none
UAG with DA - Show Active Directaccess Connections RRS feed

  • Question

  • maybe a very stupid one, but i wonder how to list the active directaccess tunnels on my uag machine. can anyone point me to the right direction?

    best regards,
    Jörg

    Saturday, January 9, 2010 1:01 PM

Answers

All replies

  • Hi,

    You can view the Main Mode Security Associations(created per tunnel) either via the "Windows Firewall With Advanced Security" > "Monitoring" > "Security Associations" > "Main Mode"
    or
    "netsh advfirewall monitor show mmsa"
    on the UAGDA server.

    Notice that every client machine will have an NTLM(first tunnel) if it is connected to internet, and a Kerberos(second tunnel) when user is logged on.

    Max.
    Sunday, January 10, 2010 6:27 AM
  • and thanks again ;-)
    best regards
    Joerg

    Sunday, January 10, 2010 9:33 AM
  • Hi there again,

    i checked everything successfully but there is one question left here. With the main mode connections in the AdvFirewall or with the show mmsa i am able to see the computer which is logged on via DirectAccess. But I was not able to find out the USER which is logged on. Is there some poosibility to also show the logged on USER?

    best regards,
    Joerg

    Monday, January 11, 2010 12:17 PM
  • no-one any idea? come on, this has to be possible somehow ;-)

    best regards
    Joerg

    Tuesday, January 12, 2010 10:10 AM
  • Once the user logs in and does user initiated traffic, you should see the user name in the mmsa.

    for further user monitoring see: http://technet.microsoft.com/en-us/library/ee690458.aspx
    • Marked as answer by Erez Benari Tuesday, January 12, 2010 8:06 PM
    Tuesday, January 12, 2010 1:53 PM
  • yep. worked. as soon as i start sending something, it shows the username.

    best regards
    Joerg
    Tuesday, January 12, 2010 8:09 PM
  • Link is no longer valid
    Wednesday, May 11, 2011 4:43 PM
  • Unless you really want information about the IPsec tunnels themselves, there is a nicer interface to look at that tells you who is connected and over what transition technology. Open up the "Forefront UAG Web Monitor" from the start menu and click on the "Active Sessions" link under the "DirectAccess Monitor" heading.

    Wednesday, May 11, 2011 5:28 PM