locked
Changing Application Authorization slows login to a crawl RRS feed

  • Question

  • Hello all,

    I am trying to publish Outlook Web App via the UAG, and as long as I set the application authorization to the default of "Authorize all users", there is no noticeable delay for users logging in to the portal from outside the organisation via their AD credentials. So far, so good.

    The problem arises when I try to restrict application authorization to only a select user or group. As soon as I uncheck the "authorize all users" checkbox, and re-activate the UAG, the user login process takes almost exactly 30 seconds before the User is added to the Session.

    This is apparently too long a wait time for our end-users, so I'm trying to find a way to make it much quicker, while still being able to control access via AD groups.

    points of note about our setup are:

    UAG is in the DMZ and is not domain joined. Thus 'use local AD forest authentication' is not available to me.

    UAG is patched to SP1, running version 4.0.1752.10000

    The Trunk is https, the Authentication Server type is Active Directory, and Connection Settings is set to 'Defined DC's' (both are running global catalogue roles) on the default ports.

    Base DN is set at CN=Users etc etc, subfolders is unticked, and nested level is 0.

     

    Is anyone else running into this issue? I don't have any customised scripts or pages, it's just a vanilla UAG install.

    Thanks in advance,

    Shannon

    Thursday, September 15, 2011 5:44 AM

Answers

  • solved it, didn't have all the required ports opened.

    • Marked as answer by ShannonTSG Tuesday, September 20, 2011 12:22 AM
    Tuesday, September 20, 2011 12:22 AM

All replies

  • Hi Shannon,

    In your AD authentication server definition on UAG, what's the level of nested groups that you have configured?


    -Ran
    Thursday, September 15, 2011 6:43 AM
  • Hi Ran, level of Nested groups is zero, and the checkbox next to subfolders is unticked.

    cheers,

    Friday, September 16, 2011 12:01 AM
  • solved it, didn't have all the required ports opened.

    • Marked as answer by ShannonTSG Tuesday, September 20, 2011 12:22 AM
    Tuesday, September 20, 2011 12:22 AM
  • To be useful for future people looking at this thread, can you please be more specific?
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, September 20, 2011 10:05 AM