locked
Uag 2010 ADFS User Group RRS feed

  • Question

  • Dear reader,

    I'm playing around with a new UAG installation.
    I created a portal trunk (not adfs), and published OWA in the portal. When accessing the portal i get the message:

    ADFS User Group
    You have authenticated successfully using Active Directory Federated Services (ADFS), but your user name or group cannot be located in a required Forefront UAG local group.


    I do not have adfs installed, and did not create an adfs trunk. What does this mean?
    MSCE
    Thursday, March 18, 2010 1:17 PM

Answers

  • Solved.
    The UAG checks hostname, so it knows which portal to display. As in hostname.domain.com. I connected to the public ip. Instead of displaying an error that could help, it displayed three different errors at random:

    You cannot access this site due to an internal error.
    Try to access this site again in a few minutes.
    If the problem persists contact the site administrator.

    and

    ADFS User Group
    You have authenticated successfully using Active Directory Federated Services (ADFS), but your user name or group cannot be located in a required Forefront UAG local group.

    and

    The endpoint does not meet access policy requirements for this site.
      Your computer does not meet the security policy requirements of this site. For more information, contact your administrator.
    So just make sure your a record is in place on the public site, and your ok.


    MSCE
    • Marked as answer by Ruud Boersma Thursday, March 18, 2010 7:00 PM
    Thursday, March 18, 2010 6:59 PM

All replies

  • Solved.
    The UAG checks hostname, so it knows which portal to display. As in hostname.domain.com. I connected to the public ip. Instead of displaying an error that could help, it displayed three different errors at random:

    You cannot access this site due to an internal error.
    Try to access this site again in a few minutes.
    If the problem persists contact the site administrator.

    and

    ADFS User Group
    You have authenticated successfully using Active Directory Federated Services (ADFS), but your user name or group cannot be located in a required Forefront UAG local group.

    and

    The endpoint does not meet access policy requirements for this site.
      Your computer does not meet the security policy requirements of this site. For more information, contact your administrator.
    So just make sure your a record is in place on the public site, and your ok.


    MSCE
    • Marked as answer by Ruud Boersma Thursday, March 18, 2010 7:00 PM
    Thursday, March 18, 2010 6:59 PM
  • So just make sure your a record is in place on the public site, and your ok.

     

    Can you please explain this step   in detaild

     

    thank

    Sunday, July 25, 2010 1:12 PM
  • Hi,

    What i meant is that UAG checks which portal to load based on the common name. Like portal.domain.com. So just make sure you have the host A-record set to the right public ip adres. If you connect directly to the public ip (http://123.123.123.123) you will get these errors. You can have multiple portals on one UAG installation that each will load using different common names.

    When using ssl. Make sure you have a public certificate in place with the right common name (portal.domain.com)

     


    MSCE
    Monday, July 26, 2010 12:02 PM
  • I am getting the same error, i.e.:

    ADFS User Group
    You have authenticated successfully using Active Directory Federated Services (ADFS), but your user name or group cannot be located in a required Forefront UAG local group.

     

    and I have tried everything from disabling the trunk to deleting and recreating it. Is there something else that could cause this? We use Active directory authentication, and have "authorize all users" checked in the portal properties authorization tab.


    We are using hostname, not IP address to access the portal.
    Tuesday, December 14, 2010 10:41 PM
  • I also get the same error, just publishing OWA and OWA redirection and this issue is happening randomly:

    ADFS User Group

    You have authenticated successfully using Active Directory Federated Services (ADFS), but your user name or group cannot be located in a required Forefront UAG local group.

    The A record for the domain has recently been changed (Public IP address). But all seems to be correct in DNS. The issue occurs randomly on differnet Windows/non-windows devices..

    Sunday, October 30, 2011 7:04 PM