none
UAG Activate Configuration - Network Connector could not be configured RRS feed

  • Question

  • Hi,

    after installating MS Updates, we have a Problem with a UAG Server, that we can no longer activate the UAG Configuration. It´s possiblen to enable and disable Direct Access.

    When I try it I receive the following error: The UAG DirectAccess configuration cannot be activated.

    The following things we have already tried:  network connector could not configured

    Eventlog shows: event 136 error occurred while activating the configuration. eventrecord 64072

    The following things have already tried:

    1. Checked the network adapter

    http://social.technet.microsoft.com/wiki/contents/articles/recommended-network-adapter-configuration-for-forefront-tmg-enterprise-edition-servers.aspx

    http://blogs.isaserver.org/shinder/2010/11/22/isa-and-tmg-firewall-network-settings-all-admins-should-know-about/

    2. Delete the old UAG SSL Adapter

    http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/9109bf60-2c7f-4c87-8aa0-bfbda309b71b

    3. Delete all IPv6 Interfaces und restart the Server and Reconfigure the IPDoS Protection,
        so that tha DA Mon is healthy.

    http://donnystyle.wordpress.com/2011/08/10/troubleshooting-directaccess-%E2%80%93-teredo-serverrelay-not-healthy-uag/

    http://blogs.technet.com/b/edgeaccessblog/archive/2011/12/15/the-uag-directaccess-web-monitor-shows-network-security-as-not-healthy.aspx

    4. Disable the DirectAccess configuration. Activate UAG = Error Message

    5. GPUpdate /force

    6. The logfile \programdata\microsoft\uag\...

    Monitor Information: 0 : LSH-VPN1
        DateTime=2012-10-16T13:52:08.6569766Z
    Monitor Information: 0 : Under pending activation. Just print one line msg
        DateTime=2012-10-16T13:52:08.6579767Z
    Monitor Information: 0 : Start ShowData
        DateTime=2012-10-16T13:52:28.6659773Z
    Monitor Information: 0 : Fetch.
        DateTime=2012-10-16T13:52:28.6659773Z
    Monitor Information: 0 : On ClusterActivationResults
        DateTime=2012-10-16T13:52:28.6659773Z
    Monitor Information: 0 : Get Containing Array
        DateTime=2012-10-16T13:52:28.6829790Z
    Monitor Information: 0 : Attempting to fetch: Node activation Guid VPS
        DateTime=2012-10-16T13:52:28.6909798Z
    Monitor Information: 0 : Current activation Guid in array: 1E901E3577C04DFAA93310EEB1953484
        DateTime=2012-10-16T13:52:28.8659973Z
    Monitor Information: 0 : Current AMS: LSH-VPN1
        DateTime=2012-10-16T13:52:28.8739981Z
    Monitor Information: 0 : Proccess memeber: LSH-VPN1
        DateTime=2012-10-16T13:52:28.8809988Z
    Monitor Information: 0 : Current activation Guid on the member: A99B52EEE7F94CE7BA7ABFFCFD63F078
        DateTime=2012-10-16T13:52:28.8879995Z
    Monitor Information: 0 : Failed extract messages: System.IO.FileNotFoundException: The system cannot find the file specified.

    The error occurred on object 'LSH-VPN1' of class 'Server' in the scope of array 'LSH-VPN1'.

       at Microsoft.Isa.Interop.FPCVendorParametersSetClass.get_Value(String Name)
       at Microsoft.UAG.ActiveView.Core.ClusterActivationResults.Fetch(Boolean filterOutDebuggingMessages)
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : We in progress for 4 minutes on server LSH-VPN1
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : Memebr LSH-VPN1 added to collection with status: InProgress
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : Nodes fetched. Show nodes on tree
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : Start ShowStationMsg
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : LSH-VPN1
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : Under pending activation. Just print one line msg
        DateTime=2012-10-16T13:52:28.8889996Z
    Monitor Information: 0 : Start ShowStationMsg
        DateTime=2012-10-16T13:52:28.8899997Z
    Monitor Information: 0 : LSH-VPN1
        DateTime=2012-10-16T13:52:28.8899997Z
    Monitor Information: 0 : Under pending activation. Just print one line msg
        DateTime=2012-10-16T13:52:28.8899997Z
    Monitor Information: 0 : Start ShowData
        DateTime=2012-10-16T13:52:48.8950000Z
    Monitor Information: 0 : Fetch.
        DateTime=2012-10-16T13:52:48.8950000Z
    Monitor Information: 0 : On ClusterActivationResults
        DateTime=2012-10-16T13:52:48.8950000Z
    Monitor Information: 0 : Get Containing Array
        DateTime=2012-10-16T13:52:48.9130018Z
    Monitor Information: 0 : Attempting to fetch: Node activation Guid VPS
        DateTime=2012-10-16T13:52:48.9210026Z
    Monitor Information: 0 : Current activation Guid in array: A99B52EEE7F94CE7BA7ABFFCFD63F078
        DateTime=2012-10-16T13:52:49.1050210Z
    Monitor Information: 0 : Current AMS: LSH-VPN1
        DateTime=2012-10-16T13:52:49.1050210Z
    Monitor Information: 0 : Proccess memeber: LSH-VPN1
        DateTime=2012-10-16T13:52:49.1110216Z
    Monitor Information: 0 : Current activation Guid on the member: A99B52EEE7F94CE7BA7ABFFCFD63F078
        DateTime=2012-10-16T13:52:49.1190224Z
    Monitor Information: 0 : (Loaded XML)
        DateTime=2012-10-16T13:52:49.1190224Z
    Monitor Information: 0 : Current Message GUID: A99B52EEE7F94CE7BA7ABFFCFD63F078
        DateTime=2012-10-16T13:52:49.1190224Z
    Monitor Information: 0 : Featch messages done
        DateTime=2012-10-16T13:52:49.1200225Z
    Monitor Information: 0 : Memebr LSH-VPN1 added to collection with status: Failed
        DateTime=2012-10-16T13:52:49.1200225Z
    Monitor Information: 0 : Nodes fetched. Show nodes on tree
        DateTime=2012-10-16T13:52:49.1200225Z
    Monitor Information: 0 : Start ShowStationMsg

    Does anyone knows the solution of the following thead?

    http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/fd113a50-01ad-4603-949d-bfcccf06fe37

    Is it helpful to do the following?

    http://forums.forefrontsecurity.org/default.aspx?g=posts&t=474

    ore this one?

    http://blogs.isaserver.org/shinder/2010/11/22/isa-and-tmg-firewall-network-settings-all-admins-should-know-about/

    Thanks

    Martin


    Tuesday, October 16, 2012 3:02 PM

All replies

  • Hi Amig@. Are you saying you have Network Connector and DirectAccess in the same box? If so, they are incompatible

    Regards


    // Raúl - I love this game

    Tuesday, October 16, 2012 7:03 PM
  • What does it mean?

    It is not recommended that the customer have vpn and direct access on the same server?

    I`ve disabled SSL Network Tunneling - Remote Cliebnt VPN Access, but the Activation is not possible.

    The error is still there? 


    • Edited by Martin Kamke Wednesday, October 17, 2012 12:48 PM
    Wednesday, October 17, 2012 12:45 PM
  • Hi again. VPN based on SSTP is compatible with DirectAccess but VPN based on Network Connector isn't as stated in the support boundaries http://technet.microsoft.com/en-us/library/ee522953.aspx

    Recheck that the Network Connector service is not enabled (if that was the cause of the error)


    // Raúl - I love this game

    Wednesday, October 17, 2012 2:01 PM
  • Hi,

    that mean that VPN over SSTP, wich is configured in the UAG Console is ok.

    But what means VPN based on Network Connector? Where is it configured?

    I have only a Network Connections Service, wich Service do you mean?

    Thank you for your information.

    Friday, October 19, 2012 8:29 AM
  • Hi,

    this is the legacy network connector from whale times:
    http://technet.microsoft.com/en-us/library/ee809096.aspx


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Friday, October 19, 2012 8:48 AM
  • Hi,

    yes i found this page and

    1. delete the SSL Connector in the Device Manager. ( Because of Problem with Teredo Interace Unhealty Mode)

        Then i got the problem during activation.

    1. disable SSL Network Tunneling over the UAG Admin Console an

    2. disable the VPN Rule in TMG

    Now it work!!!

    Only the Application in the Portal show the warning:

    Remote Network Access application cannot be activated because SSL Network Tunneling was not configured.

    Application Disabled and Direct Access enabled and everything is fine.

    Thank you very much for the fast Support!!!

    So it is not possible to have SSL VPN and DirectAccess on the same server. now i know.

    Friday, October 19, 2012 9:52 AM
  • Hi,

    that mean that VPN over SSTP, wich is configured in the UAG Console is ok.

    But what means VPN based on Network Connector? Where is it configured?

    I have only a Network Connections Service, wich Service do you mean?

    Thank you for your information.

    The Network Connector has two purposes. First it can be used for Windows XP and later. By default Windows XP does not support the SSTP protocol, only PPTP and L2TP/IPSec. The Network Connector also supports spli-tunneling, which can be quit handy.

    The Network Connector works perfectly. But keep in mind you need to install the connector. So it is an additional UAG component.


    Boudewijn Plomp, BPMi Infrastructure & Security

    Friday, October 19, 2012 10:08 AM