecked the "register this connection's addresses in DNS" option on the servers. But the IPv6 addresses keep re-appearing in our internal DNS, and when they do, the affected clients stop being able to reach that server over DA.
Anyone have any ideas?
Hi, what are the web application firewall features in UAG 2010? If any reference or document can be shared, it will be really helpful.
Regards,
Angshuman
Hello ,
I am pretty new to UAG/Direct Access and therefore this question.
One of our clients wants to use DirectAccess for their remote users trying access their enterprise network. However their intranet/enterprise wide authentication is done thru a third party RADIUS server. They want to integrate this third party Radius with DirectAccess and thereby have their remote users authenticated using single solution before they launch our Voice/collaborative apps. I have the following question:-
1/ does the client requires UAG for configuring the DirectAccess?
2/ Can the UAG be configured to talk to third party Radius server using IPv4 address for authentication?
3/ In this scenario, will the DirectAccess client "tunneled ipv6 conection" terminate at UAG and then the RADIUS UDP request using IPv4 is passed to the third party Radius server ?
4/Once the authentication is done, can client access both ipv6 and ipv4 addresses ( intranet/internet) & applications/servers? ( and also is in always inband or you can split-tunnel)
thanks in advance,
Sunil.
Is it possible to configure 2 UAG using only NLB without array and DA in DMZ
Scenario:
External Firewall
External interface of both UAG servers are connected to DMZ1 for external communication in NLB
Internal interface of both UAG servers are connected to DMZ2 for internal communication
Internal Firewall
Internal LAN core switch, where servers are connected
If yes then how
1. Users authentication will work
2. How the data flow will work
3. Can we utilise SSL VPN
4. Can we publish apps (exchange, share point etc)
5. Are TMG features will work.
Thanks
Afridi
Hello,
I've the following issue:
Within my UAG have I configured ADFS as authentication repository. With username/password is it working fine.
Now I want to move to client certificate authentication. When I try my adfs server internally, it indeed prompt for my certificate (user certificate and/or smartcard certificate). But when I then reach the page from outside, it didn't prompt for my certificate, and get immediatly an error, saying that the client certificate presented is not valid. (while I had no change to select it)
May somebody have an idea, if this can be solved and how.
Regards,
Daniel
Hello All,
We have currently 150 custom web application protected using Oracle Access Manager behind a Hardware load balancer.
Our intent is to use UAG and ADFS to serve Single Sign On with complete Fault Tolerrance and Session State Full... Based on different readings on technet post I see UAG cant do Fault Tolerrance, reaching out futher to see if any possible work around available?
Thanks in Advance,
Subhasish Mitra
Hello
I have UAG 2010 SP1 and have two SharePoint sites accessible from outside through our UAG with https- Last weeks its working properly and accessible from outside with https://subdomain.domain.com and able to download the endpoint plugins for UAG.
Today i am not able to access sites from outside our all the IE browser stuck on Checking for device compliance...
I dont want to disable end point plugins from UAG... I also updates it to SP1 update 1 but still facing same issue, Any ideas of what could be wrong
Thanks in Advance
Thanks Ranveer Katiyar
Hi all
I am looking for input on a strange error. A customer has implemented DirectAccess (single NIC), using computer certificates for authentication, but when outside, the DirectAccess Connectivity Assistant 2.0 reports:
Corporate Connectivity is not working
An authentication certificate cannot be validated. No connection to the IP-HTTPS certificate revocation list (CRL) is available. Contact the site administrator.
The DirectAccess server is accessible from outside with the correct certificate (https://da2012.customer.com/IPHTTPS), which contains contains a CDP ofhttp://crl.customer.com/crld which is also accessible from outside (as well as an LDAP-based CDP which is not available from the outside).
Running certutil -verify -urlfetch exported-iphttps-certificate.cer passes the validation, and in the Enterprise PKI snap-in all CDP/AIAs show up as OK.
I am about to install KB2615847 but am not sure if this is related since the IPsec tunnel is not between Win7-Windows2008R2, but Win7-WindowsServer2012.
Any suggestions?
Best regards
Maurice
When Connecting to DA I am getting error
0x80092013
Certficate we are using is from Internal PKI.
PLease help to isolate issue.
Thanks
Mandar.
Hi,
The new ECAL suite no longer has UAG, and is replaced with Exchange Online Archiving. What I'd like to know is what happens to customers that were using UAG?
Do they buy UAG CALS SA only at renewal?
Can they keep using UAG till the end of their current agreement "AND" get Online Archiving at the same time?
Thanks!
Bhupinder
Bhupinder
Hi,
Where can i find information about setting-up DA on a 2012 server with Windows 7 clients.
I cannot find any documentation that covers the whole thing (Certificate, Ipv6, isatap, ...)
my main point being i do not need or want them to be in a portal page but rather that each one is access using its own URL - pointing to the r-proxy naturaly..
roys99
Hello,
I wonder if anyone can help me please. I have got a working UAG server using AD authentication using SSO. I am trying to publish a Sharepoint 2010 server using FBA. I have followed Andreas Hecker's blog on how to do this and I have got Erez-Ben-Ari's book on UAG and I have created the VB script which I have put in the von\InternalSite\inc\CustomUpdate folder. I have also configured the database and username and password coorectly as I can log onto our SQL database sucessfully with that account.
When I log onto our portal page and try and enter the SQL credentials I just get a Authentication Failed message appear.
Please if anyone could assist then that would be great!
Any more questions please let me know.
Thank you
Adam
Thanks Ranveer Katiyar
Hi,
I've followed the DCA deployment documentation and have tried multiple methods to automate the deployment via login scripts and via GPO but the client never installs. Running the installer manually works but as soon as we use a switch to make it silent.. the install fails.
Any ideas as to why it wouldn't deploy via these methods?
Regards,
Adrian