locked
Direct access kills existing portal RRS feed

  • Question

  • UAG RTM

    I have an existing working UAG portal for my xp users.

    Now when we are migrating to windows 7, I try to activate DA on the uag server.
    Everything seems to be ok with DA but the portalsite stops working.

    The logs in tmg, I get the following denied rule when trying to connect to portal:

     

     

    Denied Connection
    Log type: Web Proxy (Forward)
    Status: 12227 The name on the SSL server certificate supplied by a destination server does not match the name of the host requested.
    Rule: [System] Direct Access mode: Allow IPv6 transition technologies traffic to Local Host
    Source: External (64.155.207.73:1044)
    Destination: Local Host (58.45.92.123:443)
    Request: 58.45.92.123:443
    Filter information: Req ID: 0c80b42d; Compression: client=No, server=No, compress rate=0% decompress rate=0%
    Protocol: https-inspect
    User: anonymous
     Additional information
    • Object source: Internet (Source is the Internet. Object was added to the cache.)
    • Cache info: 0x0
    • Processing time: 0 MIME type:

     

     

    If I dissable this system rule, portal starts working again.
    Problem is that publishing rule should apply instead of this DA system rule. And also the request should be my adressname instead of ip.

    DA and portal are on seperate external ip but on same network card.

    Anyone have seen this before and some ieas to solve this?

    I guess if I disable the system rule, DA will not work.

    Wednesday, March 24, 2010 2:12 AM

Answers

  • Have you tried adding the portal FQDN to the NRPT bypass list?
    Jason Jones | Forefront MVP | Silversands Ltd
    • Marked as answer by Chris_Dozer Thursday, March 25, 2010 10:17 AM
    Wednesday, March 24, 2010 8:52 PM

All replies

  • Have you tried adding the portal FQDN to the NRPT bypass list?
    Jason Jones | Forefront MVP | Silversands Ltd
    • Marked as answer by Chris_Dozer Thursday, March 25, 2010 10:17 AM
    Wednesday, March 24, 2010 8:52 PM
  • Thanks Jason.

     

    You pointed me in the right direction.

    I added the fqdn to the list and after a restart it worked again.

    Maybe a gpupdate had done the job as well.

    Thursday, March 25, 2010 10:16 AM
  • Cool!
    Jason Jones | Forefront MVP | Silversands Ltd
    Thursday, March 25, 2010 5:59 PM
  • Good job!

    Thanks Jason!

    Tom


    MS ISDUA/UAG DA Anywhere Access Team
    Monday, March 29, 2010 3:05 PM
  • Question for you Chris.

    This is happening to me with my unmanaged computers. Does this happended to you on your unmanaged computers? Does this solve the issue also for those computers?

    Thank you in advance!

    Tuesday, December 21, 2010 6:36 PM