imageIt that time again! The UAG DirectAccess Contest. If you’ve been participating in Contest 1 Round 1, you know the drill.

If you’re new – don’t worry about Contest 1 – you’ll be automatically entered into Contest 2 and you’ll be participating in Round 1. And if you participated in Round 1 of Contest 1 but didn’t do so well, there’s still a chance to improve in Contest 2 – so make sure you send your entries.

You can find the rules of the game over at

Now for the questions!

Question 1:
When the DirectAccess client connects to the UAG DirectAccess server, it establishes two IPsec tunnels – the infrastructure tunnel and the intranet tunnel. All traffic destined to the intranet travels through these two IPsec tunnels with the exception of what type of traffic?

     A.  ICMPv6
     B.  ICMPv4
     C.  DCOM
     D.  SIP (Session Initiation Protocol)

Question 2:
A DirectAccess client is connecting from behind a home NAT device to a UAG DirectAccess server. The user calls the Help Desk and says that he isn’t able to connect to anything on the intranet. You tell the user to open a command prompt and ping the name of a domain controller and the ping succeeds. Then you tell the user to ping the name of a file server and that ping succeeds. Next, you tell the user to ping the name of a web server and that ping succeeds. Then you tell the user to use the net use command to connect to a share on the file server and that fails. Next you tell the user to connect to a share on the domain controller and that attempt is successful. Finally, you tell the user to connect to the web server and that connection attempt fails.

What is the most likely reason for this user’s failure to connect to the resources he needs?

     A.  The Internet Service Provider is blocking IP Protocol 41
     B.  Kerberos authentication is failing
     C.  NTLMv2 authentication is failing
     D.  The DirectAccess client doesn’t trust the UAG server’s computer certificate

Question 3:
Which of the following are new features included with UAG DirectAccess Service Pack 1?

     A.  Wizard based configuration of the DirectAccess Connectivity Assistant (DCA)
     B.  Wizard based configuration of “manage only” DirectAccess client connectivity
     C.  Support for Smart Card Authentication
     D.  Support for One Time Password (OTP) Authentication

There you go!

Now send your answers to me at (make sure to use this link since it contains the subject line I need):

Send your entries until 9AM Central Standard Time (-0600 UTC) on Monday January 9th.

Good luck!

Tom Shinder
Principal Knowledge Engineer, Microsoft DAIP iX/Forefront iX 
UAG Direct Access/Anywhere Access Group (AAG)
The “Edge Man” blog (DA all the time):
Follow me on Twitter:

Visit the TechNet forums to discuss all your UAG DirectAccess issues

Stay up-to-date with “just in time” UAG DirectAccess information on the TechNet wiki