Description

When activating your Forefront UAG configuration when using AD FS 2.0 you might see the following message

"The AD FS 2.0 application 'application_name' in trunk 'trunk_name' is not configured to allow unauthenticated access. This is required when using federated trunk authentication."

Cause

This message appears when you activate the configuration if you manually publish or modify an AD FS 2.0 application that you are using for trunk authentication and you disable unauthenticated access to the AD FS 2.0 server.

Note: If you use AD FS 2.0 for trunk authentication, you must allow unauthenticated access to the AD FS 2.0 application.

Solution

To allow unauthenticated access to the AD FS 2.0 application:

  1. In the Forefront UAG Management console, click the trunk through which the AD FS 2.0 application is published. In the Applications list, click the AD FS 2.0 application, and then click Edit.
  2. On the Application Properties dialog box, click the Authentication tab, and then select the Allow unauthenticated access to web server check box.
  3. Click OK and then activate the configuration.