Ben Ari's UAG and IAG Blog

Plenty of useful and fun info on UAG, Microsoft's remote access and reverse-proxy product.

Ben Ari's UAG and IAG Blog

  • Activation completed…Erez Ben Ari logging off

    As you can guess from the title, this is my last post to this blog. A few weeks ago, I was offered a position as a PM (Program Manager) in the IIS team, and tomorrow is my last day with UAG support. I’ve aspired to be a PM for many years, and that dream...
  • UAG SSL Network Tunneling traffic capture

    Occasionally, one may need to troubleshoot the UAG Network Tunnling (a.k.a. “the Network Connector”). Normally, traffic capturing is done using tools such as Microsoft’s Network Monitor, or WireShark. If, however, you try to run a capture like that on...
  • SRA and AppWrap FAQ

      Here are answers to various F.A.Q. I received over the years for SRA and AppWrap: 1) In the SRA config file, is the application type case sensitive? Answer : No 2) When I make changes to the SRA configuration, do I need to activate? Answer : You...
  • How many IP addresses do I need?

    Setting up a UAG server array provides organizations with the ability to provide higher availability, but it also brings up a common question of how many IP addresses does one need. The confusion usually revolves around two topics – internal vs. external...
  • How to create a static redirector on a UAG trunk

    Using UAG as a static redirector is a major overkill, but occasionally, it makes better sense to use an existing server than build a special box just for a redirect. While IIS has a simple option to setup a redirector, making such configuration changes...
  • How to customize the portal page

    When logging in to UAG, it will display the portal itself, but sometimes, you might want to have your own page. For example, one scenario is when you want to have your own custom links to your applications, or a very customized design that goes beyond...
  • Publishing OMA (Outlook Mobile Access) with UAG

    OMA has been a feature of exchange for many years. Unfortunately, UAG does not have a built in template to publish it, and it’s an unsupported scenario. However, if you need to publish it, and don’t mind the risks of being in unsupported territory, here...
  • Sending mail to the administrator with UAG

    On the UAG portal, you can find an envelope that is a link to create a mail to the site’s administrator (presumably…that’s you!). However, by default, that link is empty and would generate an empty Email. Editing it requires a little bit of customization...
  • Using AutoIT to automate UAG

    A common question comes up from people who need to create a complex configuration in UAG, and are looking for a better way to do it instead of manually entering it. For example, creating multiple applications on the UAG portal, rather than going through...
  • Endpoint policies galore

    If you have a freshly installed UAG server in front of you, you might be considering which Endpoint policies to set for your applications. UAG comes with no less than 27 built-in predefined policies just for Windows computers (plus another 34 policies...
  • How to trace UAG in real time with filtering

    Collecting a UAG trace is a common task for advanced troubleshooting. One of the challenges with regular tracing is the fact that it can produce almost a million lines of text per second, making it hard to find the relevant data in a trace. With busy...
  • Using WMI to diagnose UAG Endpoint Detection

    Sometimes, UAG refuses to admit a client machine, saying that the endpoint doesn’t meet the access policy set for the trunk (or for an application). If the trunk/application policy does indeed enforce certain compliance, and other computers seem to work...
  • Customizing the UAG portal with JavaScript

    Normally, editing the links that UAG shows on the portal is done in the application properties, but sometimes, you might need to do run-time editing to change the URLs dynamically. For example, you might want to add a URL string or parameter that is affected...
  • Where am I?

    Many organizations use an array of UAG servers, with some load balancing technology that might land an incoming user on any one of the servers in the array. In such a situation, a common need is to know to which of the multiple UAG servers the user has...
  • UAG Client components fail to work on a Macintosh computer

    When accessing a UAG server from a Macintosh computer, you might run into this error: “Client compliance for site access cannot be verified. There is a problem verifying the identity of the site. This might affect your site experience, depending on corporate...
  • How to monitor UAG sessions in real-time with a script.

    To track the status of a UAG server, UAG provides us with the terrific Web Monitor. A common need by many companies is to be able to track various things within UAG using an external tool or script. UAGs various Web Monitor ASP pages query UAG’s COM objects...
  • Using UAG SQL logging or data retrieval

    In a previous article , I discussed querying the TMG log directly, which can be useful if one wants to create a complex query to perform advanced data-mining on the log. The same need might apply to a UAG server. Normally, UAG doesn’t log its data into...
  • Exciting news about UAG!

    I have some exciting news to share about UAG! The next update, dubbed internally as "SP-free" is going to follow SP3 and will make UAG free and ad-supported! With this, the activation time will be fixed at 45 minutes and display up to 4 ads...
  • How to add “change password” direct link to UAG

    One of UAG’s features is the ability to change a user’s password. To do so, the user needs to click on the Credentials Management page on the portal, and then click on Change Password : Some customers asked us how to add a link to this page directly on...
  • File size limitations with UAG

    As I discussed in the past , UAG has certain limitations on the sizes of files it can handle. Depending on the file’s content type, UAG may need to load the file into a special content-parsing buffer, or it may pass the file directly as-is. For HTML based...
  • Backend certificate issues – an unknown error occurred processing the certificate.

    A common issue with UAG is having your users receiving an error when trying to launch an application from UAG (such as OWA, for example). The error is “An unknown error occurred while processing the certificate”: It’s important to realize that this means...
  • Activation errors with ADFS trunks

    If your UAG server has an ADFS trunk, you might run into activation errors, saying: Failed to run FedUtil from location C:\Microsoft Forefront Unified Access Gateway\Utils\ConfigMgr\Fedutil.exe with parameters /u "C:\Microsoft Forefront Unified Access...
  • Issues with downloading of attachments from OWA on mobile devices.

    Guest post by Shawn Liu An issue encountered by some users is when trying to access OWA published by UAG via mobile devices and downloading attachments. With some platforms, the user may receive an error saying “According to your organization’s download...
  • UAG, ADFS, Mobile devices and O365

    Two questions that come up often with regards to UAG is its support for the following two scenarios: 1. Publishing Office 365 (O365) 2. Accessing a UAG trunk that’s configured with ADFS authentication through mobile devices. With the release of UAG SP2...
  • Shining a light on UAG SP3, IE10 and Windows 8 support

    With the release of UAG SP3, Internet Explorer 10 is now supported by UAG. This support extends to both IE10 on Windows 7 and on Windows 8. Internet Explorer 10 has a few changes to its architecture which can be confusing with regards to how it works...