none
UAG Direct Access across 2 domains RRS feed

  • Question

  • Hi There

    I have 2 domains that I manage, they have a trust and network connectivity between them. One has an UAG Server which is used for Direct Access to Domain A, we would like Domain B users to be able to use this server to connect through to Domain B.

    Is this possible without Forefront?. At present Domain B users have a contact on Domain A which has the ObjectSID (from domain B) in the msRTCSIP-OriginatorSid field (on Domain A) to allow Lync connectivity which is working well - is there a similar setup for UAG?

    Thanks

    Thursday, May 10, 2012 5:49 AM

All replies

  • Hi Lee,

    As far as there is a two-way trust between Domain A and Domain B, you can add domain B in direct Access wizard to get it worked for Domain B Users. Btw, do you wnat to publish Lync 2010 in UAG?

    Ashu

    Thursday, May 10, 2012 8:26 PM
  • I don't believe you can do it natively with Windows DirectAccess, but you can with UAG DirectAccess.

    UAG simply requires a two-way as discussed here: http://technet.microsoft.com/en-us/library/gg315305.aspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


    Thursday, May 10, 2012 11:39 PM
    Moderator
  • Hi There

    I added domain B to the UAG server and installed the Client GPO on domain B - DA now works on domain B however I can't access any of the servers on Domain B.

    Domain B is on a different VLAN to domain A, could this be it ?

    Friday, May 11, 2012 2:40 AM
  • You will need to make sure both routing and name resolution are working for Domain B. First of all with it being on a different VLAN, yes your UAG server needs to have the correct routes defined to be able to reach this other VLAN, and you will have to re-run the "Network Interfaces" wizard from the Admin menu of UAG Management to include the new VLAN in UAG's internal network definition list.

    Once routing is configured properly and you can successfully contact resources in Domain B from the UAG server itself, you also need to make sure that the NRPT accomodates the namespace of Domain B. This is the "DNS Suffixes" screen inside Step 3 of the DirectAccess configuration wizards.

    Friday, May 11, 2012 2:37 PM