Yuri Diogenes and I have worked together on a number of projects over the years – last year we published three new books on TMG, UAG and Forefront Security for Exchange. You can find more information on these books on Yuri’s blog at http://blogs.technet.com/b/yuridiogenes/archive/2010/07/08/new-forefront...

Ben Ari posted an answer to the Forwarding on the 6to4 Interface cannot be enabled error that you might see when you try to activate the DirectAccess configuration on the UAG DirectAccess server. When you activate the configuration, it will look something like this:   Check Ben’s blog post at http...

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names...

What would you be willing to pay for a really cool IPv6 and DirectAccess troubleshooting cheat sheet? $5? $10? $100? ONE HUNDRED BILLION DOLLARS? Would you pay one hundred billion dollars for these cheat sheets? Since these cheat sheets are priceless we’re going to give them away. Thanks to DirectAccess...

Your first decision when planning a publishing solution using Forefront TMG 2010 (TMG) or Forefront UAG 2010 (UAG) is to determine which of the two products best fits the needs of the deployment. Both TMG and UAG can securely publish Exchange, SharePoint, Terminal Services and web-based line of business...

There’s a continuing debate in the IT Pro community whether or not you can host quality content on a wiki. If you don’t know what a wiki is, it’s a platform where anyone can post content and then after the content is posted, anyone can edit it. Seems like a good idea, since IT Pros can share their collective...

From what I hear, this year is going to be the year where we see the wave of enterprise Windows 7 rollouts take place. While I’m not sure how these assessments are made, it makes sense from where I sit. Windows 7 Service Pack 1 has been released and end users, admins and the media have all been complimentary...

Many of your might know my friend Yuri Diogenes from the great work he’s done over the years for ISA Server and the TMG firewall. Yuri has spent the last several years working in the CSS Security Team, and most of his work was focused on Forefront products. Last Month, Yuri moved from the support organization...

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive...

We’ve received a number of questions recently about UAG DirectAccess support for the IPv6 Internet. When thinking about the IPv6 Internet, you need to think about when the DirectAccess client is on an IPv6 Internet (or on an IPv6 only intranet) and when the UAG DirectAccess server has its external interface...

Got a long drive between home and work? Tired of listening to 80s hits on the radio? Then how about a change of pace and connect with The Edge Man Tom Shinder and Security guru Yuri Diogenes for a couple hours of TechNet Talk Radio? Yuri talks about TMG and how TMG can be used in a number of new scenarios...

I’ve been pretty quiet for most of this month (in fact, this is the first post on the Edge Man blog for March). I was in Redmond for the world wide MVP conference for a week and then spent a week to meet with members of my team on how we’ll approach documentation for the next version of Windows. It was...

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https...

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable...

An interesting question came up a few weeks ago regarding DirectAccess and expiring computer accounts. I thought it was an topical question that brought up some issues worth exploring, so I’m sharing with you some thoughts on the problem here. First a little background. UAG DirectAccess (and Windows...

ISATAP is an optional configuration option you can take advantage of when working with UAG DirectAccess. What ISATAP allows you to do is automatically assign IPv6 addresses to computers on the network that already have IPv4 addresses (which is going to be all of them). The advantage conferred when using...

Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b In this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that...

I shouldn’t have to say it – but you should always enable Microsoft Update on your UAG DirectAccess servers and arrays. In the third step of the UAG Getting Started Wizard you are given the opportunity to enable Microsoft Update (and also join the Microsoft Customer Experience Improvement Program, something...

This is the big day! The results are in for the last quiz in Contest 1. First, I’ll go over the questions and answers and explain some interesting things that came up when I reviewed the answers I received, which had the effect of leading to two correct answers for one of the questions. At the end I...

Wow! This is it – the last quiz in Contest 1. That’s right – this is quiz 4 of the second round. To celebrate this occasion and to make things more interesting, we’re going to have FIVE questions. This will give those who are behind a better chance of catching up and put some pressure on the leaders...

UAG 2010 (UAG) supports two types of network level SSL VPN: Network Connector Secure Socket Tunneling Protocol (SSTP) Network Connector is aimed at legacy clients and SSTP for Windows 7 clients. Network Connector supports both split and non-split tunneling configurations while SSTP, when accessed through...

A couple of good questions were asked on a recent blog post and I figured it was worthwhile to answer them in more detail in a separate post. ==================================== “Can you clarify a couple points related to Certificate Authorities and CRLs?  I plan on getting a commercial certificate...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 2 and Contest 2 Round 1/Quiz 2! Last week’s quiz was a bit different with some practical problem solving scenarios based on screenshots. Let’s see how you did: ================================...

It’s time for your weekly UAG DirectAccess quiz! We’re getting close to the end of contest 1, so make sure you don’t miss a step for the next two weeks. Last week’s quiz was definitely tricky and introduced some obscure or difficult to find information. This week I’m going to try something a little different...

This question comes up frequently when introducing admins to UAG DirectAccess. It makes sense, since public IPv4 addresses are getting more difficult to come by and in fact it’s predicted that there will be an exhaustion of the entire IPv4 address space by next month. So, why do you need two public IP...