none
UAG CRL check

    Question

  • I've got some questions about UAG behavior.

    1. i get this error: A request from source IP address user to trunk lync; Secure=1 for application Lync of type Lync2010 failed. The endpoint device does not comply with access policy settings ([%PolicyId%]) for session [%SessionId%]. The URL is [%Url%].

    Disable component installation and activation and Disable scripting for portal applications are both unticked.

    2. When i try to browse a published web site, i'm advised that CRL check has failed. But i disabled CRL check as per article http://blogs.technet.com/b/edgeaccessblog/archive/2010/03/31/an-unknown-error-occurred-while-processing-the-certificate.aspx

    i've also set to 1 the following keys:

    HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\FullAuthPassthru

    HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\UrlFilter\KeepClientAuthHeader

    any hint much appreciated :)

    Wednesday, May 23, 2012 9:51 AM

All replies

  • For the certificate you have used in the publishing rule, do you see the CRL accessible? Make sure you publish the CRL if you are using Internal CA for CRL Checks by external clients For testing, you can disable CRL Checks on the Internet Explorer by unchecking the below from advanced options and restarting the IE after applying the change: - check for publisher's certificate revocation - check for server certificate revocation
    Thursday, August 16, 2012 11:39 PM
  • After making those registry changes, did you re-activate UAG and do an IISRESET (or restart the server)? Those things are often necessary before those registry changes will actually get put into place.

    Also, I see "Lync" specified in your trunk information. If you are publishing Lync over this portal, I recommend CHECKING the two boxes that you mentioned - the ones for disabling component installation and disabling scripting.

    Friday, August 17, 2012 2:21 PM