none
UAG Direct Access configuration group policy RRS feed

  • Question

  • While applying the configuration policy at the final step of Direct access configuration , it is taking lot of time and seems to be hanged. 

    Here is the step at which it seems to be stalled.

    > Executing policy script.

    

    ============ UAGDA Group Policy Apply Started

     

     

    ============ Configuring Client GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' on domain 'DOMAIN.local'

    Trying to create GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' in domain 'DOMAIN.local', with apply permissions for the accounts 'NT AUTHORITY\Authenticated Users'

    > Trying to find GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)'

      GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' found

    > Checking if GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' permissions are set to the correct accounts

      The GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' apply permissions are already set to the correct accounts.

    > Done

    Trying to clear all links for GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' in domains 'DOMAIN.local'

    > Clearing all links for GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' in domain 'DOMAIN.local'

      > Done!

    Clearing all links for GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' - done!

    Linking GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' >

        to 'OU=Workstations,OU=ABC,OU=India,OU=DOMAIN Solutions,DC=DOMAIN,DC=local'

        Linked

    Checking if GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' in domain 'DOMAIN.local' is writable.

    > Trying to find GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' on domain 'DOMAIN.local'

      GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' found

    > Checking if the GPO 'UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)' is writable

      The GPO is writable

    >> DirectAccess Client Registry settings:

    Opening client GPO registry settings.

       clearing old settings...

    Executing Set Client Entry NRPT1 ...

    done.

    Executing Set Client Entry NRPT2 ...

    done.

    Executing Set Client Entry NRPT3 ...

    done.

    Executing Set ClientDNS.DnsFallback ...

    done.

    Executing Set ClientNLA.DnsProbeContent ...

    done.

    Executing Set ClientNLA.DnsProbeHost ...

    done.

    Executing Set ClientNLA.SitePrefixes ...

    done.

    Executing Set ClientNLA.DomainLocationDeterminationUrl ...

    done.

    Executing Clear DCA.Rootkey ...

    done.

    Executing Set ClientTransitioning.Teredo Server Name ...

    done.

    Executing Set ClientTransitioning.Teredo Default Qualified ...

    done.

    Executing Set ClientTransitioning.6TO4 Router Name ...

    done.

    Executing Set ClientTransitioning.IPHTTPS Client URL ...

    done.

    Executing Set ClientTransitioning.IPHTTPS Interface Role ...

    done.

    Executing Set ClientTransitioning.IPHTTPS State ...

    done.

    Executing Set ClientTransitioning.Force_Tunneling ...

    done.

    Executing Clear OTP.Rootkey ...

    done.

    Executing Clearing NAP policies ...

    done.

    Executing Configure SMB client fix ...

    done.

    Saving all client GPO registry settings (may take a few minutes)...

    done.

    >> DirectAccess Client Registry settings:

    Opening client GPO registry settings.

    Saving all client GPO registry settings (may take a few minutes)...

    done.

    >> Configuring DOMAIN.local\UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL)

    Executing Reset local GPO for DOMAIN.local\UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL) ...

    done.

    Executing Activate Windows Firewall public profile ...

    done.

    Executing Activate Windows Firewall private profile ...

    done.

    Executing Set the ICMP exemption ...

    done.

    Executing Set MainMode Phase1CryptoSet(mmkeylifetime) ...

    done.

    Executing Set MainMode Phase1CryptoSet(mmsecmethods) ...

    done.

    Executing Set UAG DirectAccess Client - Clients Access Enabling Tunnel - All. ...

    done.

    Executing Set UAG DirectAccess Client - Clients Corp Tunnel. ...

    done.

    Executing Set UAG DirectAccess Client - Exempt NLA. ...

    done.

    Executing Set UAG DirectAccess: Allow outbound TCP to the IP-HTTPS server ...

    done.

    Executing Export local policy to file ...

    done.

    Executing Import from export-file to domain gpo=DOMAIN.local\UAG DirectAccess: Clients (ABC-UAG.DOMAIN.LOCAL) ...

    Please advice.
    Regards

    Thursday, September 22, 2011 5:18 AM

Answers

  • It went through maybe it usually takes a long time to perform this step. In my case it took 2 hours to complete this step.

     

    Regards

    • Marked as answer by Dharm Singh Thursday, September 22, 2011 6:21 AM
    Thursday, September 22, 2011 6:21 AM