none
RemoteApp error "your computer does not meet the security policy requirements of this application"

    Question

  • Hi All,

    I'm getting this error when trying to launch a RemoteApp link even though I've set the endpoint policy's to "Allow".

    The network is set up like so;

    UAG RTM demo installed on Windows Server 2008 R2

    • FQDN: uag01.domain.tld
    • Public name: vdesk.domain.tld
    • Inside interface: 192.168.1.253/24
    • Outside interface: 192.168.0.9/24 statically NATed to public IP

    Domain controller Windows Server 2003

    • FQDN: dc02.domain.tld
    • IP: 192.168.1.3

    Terminal Server 2008

    • FQDN: ts01.domain.tld
    • IP: 192.168.1.10

    Windows XP and Windows 7 clients are able to run RemoteApps when they connect directly to ts01.domain.tld through the firewall. When they try to launch from the link in UAG however they get the message "your computer does not meet the security policy requirements of this application". The RemoteApp was published by following the documentation exactly "http://technet.microsoft.com/en-us/library/ee441339.aspx". The listed RDS host is ts01.domain.tdl and the public DNS record for this points to the UAG box. I have even set the endpoint policies to "always".

    Hope you can help as I've run out of ideas.

    Kind regards,

    Stuart

     

    Thursday, April 08, 2010 2:03 PM

Answers

All replies

  • Did you set the policies on both the trunk configuration and on the application itself?
    Friday, April 09, 2010 8:20 PM
  • Hi Kfyhr,

    Thanks your your response, I've come from using ISA server products and have never used IAG or UAG before, so some of the concepts in UAG are new to me. I have left the trunk settings as default and tried publishing the RemoteApp links with default settings, then changed the application Endpoint Policies to 'always' when I got the error message.

    Do I have to set a specific permission to allow RemoteApp applications to run in the portal? The trunk Endpoint Access Settings are set to;

    Session Access Policy = Default Session Access

    Privileged Endpoint Policy = Default Privileged Endpoint

    Socket Forwarding component installation = Default Privileged Endpoint

    Stuart

    Saturday, April 10, 2010 12:11 PM
  • The default session access policy should let in any station, so that should be fine. Please inspect the Web Monitor on your UAG server, and look at the SECURITY log. It should shed some light on what is actually causing the block.

    You can then have a look at my blog that discusses troubleshooting access stuff:

    http://blogs.technet.com/ben/archive/2010/03/15/troubleshooting-ruleset-issues.aspx


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    Wednesday, April 14, 2010 12:23 AM
    Owner
  • Thanks Ben, I'll try it this evening.

    Stuart

    Wednesday, April 14, 2010 5:42 AM
  • Hi Ben,

    I am facing the same issue. Here is the log message from UAG Web monitor.

    "A request from source IP address x.x.x.x to trunk portal; Secure=1 for application SSL VPN of type RemoteNetworkAccess failed. The client endpoint does not comply with access policy settings (Hybrid_Default_NonHTTP_App_Access) for the requested application. The session ID is 401D05BE-47EF-43C2-BF98-C44F48ABD235. The URL is/SSLVpn/B232B8DEF6874F0198BFBC37261FF843/?FirstActivation=true. "

    Can you please help me where I am wrong.

    Regards,

    • Proposed as answer by Enzensperger Wednesday, September 01, 2010 2:46 PM
    Wednesday, May 12, 2010 7:40 AM
  • Hi Ben,

    I am facing the same issue. Here is the log message from UAG Web monitor.

    "A request from source IP address x.x.x.x to trunk portal; Secure=1 for application SSL VPN of type RemoteNetworkAccess failed. The client endpoint does not comply with access policy settings (Hybrid_Default_NonHTTP_App_Access) for the requested application. The session ID is 401D05BE-47EF-43C2-BF98-C44F48ABD235. The URL is/SSLVpn/B232B8DEF6874F0198BFBC37261FF843/?FirstActivation=true. "

    Can you please help me where I am wrong.

    Regards,


    Hi.

    I am the same issue and the same log message. Have you find a answer?

    Regards,

    Wednesday, September 01, 2010 2:49 PM
  • Hi.

    I am the same issue and the same log message. Have you find a answer?

    Regards,

    What application are you trying to access, I have a feeling this is not a RemoteApp, is it?

    The log message points to the fact that the client machine from which you are trying to launch the application does not comply with the Application Access Policy configured for this application. So what you need to do is either make you client machine compatible with the policy, or adjust the policy itself. If you wish to change the policy, open the application properties window, click on the Endpoint Policy Settings tab and select a new Access policy from the drop-down list, or create a new policy first and then select it.

    HTH,

    -Ran

    Thursday, September 02, 2010 12:38 PM
  • We are using UAG and we are getting this error,

    A request from source IP address xx.xx.xx.xx, user to trunk schooluag; Secure=1 for application AppName of type GenericWebRelayMulti failed. The endpoint device does not comply with access policy settings (Hybrid_Default_Session_Access) for session 8683CB70-537B-4965-9850-EF2990C8E5A0. The URL is /sites/Schools/xx/Shared%20Documents/2010-11%206%20Day%20School%20Calendar%20FINAL%20VERSION.doc.

    I can't seem to find how to fix this. Does anyone have any ideas?

     

    Friday, January 14, 2011 4:33 PM
  • Hi Jean,

    See if this: http://technet.microsoft.com/en-us/library/dd857309.aspx or this: http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/b4bb6530-34f5-4d08-9238-1ea53a1c819f/ help.

    There are many other resources out there, so let us know if you need more help. Maybe you should even open a new UAG Forum thread, since your issue is not related to RemoteApp, which is what this thread was about.

    Regards,


    -Ran
    Friday, January 14, 2011 6:54 PM
  • Hi Rn,

    Can you please tell how an end point look like which allows anyone to access the resource means I want t allow any type of computer to access it.

    Regards/Anwar

     

     

     

    Wednesday, January 19, 2011 3:30 PM