cannot connect DirectAccess. UAG TMG blocks traffic RRS feed

  • Question

  • I have installed a UAG gateway and had no problems with the installation, nor configuring the GPO's.

    My client cannot connect using DA. On checking the logging on the TMG server that is installed on the UAG box I see that traffic from client is denied by the default rule.

    IPv6 over IPv4 Tunnel    Denied connection

    Teredo                          Denied connection

    Is there any manual configuration that needs to be done on the UAG box TMG? I assumed all was done by the configuration wizard.


    Sunday, April 11, 2010 11:26 AM


All replies

  • No, the wizard should apply all changes.

    Doublecheck your troubleshooting with this: http://technet.microsoft.com/ja-jp/library/ee624056(WS.10).aspx

    And maybe try this: http://technet.microsoft.com/en-us/library/ff384241.aspx



    Jason Jones | Forefront MVP | Silversands Ltd
    • Marked as answer by Erez Benari Wednesday, April 14, 2010 12:29 AM
    Monday, April 12, 2010 12:08 AM
  • I also recommend that you go through the step by step guide. You'll get experience with the moving parts and it provides some significant context to the documention, that you wouldn't have if you hadn't already gone through the process of creating a working deployment.




    MS ISDUA/UAG DA Anywhere Access Team
    • Marked as answer by Erez Benari Wednesday, April 14, 2010 12:28 AM
    Monday, April 12, 2010 1:51 PM
  • Thanks to both, this is resolved now.

    I had the Root certificate that verifies certificates sent by DirectAccess clients to be a commercial root certificate, (Digicert). When I changed this to the root of my internal private CA the clients connected fine.

    The certificate I use for IP-HTTPS on the same page of the wizard is a wildcard commercial certificate, *.mydomain.com, I first thought using wildcard certs might be causing problems but they obviously work fine.

    Thanks again


    Wednesday, April 14, 2010 11:45 AM
  • Hi Tim,

    Ha! That would do it :)

    Good to hear you figured it out and thanks for the follow up!


    MS ISDUA/UAG DA Anywhere Access Team
    Thursday, April 15, 2010 12:34 AM