We got word of a couple of instances where an issue occurred on a UAG server after upgrading to Service Pack 4 for UAG 2010 (SP4 is available for download here).
The issue occurs when a configuration file on the UAG server fails to get updated to its latest version, which adds support for IE11. This file is named mobile.browser, and is located in the …\InternalSite\ADFSv2Sites\<trunk name>\App_Browsers\DetectionModule folder on the UAG server.
This file is used by AD FS trunks on UAG in order to correctly recognize and categorize connecting clients. In those cases in which the file was not correctly updated to its latest version by the installation of SP4 for UAG, the IE11 browser is incorrectly recognized by UAG as a mobile device and thus denied access to the AD FS trunk. You can easily recognize that the file is not up to date by its Date modified attribute, which will show a date in 2011.
The fix for this issue, should you be affected by it, is extremely simple. Just follow these easy steps:
Hope this helps.
Thanks to Ophir Polotsky for reporting this issue to us, and to Aaron Ellis for spotting an error in the instructions above.
Senior Program Manager
I would make on mod on this recommendation. Make sure you change the extension on the file instead of just pre-pending old_ to the filename. I only added that tag and ended up with asp errors about duplicate objects and my federated trunks errors when trying to visit anything published on it. Removing the old file altogether instantly resolved the issue.
@Aaron: thank you Aaron, you are of course correct and I've made the correction in the blog post.