locked
UAG/DA working partially? RRS feed

  • Question

  • Hi Guys,

    I'm attempting to setup UAG/DA for the first time and am running into some problems.  I setup the DA Connectivity Assistant to help narrow it down but I am unable to figure out what is wrong.

     I've configured my UAG server with 2 consecutive public IPs and internally on our network.  I setup an NLS server and have verified it is only accessible internally.  I am able to apply and active the policies with no problem.

    My DA certificate is issued by an internal CA.  I've configured the CA to publish CRLs to an externally accessible CDP and verified I can connect to this when I external.

    The DA Connectivity assistant shows the Direct Access is Working when I am connected to our LAN.  When I check the logs externally it appears some of the tests are working.  The server I used as my test point is specified as an infrastructure server and its DNS suffix is set to use DNS64.  

    There is a firewall between my UAG/DA and the internet.  I've allowed HTTP/HTTPS and UDP 3544.

    I'd appreciate any help and can provide more information as needed.

     

    Probes List 
    PASS - PING: 2002xxxxxxxx60fc:3358 
    FAIL - FILE: \\SERVER\DirectAccess\test.txt 

    DTE List 
    PASS - PING: 2002xxxxxxxx 60fc:3358 
    PASS - PING: 2002xxxxxxxx 60fc:3357 


    I think this may be the problem but am not sure what to do to fix it.  Any ideas?

     

     

    Settings for .corp.domain.com

    ----------------------------------------------------------------------

    Certification authority                 : DC=com, DC=domain, DC=corp, CN=CA

    DNSSEC (Validation)                     : disabled

    DNSSEC (IPsec)                          : disabled

    DirectAccess (DNS Servers)              : 2002:xxxxxxxx3358

    DirectAccess (IPsec)                    : disabled

    DirectAccess (Proxy Settings)           : Bypass proxy

     




    • Edited by T.Weeks Saturday, December 31, 2011 4:15 PM
    Friday, December 30, 2011 4:28 PM

Answers

  • Got this working.  I needed to re-issue my machine cert on the UAG server.  I'm guessing because configured the CRL/CDP after issuing that cert but I'm not sure.  If anyone has run into a similar experience I would be interested to know why.
    • Marked as answer by T.Weeks Saturday, December 31, 2011 4:15 PM
    Saturday, December 31, 2011 4:15 PM