locked
UAG and Autodiscover settings RRS feed

  • Question

  • When setting up mobile devices for Exchange 2010 SP1 w/ UAG 2010 SP1 we are noticing some unexpected behaviour.

    If you are on the inside, behind UAG and use autodiscover to configure the mobile device the user ID is set as username@domain.com, and mobile active sync will work inside but not outside.

    If you are on the outside, and go through UAG to setup a mobile phone with autodiscover the user ID is set as just "username". Active sync will work on the outside but not inside.

    I have confirmed this behaviour with several models and OS versions of both iOS and Andriod devices. The behaviour is the same.


    • Edited by Toby Ellis Friday, December 7, 2012 3:43 PM
    Friday, December 7, 2012 3:42 PM

Answers

  • UAG does not support UPN login by default. You have configure it for UPN usage first as described in the following link:

    Enabling UPN logon for forms-based authentication
    http://technet.microsoft.com/en-us/library/ff607424.aspx

    The fact that some report they are able to logon with UPN; that may be so, but that is because their domain name is the same as their UPN domain and/or one or more Domain Controllers are in the same VLAN as the UAG Servers, which causes broadcast to be able to contact the Domain Controllers. Please try this, and I am pretty sure your problem is solved. Please let me know if it worked out for you.


    Boudewijn Plomp, BPMi Infrastructure & Security

    • Proposed as answer by Boudewijn Plomp Wednesday, December 19, 2012 3:42 PM
    • Marked as answer by Toby Ellis Wednesday, December 19, 2012 3:50 PM
    Wednesday, December 12, 2012 4:00 PM

All replies

  • UAG does not support UPN login by default. You have configure it for UPN usage first as described in the following link:

    Enabling UPN logon for forms-based authentication
    http://technet.microsoft.com/en-us/library/ff607424.aspx

    The fact that some report they are able to logon with UPN; that may be so, but that is because their domain name is the same as their UPN domain and/or one or more Domain Controllers are in the same VLAN as the UAG Servers, which causes broadcast to be able to contact the Domain Controllers. Please try this, and I am pretty sure your problem is solved. Please let me know if it worked out for you.


    Boudewijn Plomp, BPMi Infrastructure & Security

    • Proposed as answer by Boudewijn Plomp Wednesday, December 19, 2012 3:42 PM
    • Marked as answer by Toby Ellis Wednesday, December 19, 2012 3:50 PM
    Wednesday, December 12, 2012 4:00 PM
  • The internal domain is the same as the UPN. I will change the settings in UAG to support UPN but we are seeing mixed results depending on configuration and mobile device type. I will post back if this makes the auto-discover configuration the same. Thanks!
    Wednesday, December 19, 2012 3:52 PM