locked
certified endpoint not applying correct endpoint session RRS feed

  • Question

  • Hi,

    We have a UAG 2010 SP1 server on Windows 2008 R2; an internal PKI (AD integrated Subordinate).

    For the privileged UAG sessions, we would like our machines to be 'certified endpoints'. This is what we have done so far:

    - we have one domain member Windows 7 machine that has been issued a machine certificate from our internal PKI

    - on UAG (domain joined) we have one Portal Trunk, with a few apps (OWA, File Access); trunk settings under Session we have selected: 'Use certified endpoints'

    - Also have created a new ABC Privileged Policy that contains: 'Forefront UAG Components: Certified Endpoint (detected after login)

    - This new ABC Privileged Policy is select under 'Privileged endpoint Policy' in Trunks' endpoint access settings.

    Lastly I followed these steps to create the CTL on UAG: http://social.technet.microsoft.com/wiki/contents/articles/how-to-create-a-certificate-trust-list-in-w2k8-r2-for-use-with-unified-access-gateway.aspx

     Also have rebooted UAG.

    Is there anything else I need to do as UAG Endpoint detection is not picking up on the 'certified endpoint' and not applying the privileged sessions settings?

    thanks,

    SK

    Friday, November 18, 2011 5:06 AM

Answers

  • ok, so the issue was that I was providing the machine certificate, and UAG endpoint expects a user certificate.

    its working a expected now.

    • Edited by D Wind Wednesday, November 23, 2011 3:40 AM
    • Marked as answer by D Wind Wednesday, November 23, 2011 3:40 AM
    Tuesday, November 22, 2011 9:27 PM