none
UAG access on windows 8.1

Answers

All replies

  • Hi Ashish

    I had the same problem with Windows 8.1 and IE11, the UAG Server 2010 SP3 couldn't handle it and redirected the browser to the mobile page.

    in my case the instructions on the blog solved the problem. be sure that all the special characters ( ' " ) match the web.config formatting.

    by the way, UAG 2010 SP4 will resolve the problem (Q4)

    Wednesday, October 16, 2013 1:24 PM
  • I think its a serious problem that UAG isnt supporting WIndows 8.1


    Friday, October 18, 2013 10:09 AM
  • You can access the your UAG portal when adding the url to your compatibility list.

    One problem remains even: VPN cant be used - because UAG does incorectly detects the firewall settings and asumes there is none :-/

    Friday, October 18, 2013 12:00 PM
  • Thanks for the tip about compatibility mode. Saved me lots of troubleshooting as I couldn't logon. However I now seem to have lost our published RDP apps and RDP connections. I noticed that I wasn't prompted to enable RDP on the browser as with IE 10.

    I would have expected them to be greyed out but they aren't there at all. Is anyone else seeing similar behaviour. Windows 8 RT worked fine so I'm guessing there is a change due to the upgrade.

    Thanks again.


    Darren

    Friday, October 18, 2013 5:03 PM
    • Proposed as answer by Darren Thorley Wednesday, October 23, 2013 10:41 AM
    Saturday, October 19, 2013 12:10 PM
    Moderator
  • Hi Ashish

    I had the same problem with Windows 8.1 and IE11, the UAG Server 2010 SP3 couldn't handle it and redirected the browser to the mobile page.

    in my case the instructions on the blog solved the problem. be sure that all the special characters ( ' " ) match the web.config formatting.

    by the way, UAG 2010 SP4 will resolve the problem (Q4)

    Hi Nyff,

    Is there any way that you could post your modified web.config file (I don't think it should contain any identifiable information)?  I am also having trouble following the blog article to fix the issue on the server side.  Every time I edit the web.config file it either doesn't work or I get an IIS error of some kind; I must be making some kind of syntax error etc.

    Tuesday, October 29, 2013 7:02 PM
  • Has anyone been able to follow this blog and get it to work:

    http://support.risualblogs.com/blog/2013/06/30/uag-portal-on-microsoft-surface-windows-8-1-displays-as-mobile-site/

    I've attempted it repeatedly and I can't seem to get it to work.  The other 'fix' that Microsoft proposed is a bit of a hassle for users/clients to have to do and I'd much prefer to do this on the server side.

    Here are the appropriate lines (per the blog article) that I modified (the first line is a new line that you have to add, the other 3 are changes to existing lines):

                <DetectionExpression Name="IE11" Expression='UserAgent Contains "mozilla" AND UserAgent Contains "rv:11"' DefaultValue="false" />
                <DetectionExpression Name="Mobile" Expression='!IE11 AND (MobileDevice OR WindowsCE)' DefaultValue="false" />
                <DetectionExpression Name="IE" Expression='Browser Contains "ie" OR Browser Contains "msie" OR Browser Contains "IE11"' DefaultValue="false" />
                <DetectionExpression Name="Windows8" Expression='UserAgent Contains "windows nt 6.2" OR UserAgent Contains "windows nt 6.3"' DefaultValue="false" />

    Any idea why that might now be working?  Also, has anyone contacted Microsoft about this and gotten an official, server-side fix? I mean if ALL you really need to do is update the web.config, 1 engineer at Microsoft could theoretically code the hotfix for that in less than 2 hours.  Yeah, yeah I know it would have to go through testing, some kind of approval process etc. etc. but it's not like IE11 is absolutely brand new at this point, 8.1 has to have been tested internally at MS for a long time now.  I am pretty frustrated/annoyed that every time MS rolls out a new version of IE it breaks UAG functionality and then there is a serious lag time afterwards before they release an official patch or fix.

    Wednesday, October 30, 2013 5:50 PM
  • Another update, and the issue is the same when Win 8 and IE 10 came.

    Why oh why, is this happening? You would think, that Microsoft did'nt want us to use UAG anymore!

    The emulation trick, and the other trick dosent solve the issue.. All remote app, and RDP apps is not showing. Only Sharepoint sites and internet sites are showing in the portal.

    Thursday, October 31, 2013 1:00 PM
  • I tested out the client side recommended 'work around'  linked here:

    http://blogs.msdn.com/b/testingspot/archive/2013/09/09/fix-for-microsoft-uag-connection-errors-when-using-internet-explorer-11-with-windows-8-1.aspx

    That did NOT work for 8.1 clients running IE11 connecting to our portal.  It would download the UAG client side components but would not allow the client to progress to the login screen.

    What is the official fix for this issue?

    Friday, November 01, 2013 6:51 PM
  • we are having same problem. For users who were already accessing our portal and had uag client component install, portal is working fine follwoing the emulation mode workaround (but it's pain, not always work)

    users who never accessed our portal (means uag end-point component is not installed) are unable to see remote app activeX component based. somehow IE 11 is not letting user install the endpoint component.

    has anyone found any workaround for this? what need to change more in IE 11 from settign perspective so we can downloaded and install client componenet

    please assist on this

    Thanks

    SS

    Wednesday, November 06, 2013 3:33 PM
  • Any updates from anyone able to get this to work?  Has anyone reached out/contacted Microsoft for an official fix?  Any word on an SP4 timeline?  Microsoft is rolling out IE11 to Windows 7 home systems now, so have to imagine that this problem will be amplified soon enough.
    Tuesday, November 12, 2013 7:33 PM
  • Still no fix.

    How can Microsoft charge money for this?!?

    Wednesday, November 13, 2013 11:01 PM
  • I have not had a chance to try this fix (I will likely early next week) but here is another random site that provides better guidance into how to actually implement the 'risualblogs' fix:

    http://konab.com/fixing-windows-8-1-access-uag-2010-can-cause-error-500/

    Basically, this site is just saying that the 'risualblogs' site fix (linked here: http://support.risualblogs.com/blog/2013/06/30/uag-portal-on-microsoft-surface-windows-8-1-displays-as-mobile-site/) is missing a couple of steps/pieces of information.

    However, even this fix is likely not nearly as ideal as a REAL hotfix/patch/announcement from Microsoft.  And you are modifying the web.config files, which will likely be overwritten by a future patch etc. from Microsoft.

    • Proposed as answer by Thomas Maaløe Friday, November 15, 2013 9:12 AM
    • Unproposed as answer by Thomas Maaløe Friday, November 15, 2013 9:12 AM
    Wednesday, November 13, 2013 11:05 PM
  • I have found an solution to the issue, without any configuring on the UAG servers.

    First you need to set the domain name in the compatibility settings in the explorer. Tools -> Compatibility -> add domain name of the portal.

    Then logon to the portal, and press F12, and follow the settings in the picture below:

    

    The icons are still not showing after the settings have been made. But then you need to log off, and logon again.

    And bang, the site is now working in Win 8.1 IE11:

    The sad thing is that you need to do this every time you logon to the UAG portal on Win 8.1

    Enjoy the fix :-)


    • Proposed as answer by Thomas Maaløe Friday, November 15, 2013 9:27 AM
    • Edited by Thomas Maaløe Friday, November 15, 2013 9:27 AM Missing a letter
    Friday, November 15, 2013 9:24 AM
  • Hi Thomas, thanks for the update; much appreciated.  However, let me be clear.  The above fix is exactly what was suggested by Microsoft and it did NOT work for my test machines on multiple attempts.  So, this does not appear to work in every scenario.  Also, it's absolutely ridiculous that Microsoft proposed this is a fix when you need to reset it and do it again every single time you need to logon to UAG.  As far as we are concerned, for our users, that's not a fix at all.  Thanks again for laying out how you did it (much appreciated) I just want to make sure that if anyone from MS reads this thread they are aware that the fix you implemented (which is what they suggest) is not acceptable or working for everyone.
    Friday, November 15, 2013 4:06 PM
  • You can access the your UAG portal when adding the url to your compatibility list.

    One problem remains even: VPN cant be used - because UAG does incorectly detects the firewall settings and asumes there is none :-/

    This is the real problem!

    Using the script and information in this posting: http://blogs.technet.com/b/ben/archive/2013/04/02/using-wmi-to-diagnose-uag-endpoint-detection.aspx I was able to determine that the problem is on the connecting machine: the Windows 8.1 Firewall is not registered in WMI, a query for it returns that no instances are running and UAG refuses the connection.

    You can test this with the script or using:

    • wbemtest.exe and connecting to root\SecurityCenter2
    • Click 'Enum Classes', 'OK'
    • You will see the classes with among them AntiSpyWareProduct, AntiVirusProduct and FirewallProduct
    • double-click one and click 'Instances'
    • Notice FireWallProduct returns no instances even if Windows Firewall is enabled and running...

    So it's not really an UAG issue.

    Question remains: can we register it in WMI ourselves or does MS have to fix this???

    Tuesday, November 19, 2013 9:31 AM
  • As an update to this post, I went ahead and followed the fix linked here: http://support.risualblogs.com/blog/2013/06/30/uag-portal-on-microsoft-surface-windows-8-1-displays-as-mobile-site/

    Then I included the updates here to edit both the appropriate web.config files: http://konab.com/fixing-windows-8-1-access-uag-2010-can-cause-error-500/

    There is also a syntax error or two in the risualblogs posting.  In case anyone needs it, here is what the edited lines for both the appropropriate web.config files should ACTUALLY look like in my estimation.  I did not include the entire config file, just the lines that you need to edit:

            <DetectionExpressions>
                <DetectionExpression Name="IE11" Expression='UserAgent Contains "mozilla" AND UserAgent Contains "rv:11"' DefaultValue="false" />
                <DetectionExpression Name="Mobile" Expression='!IE11 AND (MobileDevice OR WindowsCE)' DefaultValue="false" />
                <DetectionExpression Name="IE" Expression='Browser Contains "ie" OR Browser Contains "msie" OR Browser Contains "IE11"' DefaultValue="false" />
                <DetectionExpression Name="Windows8" Expression='UserAgent Contains "windows nt 6.2" OR UserAgent Contains "windows nt 6.3"' DefaultValue="false" />
    	</DetectionExpressions>
    However, even after doing this, I can still not get this to work on my test 8.1 client.  I think the above poster (UniMatrix) might be correct that it's a 8.1 firewall WMI query issue. Still this is something that should be official patched via a hotfix by Microsoft.  Waiting for SP4 (which again, hasn't been announced and there is ZERO information on) is ridiculous.


    • Edited by pcarlson Tuesday, November 19, 2013 7:35 PM
    Tuesday, November 19, 2013 7:34 PM
  • I went ahead and installed Checkpoint's ZoneAlarm free firewall and now have a registered firewall visible in the UAG client components.

    Unfortunately still no VPN )-:

    Wednesday, November 20, 2013 7:13 AM
  • Do I change the web.config in internalsite or also the portalhomepage folder?

    MCITP Enterprise administrator

    Wednesday, November 20, 2013 10:56 AM
  • Do I change the web.config in internalsite or also the portalhomepage folder?

    MCITP Enterprise administrator

    You have to change the web.config in BOTH locations:

    C:\Program Files\Microsoft Forefront Unified Access Gateway\von\InternalSite

    C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage

    Though, again, for me it didn't make any real difference on the client (I couldn't even get the 8.1 client to the login page).

    Wednesday, November 20, 2013 4:08 PM
  • I'm getting a runtime error after logging on.

    Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.            

    Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".
    <!-- Web.Config Configuration File -->
    
    <configuration>
        <system.web>
            <customErrors mode="RemoteOnly"/>
        </system.web>
    </configuration>
                      

    Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
    <!-- Web.Config Configuration File -->
    
    <configuration>
        <system.web>
            <customErrors mode="On" defaultRedirect="mycustompage.htm"/>
        </system.web>
    </configuration>


    MCITP Enterprise administrator

    Wednesday, November 20, 2013 7:28 PM
  • Hi Folks!

    based on Thomas informations of his settings in Win8.1/IE11 I've put up a short walktrough of all neccesary steps to logon successfully on UAG and take advance of the full set of features (even RDP and VPN/SSL).

    The guide could be found here:

    http://www.nextgen-networks.de/techblog/109-microsoft-unified-access-gateway-uag/38-restore-full-uag-features-with-windows-81-client-systens.html

    Greetings from Hamburg/Germany

    Ralf


    Tuesday, November 26, 2013 5:03 PM
  • Wednesday, November 27, 2013 6:08 PM
  • UAG SP4 is released providing support for Windows 8.1 and RDP 8.1

    https://www.microsoft.com/en-us/download/details.aspx?id=41181

    https://support.microsoft.com/kb/2861386

    Thursday, November 28, 2013 6:04 AM
    Moderator
  • Has anyone had any issues installing UAG 2010 SP4? I have installed it on my secondary Windows 2008 R2 Server, which has TMG 2010 SP2 Rollup 4 and UAG 2010 SP3 Rollup 1, and I cannot get the "Microsoft Forefront UAG Session Manager" service to start.  I receive a Event 7031 stating, "The Microsoft Forefront UAG Session Manager service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service."  I receive this error once a minute. If I roll back SP4 everything works as expected and the services start.     
    Monday, December 02, 2013 12:02 AM
  • As a slight update, I installed SP4 on our UAG server and it resolved the issue with 8.1 and IE11 client connectivity.  Any clients that previously had Forefront UAG EndPoint components on them had to uninstall and redownload said components before they could connect successfully but afterwards they worked fine.

    We did NOT run into the service startup issue that others have mentioned so unfortunately I don't have any feedback on that or a solution.
    Wednesday, December 04, 2013 5:37 PM
  • Ghildebr,

    I've ran into the same issue with you.  If you come up with a resolution please post it here.  Thanks.

    Tuesday, December 10, 2013 5:19 AM
  • I ended up opening a case with Microsoft to fix the issue. Since it was a bug in SP4 they did not charge me for it. They did numerous steps in attempting to find the issue but I believe if you follow the steps below it should work for you. I assume no responsibility if these steps break your system.  It would also be a very good idea to Export a working Configuration prior to installing SP4, just as a failsafe.

    1. Install SP4 then reboot.
    2. When services fail to start launch Forefront UAG Management tools.
    3. Do a Reload Configuration and then an Activate Configuration.
    4. Reboot and services should start.
    Tuesday, December 10, 2013 8:30 PM
  • **Previous night I had rolled back to the SP3 Rollup 1 Update.

    Today before seeing your note I performed the following:

    -Launched UAG (prior to SP4)

    -Saved the current configuration, Ran Activation

    -Installed SP4 update

    -Rebooted and once it came up the system was updated and working perfectly on SP4.  The only thing different I did today was launch the manager save the configuration, ran activation then install SP4. 

    Hope this helps someone else out in the future!  Thanks for replying Ghildebr.

    Wednesday, December 11, 2013 5:30 AM
  • Ghildebr and Chris - I also had the same problem with SP4 and had to uninstall it to get back to SP3 rollup.

    I think the problem is that when I put on the SP3 roll up - I didn't go in and activate. The second time around I did that and the SP4 install worked correctly.

    Friday, March 14, 2014 1:19 AM