locked
Your device does not meet access policy requirements for this site. RRS feed

  • Question

  • I have deployed (and redeployed from scratch) UAG 2010 with SP1 w/update one and rollup 1.

    I have a portal setup as the only app right now, and I integrated our NPS server with UAG to check the endpoints for compliance before getting to the login screen. The health policy which is assigned to the UAG server is the same exact policy I have for our SSL VPN clients which works perfectly fine. I have verified by using the same laptop for both the SSL VPN connection and trying to get to the UAG portal.

    The UAG server is going through the same firewall on the same network using the same ip scheme as the SSL VPN server.

    I have went through all the basics, even opened a ticket with Microsoft and they have been no help whatsoever, they have just suggested I recheck the polices based on their technet article which is how I setup the UAG server with NPS in the first place.

    All I know is that the UAG site checks the laptop (which works with the VPN SSL NAP) and comes back saying: "Your device does not meet access policy requirements for this site."

    I know this could be a million different things, so my question is this:

    Is there some type of logging I can turn on for the client side AND the server side so I can look through the logs and see what exactly the server/client thinks is failing so I can rectify it?

    Any type of logging will help me since the error I am getting back is useless and my NPS server/UAG server shows no error messages or denied logon messages. The NPS event log shows nothing but my UAG server contacting it every 10 seconds, it never shows a fail for anything. Same with the UAG server, I do not see any messages in the event log, the only error I see is in the web monitor telling me that the client does not meet the P__HYBRID security policy...which means nothing to me.

    So any logging will help!!!

    Thank you for your time!

    Friday, July 20, 2012 5:22 PM

Answers

  • I opened a ticket with Microsoft and after weeks of troubleshooting they could not find an issue either.  After many nights of packet traces and configuration settings, I have just gave up and will be using an SSL VPN.  Thanks to everyone that viewed.
    • Marked as answer by SouthernWinds Tuesday, August 7, 2012 6:51 PM
    Tuesday, August 7, 2012 6:50 PM