Ben Ari posted an answer to the Forwarding on the 6to4 Interface cannot be enabled error that you might see when you try to activate the DirectAccess configuration on the UAG DirectAccess server. When you activate the configuration, it will look something like this:   Check Ben’s blog post at http...

Your first decision when planning a publishing solution using Forefront TMG 2010 (TMG) or Forefront UAG 2010 (UAG) is to determine which of the two products best fits the needs of the deployment. Both TMG and UAG can securely publish Exchange, SharePoint, Terminal Services and web-based line of business...

Many of your might know my friend Yuri Diogenes from the great work he’s done over the years for ISA Server and the TMG firewall. Yuri has spent the last several years working in the CSS Security Team, and most of his work was focused on Forefront products. Last Month, Yuri moved from the support organization...

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive...

We’ve received a number of questions recently about UAG DirectAccess support for the IPv6 Internet. When thinking about the IPv6 Internet, you need to think about when the DirectAccess client is on an IPv6 Internet (or on an IPv6 only intranet) and when the UAG DirectAccess server has its external interface...

Got a long drive between home and work? Tired of listening to 80s hits on the radio? Then how about a change of pace and connect with The Edge Man Tom Shinder and Security guru Yuri Diogenes for a couple hours of TechNet Talk Radio? Yuri talks about TMG and how TMG can be used in a number of new scenarios...

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https...

Event Overview Talk TechNet enables you to get your questions about hot technologies answered in real time. In this session, Dr. Tom Shinder will be here to discuss DirectAccess and what Unified Access Gateway 2010 brings to the DirectAccess table. Tom is a Principal Writer in the Anywhere Access Group...

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable...

An interesting question came up a few weeks ago regarding DirectAccess and expiring computer accounts. I thought it was an topical question that brought up some issues worth exploring, so I’m sharing with you some thoughts on the problem here. First a little background. UAG DirectAccess (and Windows...

ISATAP is an optional configuration option you can take advantage of when working with UAG DirectAccess. What ISATAP allows you to do is automatically assign IPv6 addresses to computers on the network that already have IPv4 addresses (which is going to be all of them). The advantage conferred when using...

Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b In this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that...

I shouldn’t have to say it – but you should always enable Microsoft Update on your UAG DirectAccess servers and arrays. In the third step of the UAG Getting Started Wizard you are given the opportunity to enable Microsoft Update (and also join the Microsoft Customer Experience Improvement Program, something...

This is the big day! The results are in for the last quiz in Contest 1. First, I’ll go over the questions and answers and explain some interesting things that came up when I reviewed the answers I received, which had the effect of leading to two correct answers for one of the questions. At the end I...

Wow! This is it – the last quiz in Contest 1. That’s right – this is quiz 4 of the second round. To celebrate this occasion and to make things more interesting, we’re going to have FIVE questions. This will give those who are behind a better chance of catching up and put some pressure on the leaders...

UAG 2010 (UAG) supports two types of network level SSL VPN: Network Connector Secure Socket Tunneling Protocol (SSTP) Network Connector is aimed at legacy clients and SSTP for Windows 7 clients. Network Connector supports both split and non-split tunneling configurations while SSTP, when accessed through...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 2 and Contest 2 Round 1/Quiz 2! Last week’s quiz was a bit different with some practical problem solving scenarios based on screenshots. Let’s see how you did: ================================...

It’s time for your weekly UAG DirectAccess quiz! We’re getting close to the end of contest 1, so make sure you don’t miss a step for the next two weeks. Last week’s quiz was definitely tricky and introduced some obscure or difficult to find information. This week I’m going to try something a little different...

This question comes up frequently when introducing admins to UAG DirectAccess. It makes sense, since public IPv4 addresses are getting more difficult to come by and in fact it’s predicted that there will be an exhaustion of the entire IPv4 address space by next month. So, why do you need two public IP...

DirectAccess is about being “always-on”. When I start my laptop in the morning, I’m ready to get to work. Even though I don’t work on the Microsoft campus, I’m able to connect to anything I want (that I have permissions to connect to) on the Microsoft intranet without thinking about connecting to an...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 2 and Contest 2 Round 1/Quiz 2! Here you go: =========================================== Question 1: ISATAP is an IPv6 transition technology that enables computers to tunnel IPv6 packets inside...

(If you didn’t participate in Quiz 1 – you can read the rules of the game over at http://blogs.technet.com/b/tomshinder/archive/2010/12/02/uag-sp1-directaccess-contest-quiz-one-round-one.aspx ) It’s time for Contest 1-Round 2/Quiz 2 and Contest 2-Round 1/Quiz 2 Send your entries until 11AM Central Standard...

Take a look at the figures below and see if you can guess what device is in the request/response path that you don’t typically see a UAG DirectAccess deployment. First, the ipconfig output on a DirectAccess client located behind a NAT device: Figure 1 Now let’s ping DC1: Figure 2 Now let’s do a tracert...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 1 and Contest 2 Round 1/Quiz 1! Here you go: ========================================================== Answer to Question 1: When the DirectAccess client connects to the UAG DirectAccess server...

It that time again! The UAG DirectAccess Contest. If you’ve been participating in Contest 1 Round 1, you know the drill. If you’re new – don’t worry about Contest 1 – you’ll be automatically entered into Contest 2 and you’ll be participating in Round 1. And if you participated in Round 1 of Contest 1...