Ben Ari's UAG and IAG Blog

Plenty of useful and fun info on UAG, Microsoft's remote access and reverse-proxy product.

Ben Ari's UAG and IAG Blog

  • How to add “change password” direct link to UAG

    One of UAG’s features is the ability to change a user’s password. To do so, the user needs to click on the Credentials Management page on the portal, and then click on Change Password : Some customers asked us how to add a link to this page directly on...
  • UAG Tracing made simple

    ***Updated on Sep 20th 2012…see below*** Unlike many software products, where most errors are presented by the application’s user interface, many of the issues you might encounter have little or no visual indication of what’s going on. In those cases...
  • Certified Endpoints in UAG

    A really useful feature of UAG is the checking for Certified Endpoints. This entails installing a digital certificate on client computers, and configuring UAG to check them upon a client’s connection. If the certificate is not there, or revoked, UAG can...
  • Make head for headers

    In a previous post, I discussed how UAG’s AppWrap and SRA mechanisms can help you solve problems and enhance functionality by performing on-the-fly modification of content that UAG processes. A lesser-known ability of AppWrap and SRA is editing HTTP Headers...
  • How to create a static redirector on a UAG trunk

    Using UAG as a static redirector is a major overkill, but occasionally, it makes better sense to use an existing server than build a special box just for a redirect. While IIS has a simple option to setup a redirector, making such configuration changes...
  • UAG and Office integration

    ***Updated on 23 Jan 2013 with information about Forms-based authentication*** When publishing SharePoint servers, one key feature is office integration – the ability of Office applications to open documents from the UAG site. This might sound like something...
  • UAG Error Codes

    When working with UAG, clients might run into various errors, but the error message that’s displayed to the user may not always clearly tie to the details of the problem. When a user reports a problem, the first step for the UAG administrator is to inspect...
  • Troubleshooting UAG installation and update problems

    An unpleasant situation is when you’re trying to install a product or an update, and get some error message and a failed installation. If this is on a brand new installation, it could be frustrating, because you didn’t even get a chance to cause any problem...
  • UAG and TMG update order

    I’ve referred to types of updates available in another blog post , in which I also list and update all available UAG updates. I also wrote about the update order in another post . However, it appears the topic is still a source of confusion, so I’ll dedicate...
  • UAG custom Form Login

    Single Sign On is one of the most useful features UAG offers, and Form Login is a very unique and clever mechanism. For many applications, this SSO is simple and automatic, but FormLogin can be a little more challenging. This guide will discuss configuring...
  • Shining a light on UAG SP3, IE10 and Windows 8 support

    With the release of UAG SP3, Internet Explorer 10 is now supported by UAG. This support extends to both IE10 on Windows 7 and on Windows 8. Internet Explorer 10 has a few changes to its architecture which can be confusing with regards to how it works...
  • AppWrap and SRA

    The Application Wrapper (AppWrap) and SRA are two mechanisms UAG uses to dynamically rewrite the content of textual web data it processes. When UAG delivers a page to the client, one of the core UAG components known as “the filter” parses the content...
  • UAG Client components fail to work on a Macintosh computer

    When accessing a UAG server from a Macintosh computer, you might run into this error: “Client compliance for site access cannot be verified. There is a problem verifying the identity of the site. This might affect your site experience, depending on corporate...
  • UAG, ADFS, Mobile devices and O365

    Two questions that come up often with regards to UAG is its support for the following two scenarios: 1. Publishing Office 365 (O365) 2. Accessing a UAG trunk that’s configured with ADFS authentication through mobile devices. With the release of UAG SP2...
  • SharePoint publishing concepts and considerations

    SharePoint is probably the most common service that is published by UAG servers out there, and it can be really simple, but sometimes extremely difficult. The situation can be challenging because the external access to the site can be non-trivial, and...
  • Issues with downloading of attachments from OWA on mobile devices.

    Guest post by Shawn Liu An issue encountered by some users is when trying to access OWA published by UAG via mobile devices and downloading attachments. With some platforms, the user may receive an error saying “According to your organization’s download...
  • The configuration cannot be loaded from TMG storage

    One of the common errors seen by many UAG users, usually following a new installation, is the error message “The configuration cannot be loaded from Forefront TMG storage. An unrecoverable error has occurred. The application will close”. This is particularly...
  • UAG and your own code!

    One of the greatest aspects of UAG's customizability is the ability to add your own code into the mix (and not just the look and feel of it!). I've already discussed some ways to do this, like a custom endpoint detection script , and adding JavaScript...
  • Troubleshooting IAG Client installation issues

    The IAG client components are an important part of the endpoint security that the product provides, as these detect and report back to the server what is running on that computer, and more importantly - what's not running. The client tools also are also...
  • Lync publishing on UAG

    Following SP1 Update 1, UAG now supports publishing of Lync. This, however, has some important considerations that need to be followed, with regards to the trunk configuration and the certificates. Even though the Lync application can be added to ANY...
  • What’s the deal with “Public host name”?

    As you may have noticed, some of the application templates in UAG have a setting for a “public host name”…like this: This is known as an “application specific hostname”, or A.S.H for short. You can find this option in the Exchange 2007, Exchange 2010...
  • Enhanced tracing for ASP debugging

    I’ve talked before about how to enable and read UAG’s traces , for advanced debugging and troubleshooting. However, this type of tracing does not cover the entire spectrum. If you ever looked at UAG’s ASP code, you might have noticed that the code has...
  • Form Login Customization Troubleshooting

    In a recent blog article, I wrote about form-login and how to create a custom one. Later on I thought it might be a good idea to details a little bit about the form-login mechanism, and how it works, which could be helpful in troubleshooting this if it...
  • Understanding and troubleshooting the activation process

    Performing a configuration activation on a UAG server is one of those things that we wish we could do without, but understanding how it works and why it is so important can make this a bit more tolerable. The reason for the activation process is that...
  • Troubleshooting RuleSet issues

    One of the primary security mechanisms built into IAG and UAG is the RuleSet engine. This mechanism inspects every URL request submitted to IAG or UAG, and tries to match it to one of the preconfigured rules. These rules define URLs and patterns that...