UAG DirectAccess error activating policy RRS feed

  • Question

  • Hello, I've configured a single UAG server trying to setup Directaccess for clients for remote administration. I appear to have set everything correctly, but when I activate the policy it gets to:


    Executing Set MainMode Phase1CryptoSet(mmkeylifetime) ...
    failed. Access is denied.

    I'm running as a domain admin, so I don't think this is really a permissions issue. I do have FIPS-compatible crypto algorithms enforced, and I tried changing my IPSec mainmode settings to just sha-384 and aes-cbc 256 DH Group 2.

    Anyone run into this error before? Googling gives me basically nothing.


    Thursday, November 3, 2011 10:25 PM

All replies

  • Well, I answered my own question. The problem is requiring FIPS-compliant algorithms. Basically the IKE algorithms that UAG uses include some algorithms that aren't on the FIPS approved list (AES, SHA1, SHA256+).

    As soon as I disabled the requirement for FIPS algorithms, the policy saved successfully.

    Hopefully this helps someone else out in the future.

    Saturday, November 19, 2011 5:08 PM