locked
Suggestions for next release. RRS feed

  • Question

  • Intial Internal Application, is able to detect OS version and redirect to a different application. This would be useful for remote desktop, I would be able to point my users directly at the correct app so the experience would be more seamless.

    Monday, May 17, 2010 2:11 PM

Answers

  • Intial Internal Application, is able to detect OS version and redirect to a different application. This would be useful for remote desktop, I would be able to point my users directly at the correct app so the experience would be more seamless.

    Hi Dr Troy,

    Just a thought: you could probably achieve what you are looking for by implementing a custom [TrunkName]1PostPostValidate.inc in InternalSite\inc\CustomUpdate. This script could check for the client OS, and redirect the user browser to the desired application, by modifying the value of the g_orig_url variable.

    -Ran

    • Marked as answer by Erez Benari Wednesday, May 19, 2010 11:41 PM
    Tuesday, May 18, 2010 10:20 AM
  • You can workaround the issue as described here: http://social.technet.microsoft.com/Forums/en-IE/forefrontedgeiag/thread/ce2123c0-5482-4705-8fd5-9d65a8f3ca10

    In the meanwhile, to help you with your current deployments, I can offer the following workaround:

    ·        On the UAG server, launch the Registry Editor (regedit) and locate the following  DWORD value: HKLM\SOFTWARE\WhaleCom\e-Gap\von\UserManager\CredentialsCacheTime

    ·        Change the value to ‘0’

    ·        Restart the Microsoft Forefront User Manager service (and allow it to restart its dependent services)

    There was also a security update for UAG this month: http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, November 10, 2010 8:51 AM

All replies

  • Other things I'd like to see:

    1/ Fix RSA integration (presently it does not work properly since you can enter an A/D password into the SecurID dialogue box, and logon)

    2/ Add some option to define a "Global AD Domain" for a trunk. Something that says "If the user didn't enter a Domain, assume the following Domain". This would make Single-Signon much more effective.

    3/ Fix the OCS Web Access wizard, presently, it 'kindof' works, but you cannot do contact lookups unless you enter the full username of the form user@domain.com

    4/ Fix Terminal Services Session broking, when access via UAG. This just does not seem to work! 

    Tuesday, May 18, 2010 8:40 AM
  • Intial Internal Application, is able to detect OS version and redirect to a different application. This would be useful for remote desktop, I would be able to point my users directly at the correct app so the experience would be more seamless.

    Hi Dr Troy,

    Just a thought: you could probably achieve what you are looking for by implementing a custom [TrunkName]1PostPostValidate.inc in InternalSite\inc\CustomUpdate. This script could check for the client OS, and redirect the user browser to the desired application, by modifying the value of the g_orig_url variable.

    -Ran

    • Marked as answer by Erez Benari Wednesday, May 19, 2010 11:41 PM
    Tuesday, May 18, 2010 10:20 AM
  • Other things I'd like to see:

    1/ Fix RSA integration (presently it does not work properly since you can enter an A/D password into the SecurID dialogue box, and logon)

    2/ Add some option to define a "Global AD Domain" for a trunk. Something that says "If the user didn't enter a Domain, assume the following Domain". This would make Single-Signon much more effective.

    3/ Fix the OCS Web Access wizard, presently, it 'kindof' works, but you cannot do contact lookups unless you enter the full username of the form user@domain.com

    4/ Fix Terminal Services Session broking, when access via UAG. This just does not seem to work! 

    Is there a hotfix for item 1?  We just discovered this and is a huge gaping security hole in my opinion - defeats any reason to have two factor authentication.

     

    Wednesday, November 10, 2010 3:53 AM
  • You can workaround the issue as described here: http://social.technet.microsoft.com/Forums/en-IE/forefrontedgeiag/thread/ce2123c0-5482-4705-8fd5-9d65a8f3ca10

    In the meanwhile, to help you with your current deployments, I can offer the following workaround:

    ·        On the UAG server, launch the Registry Editor (regedit) and locate the following  DWORD value: HKLM\SOFTWARE\WhaleCom\e-Gap\von\UserManager\CredentialsCacheTime

    ·        Change the value to ‘0’

    ·        Restart the Microsoft Forefront User Manager service (and allow it to restart its dependent services)

    There was also a security update for UAG this month: http://www.microsoft.com/technet/security/bulletin/ms10-089.mspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, November 10, 2010 8:51 AM