locked
"Missing Credentials" error after UAG SP2 installation. RRS feed

  • Question

  • After installing SP2, the portal login accepts only "domain name\user name" even if the system is joined to a domain. If "user name" alone is used, login fails and the "Missing Credentials" error is displayed in the Web Monitor. If SP2 is uninstalled, then portal login is as expected.

    Wednesday, August 15, 2012 9:27 AM

All replies

  • Are you authenticating against an ad? have you entered your domain in "default domain name" in the configuration of the authentication server? should fix the problem.

    br

    Thursday, August 16, 2012 9:01 AM
  • I think that setting is needed only if single sign-on is required. I say this because it works fine when SP2 is uninstalled even without configuring the "default domain name". I tried it anyways, but still see the error.

    Thursday, August 16, 2012 10:01 AM
  • I have installed UAG SP2 on two UAG arrays. I have justed checked it to make sure, but don't have the issue you mention. Although I have configured both UAG arrays to support UPN authentication. I can login with single username, DOMAIN\username and username@domain.com without problems. Both UAG arrays are domain-joined and have an Authentication Server that uses static Domain Controller settings.


    Boudewijn Plomp, BPMi Infrastructure & Security

    Thursday, August 16, 2012 1:19 PM
  • I have many customers with SP2 installed and have not heard this yet. I also just confirmed on my own demo box with SP2 that it does not require me to enter the domain name, so it must be something particular to your config, probably the config of the Auth Repository.

    My demo environment is a basic AD environment, UAG configured with static DCs (using FQDN, not IP - if you are using IPs you should really change to FQDN anyway, and perhaps this causes the issue?)

    Thursday, August 16, 2012 8:09 PM
  • Hi @all,

    I have one customer who uses the UAG portal functionality. After UAG SP2 has been installed, the checkbox "Authorize all users" was deactivated in the Portal application and all other applications published in the portal. The customer only allowed special AD users / user groups access to the applications in the portal and we had to reconfigure the authentication settings for each application in the portal trunk


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Monday, August 20, 2012 12:54 PM
  • Same problem here. I could logon using UPN, after sp2 I can only logon using domain\username.

    The uag resides in child domain x.domain.com and the users in y.domain.com. There are multiple upn suffixes maintained in y.domain.com because it's a Multi-tenant environment.

    best regards,

    Ruud.


    MSCE

    Saturday, November 17, 2012 9:51 PM
  • Keep in mind, UAG does not support UPN login by default. You have configure it for UPN usage first as described in the following link:

    Enabling UPN logon for forms-based authentication

    http://technet.microsoft.com/en-us/library/ff607424.aspx

    The fact that some appeared to be able to logon with UPN; could be beacuse their domain name is the same as their UPN domain and/or one or more Domain Controllers are in the same VLAN as the UAG Servers, which causes broadcast to be able to contact the Domain Controllers.


    Boudewijn Plomp, BPMi Infrastructure & Security

    • Proposed as answer by Ruud Boersma Monday, November 19, 2012 8:38 AM
    Sunday, November 18, 2012 8:48 AM
  • That's what surprised me. It worked without the technet workaround before. But they are indeed in the same subnet. That explains alot. Thanks.


    MSCE

    Sunday, November 18, 2012 6:25 PM