none
Forefront UAG Endpoint Detection - hit and miss

    Question

  • Hi All,

    I've deployed a Forefront UAG Array (2 servers) running TMG SP2 and UAG SP1 Update 1. I have two trunks, one for 3rd party support to access the servers they support, and a user trunk, publishing Remote Desktops and RemoteApps to employees.

    The endpoint access setting have been configured to policy configured to use the expressions 'Any Antivirus' and 'Any Personal Firewall'.

    While for the most part, clients connect without issue, occasionally a client that does meet the requirements will report that it does not meet the requirements. This is providing to be difficult to troubleshoot, as there doesn't appear to be a particular pattern to the occurances, this has occured on Windows XP, Vista and Windows 7 endpoints (all external from the network). 

    For example, using a Windows 7 endpoint, I have successfully browsed to the user trunk (closing the browser each time) four times in row, with the endpoint detection being successfully met. On the 5th and 6th tests, it failed to meet the endpoint requirements, but on the 7th test it again passed the endpoint detection. 

    I've attempted to use Netmon, Fiddler and Httpwatch in addition to TMG logging, but haven't yet been able to pin the cause. Any suggestions or advice? Has anyone else encountered this?

     


    http://chrisocallaghan.blogspot.com/
    Friday, December 16, 2011 12:00 PM

Answers

  • Following raising an incident with Microsoft and some indepth investigating, they identified this was due to our networking, not UAG itself. The issue was resolved by disabling TCP Offloading on the NICs and by doing the following:

    Run a command prompt with administrator rights. Entering the following commands one at a time, after each input the displays as 'OK'

    NETSH INT TCP SET GLOBAL CHIMNEY=DISABLED

    NETSH INT IP SET GLOBAL TASKOFFLOAD=DISABLED

    NETSH INT TCP SET GLOBAL RSS=DISABLED

    Restarting the servers.

    After completing this we noticed an immediate improvement in loading times, and the endpoint detection no longer intermittently fails. 

    A big thank you to Ophir for all his help on this matter.


    http://chrisocallaghan.blogspot.com/


    Thursday, February 9, 2012 1:28 PM

All replies

  • Following raising an incident with Microsoft and some indepth investigating, they identified this was due to our networking, not UAG itself. The issue was resolved by disabling TCP Offloading on the NICs and by doing the following:

    Run a command prompt with administrator rights. Entering the following commands one at a time, after each input the displays as 'OK'

    NETSH INT TCP SET GLOBAL CHIMNEY=DISABLED

    NETSH INT IP SET GLOBAL TASKOFFLOAD=DISABLED

    NETSH INT TCP SET GLOBAL RSS=DISABLED

    Restarting the servers.

    After completing this we noticed an immediate improvement in loading times, and the endpoint detection no longer intermittently fails. 

    A big thank you to Ophir for all his help on this matter.


    http://chrisocallaghan.blogspot.com/


    Thursday, February 9, 2012 1:28 PM
  • Hi Chris,

         Thanks for sharing this answer as it is useful to know 'funnies' like this one!

    Thanks,

    James.

    Tuesday, March 13, 2012 2:24 PM