locked
How to get UAG 2010 SP1 Direct Access to work in single-label AD domain? RRS feed

  • Question

  • Hi! Our customer have a single-label AD domain (ADDOM.), installed for Windows 2000 and now operating at 2008 R2 DFL+FFL levels, with Exchange 2010. We are now installing a new server with UAG 2010 SP1 for Direct Access connectivity, but are unable to activate the Direct Access configuration that results after DA wizard in the MS Forefront UAG Management MMC. When pressing the Activate button, an error message "An error occured while loading the configuration. Please configure DirectAccess again" appears on the screen.

    After reviewing similar posts in internet, it is quite clear that SLD domain names are not supported in UAG SP1.

    However, what we are wanting to do now, is a workaround, which might get the UAG DA working also in this AD domain. We really want to avoid restucturing the whole AD for this.

    How to go workaround the SLD support issue in UAG DA installation?

    Kind regards,
    Kari,
    MCITP/W2008

    Wednesday, May 30, 2012 9:27 AM

Answers

  • Hi,

    As Jason Jones states in his blog . "I don’t believe UAG DirectAccess has ever supported this particular scenario,
    but I cannot find any documentation to confirm or dispute this statement at this time. "

    If you are unwilling to go down the restructure AD route then I would look at another VPN or connection technology.


    Regards, Rmknight

    • Marked as answer by Kari O Thursday, May 31, 2012 6:40 AM
    Wednesday, May 30, 2012 12:34 PM

All replies

  • Hi,

    From the Forefront UAG DirectAccess prerequisites for SP1.

    Infrastructure
      servers

    You must have at least one domain controller running Windows Server 2003 or
      later,

    I don't think you can get around the single label namespace.

    Please see the following information. http://blog.msedge.org.uk/2011/10/single-label-dns-domain-names-and-uag.html


    Regards, Rmknight

    Wednesday, May 30, 2012 10:31 AM
  • Is it really so that there is no workaround?
    As understood in some posts, the RTM version of UAG DA might have supported SLD domains, but the SP1 version not. What might the specific reason for this to be and, is there any workaround for it?

    Why I'm still asking this is that, the AD restructure project would be unreasonable big job to do.

    Br, Kari

    Wednesday, May 30, 2012 11:43 AM
  • Hi,

    As Jason Jones states in his blog . "I don’t believe UAG DirectAccess has ever supported this particular scenario,
    but I cannot find any documentation to confirm or dispute this statement at this time. "

    If you are unwilling to go down the restructure AD route then I would look at another VPN or connection technology.


    Regards, Rmknight

    • Marked as answer by Kari O Thursday, May 31, 2012 6:40 AM
    Wednesday, May 30, 2012 12:34 PM