toolsignThere is an issue that may arise after the installation of UAG Service Pack 3 on Forefront UAG acting as a DirectAccess server. After the installation, DirectAccess clients may not be able to connect to corporate intranet resources which are provisioned with only IPv4 addresses.

This problem occurs because the Microsoft Forefront UAG DNS64 service is not running on the DirectAccess server. This service provides DNS translation of IPv4 A records to IPv6 AAAA records required for DirectAccess client access. During the installation of UAG SP3, this service is stopped and the startup type is set to MANUAL. The service startup type should be AUTOMATIC and the service should be running when DirectAccess is enabled on the UAG server.

After installing UAG SP3 (or UAG SP3 Rollup 1) on a Forefront UAG server acting as a DirectAccess server ensure the DNS64 service is set to AUTOMATIC and started.

Using integrated NAT64 and DNS64 with Forefront UAG DirectAccess

Deep Dive Into DirectAccess – NAT64 and DNS64 In Action

J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up:
System Center – Configuration Manager Support Team blog:
System Center – Data Protection Manager Team blog:
System Center – Orchestrator Support Team blog:
System Center – Operations Manager Team blog:
System Center – Service Manager Team blog:
System Center – Virtual Machine Manager Team blog:

Windows Intune:
WSUS Support Team blog:
The AD RMS blog:

App-V Team blog:
MED-V Team blog:
Server App-V Team blog:

The Forefront Endpoint Protection blog :
The Forefront Identity Manager blog :
The Forefront TMG blog:
The Forefront UAG blog: