Microsoft Forefront UAG 2010 Administrator’s Handbook

The Microsoft Forefront UAG 2010 Administrator’s Handbook became available. This book is a must have for every UAG 2010 administrator – complete and comprehensive with a lot of deep technical details around the product. Ben and Ran are doing a great job sharing their long lasting experience with us.

Check it out …

Posted in Books | Leave a comment

Issues occur when you publish OWA in Exchange Server 2010 SP1 by using Forefront UAG

This KB article might interest you when publishing OWA in Exchange Server 2010 SP1 by using Forefront UAG:

Posted in Uncategorized | Leave a comment

Installing UAG SP1 and other hotfixes

UAG SP1 is out supersedes the UAG post RTM updates. In addition to the UAG SP1 it is recommended to install TMG SP1 and TMG SP1 Update 2.

Before installing TMG SP1 you should read the TechNet article “Installing Forefront TMG SP1 on Forefront UAG”.

Posted in Uncategorized | Leave a comment

UAG is running slow? Release the CRL brake!

Are you running UAG in an isolated environment or is UAG blocked from accessing the internet? If so, you may experience delayed response times when logging on to UAG or when accessing the UAG portal.

A possible root cause of the problem might be failed signature certificate verifications because of a missing certificate revocation list (CRL). Several assemblies on your UAG computer are signed and Windows will verify the signature before executing the files. The certificate verification process performs a certificate chain building with CRL checking. If the CRL is missing, a timeout of 15 seconds (default) occurs until the system is responding back. For more information see the TechNet whitepaper Troubleshooting Certificate Status and Revocation.

To work around the problem, just download the following two CRLs regularly from a computer connected to the internet:

On the UAG computer, open the MMC and add the certificates snap-in for the local computer account. Select the intermediate certification authorities and import the two CRL files that you downloaded before.

As a verification step, you should enable CAPI2 logging in the event log and see if there are more certificate verification errors.

Posted in Uncategorized | Leave a comment

A new book about UAG by Ben Ari and Ran Dolev

Ben Ari and Ran Dolev are both remarkable UAG champs at Microsoft.

During the last months, they spent a lot of time to consolidate their deep knowledge and wrote a book about UAG. I am sure, the book will become your UAG-bible. See for more information and how to purchase the book once it is out.

Posted in Books | Leave a comment

Forefront TMG/UAG Help Wanted at Microsoft in Reading, UK and Munich, Germany

Posted in Uncategorized | Leave a comment

Configuring password change permissions for Unified Access Gateway (UAG)

Users can change their user password through the UAG portal. Providing this functionality, it is mandatory that the Active Directory configuration is using a hostname or fully qualified domain name instead of an IP-address. See Configuring Active Directory authentication for more information. It is also required to enable the account used as Server access credentials in the UAG Active Directory configuration with extended permissions. Follow these steps to allow the Server access credentials changing user passwords.

  1. Start the Active Directory Users and Computers management console (dsa.msc).
  2. Select the OU where the server access credentials should have change password permissions.
  3. Right-click the OU and select Delegate Control from the context menu.
  4. Click Next to start the delegation wizard.
  5. Click Add to specify the user account that is used as Server access credentials in UAG.
  6. Click Next to continue.
  7. In the Tasks to Delegate select Create a custom task to delegate and click Next
  8. In the Active Directory Object Type dialog, select Only the following objects in the folder and mark User Objects. Click Next to continue.
  9. In the Permissions dialog, mark General and mark Change Password. Click Next to continue the wizard.
Posted in Uncategorized | Leave a comment