locked
How configure UAG for non AD host RRS feed

  • Question

  • Is it possible to configure the UAG for the PC which is not a domain memmbers?

    I set up a test server UAG. I can connect to the portal, but do not work up any "Aplications"(from all hosts). Not a rtfm where is the configuration discussed examples?

    Are there any special steps taken to operate in "Aplications"?

    What I did!

    1) Install Server2008R2  / 2 NIC / 1NIC = LAN, 2NIC =WAN

    Test AD all servers ir Server2008R2(DC,DNS,CERT,SCCM.etc)

    2) Installing UAG.

    Pointed Network (LAN / WAN), a configurable Web Access Policy, generated by UAG server certificate(with UAG server) for HTTPS Inspection. Portal created. 443rd Created Aplications for Remote Desktop, File Access, RemoteNetworkAccess. To join the Portal from the Internet is Ok. But Aplications works all over. What can I do to correct?


    cenubit
    Monday, June 21, 2010 1:33 PM

Answers

  • Girts, I'm afraid your question is confusing. Please try to rephrase it - perhaps with the help of an interpreter, and make sure you provide a high level of detail about the situation, the symptoms and things you have tried. If all you need to know is how to create a certificate, then here:

    1. Go to a website of a company that sells certificates, like Verisign, Thawte or others.

    2. Purchase a certificate for the URL you want to publish UAG on.

    3. Import the certificate on your server (the provider from step 1 should provide you with instructions and support for that)

    4. Open the UAG's trunk configuration, and select the new certificate.

    If you wish to use a free, self-signed certificate, read this guide:

    http://technet.microsoft.com/en-us/library/cc753127(WS.10).aspx

     


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, June 29, 2010 8:48 PM
    Tuesday, June 29, 2010 8:48 PM

All replies

  • Hi Amigo. I am not sure to understand your questions. In your post you mention about UAG portal but also Web Access Policy and HTTPS Inspection that are concepts linked to TMG functionality, not UAG. Could you, please, give more details about the deployment scenario and your objectives? Regards
    // Raúl - I love this game
    Tuesday, June 22, 2010 8:53 AM
  • I am not sure but I think blame is a certificate. Give instructions and create new certificate for UAG.
    cenubit
    Thursday, June 24, 2010 10:30 AM
  • Girts, I'm afraid your question is confusing. Please try to rephrase it - perhaps with the help of an interpreter, and make sure you provide a high level of detail about the situation, the symptoms and things you have tried. If all you need to know is how to create a certificate, then here:

    1. Go to a website of a company that sells certificates, like Verisign, Thawte or others.

    2. Purchase a certificate for the URL you want to publish UAG on.

    3. Import the certificate on your server (the provider from step 1 should provide you with instructions and support for that)

    4. Open the UAG's trunk configuration, and select the new certificate.

    If you wish to use a free, self-signed certificate, read this guide:

    http://technet.microsoft.com/en-us/library/cc753127(WS.10).aspx

     


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, June 29, 2010 8:48 PM
    Tuesday, June 29, 2010 8:48 PM
  • Ok. I will try to explain.
    Need-generate correct certificates for free. For UAG HTTPS trunk. To work RemoteDesktop aplication. I do the following:

    From UAG server.
    1) create uagserver.inf file in C:\CERTIFICATE:
    [NewRequest]
    Subject = "CN=vpn.gg.ff"
    MachineKeySet = True
    KeyLength = 2048
    KeySpec=1
    [RequestAttributes]
    CertificateTemplate = WebServer
    2) From cmd:
    C:\Windows\system32>cd C:\CERTIFICATE
    C:\CERTIFICATE>certreq -new uagserver.inf uagserver.req
    Active Directory Enrollment Policy
      {05C9B26B-6FA9-423B-8CF9-203D961E2C64}
      ldap:
    DumpVariantStringWorker: 0: "Microsoft RSA SChannel Cryptographic Provider"
    DumpVariantStringWorker: 1: "Microsoft DH SChannel Cryptographic Provider"
    C:\CERTIFICATE>certreq -submit isaserver.req isaserver.cer
    Active Directory Enrollment Policy
      {05C9B26B-6FA9-423B-8CF9-203D961E2C64}
      ldap:
    RequestId: 23
    RequestId: "23"
    Certificate retrieved(Issued) Issued
    C:\CERTIFICATE>certreq –retrieve 23 uagserver.cer
    C:\CERTIFICATE>certreq –accept uagserver.cer


    The certificate is-generate. I imported the "Certificates" (LocalComputer (TrustedRootCert. ..)).
    Importing it into the "RemoteDesktopSessionHostConfiguration" (RDP-TCP). Importing it into the "RD Gateway Manager".
    I think is Ok! But when set up UAG Trunk "Aplications" and want a certificate to import the target server (for RD),
    then "RemoteDesktopSessionHostConfiguration" on the target server does not see the certificate.


    Currently, when I logged on I-net at UAG server can pinging the target server IP address (the RD target server in local network). But to connect to the RD (Aplication from Trunk) can not.
    What to do?
    cenubit
    Monday, July 5, 2010 1:57 PM