Cause—On Forefront UAG activation, a timeout occurred and the IP-HTTPS interface could not be enabled.

Warning: Serious problems may occur if you modify the registry incorrectly using the Registry Editor or another method. These problems may require that you reinstall your operating system. Modify the registry at your own risk.

Solution 1— Ensure that IPv6 components are fully enabled as follows:

  1. At an elevated command prompt, type reg query HKLM\SYSTEM\CurrentControlSet\Services\tcpip6\Parameters /v DisabledComponents.
    If the DisabledComponents registry value is not present, the command displays ERROR: The system was unable to find the specified registry key or value. In such a case, IPv6 components are enabled.
  2. If the DisabledComponents registry value is present, the command displays its value. If DisabledComponents is present and it is not 0, change it to 0.
  3. Restart the Forefront UAG server.
  4. At an elevated command prompt, type Netsh interface httpstunnel show interfaces to show the current state of the IP-HTTPS interface. The Interface Status should be IPHTTPS interface active. If the IPHTTPS interface is not active, use the interface status to troubleshoot further.
  5. Reactivate Forefront UAG.

Solution 2— Manually enable the IP-HTTPS network interface as follows:

  1. At an elevated command prompt, type netsh interface httpstunnel set interface https://SubjectFieldIP-HTTPSCertificate:443/IPHTTPS, where SubjectFieldIP-HTTPSCertificate is the subject of the IP-HTTPS certificate chosen for IP-HTTPS connections in the Forefront UAG DirectAccess Configuration Wizard.
  2. When the interface is enabled, reactivate Forefront UAG.

Solution 3— Ensure that the name of the IP-HTTPS interface is correct:

In pre-SP1 versions of Forefront UAG, when IP-HTTPS role is configured as client, for example if the client GPO was applied on the Forefront UAG DirectAccess server before activation, it creates an IP-HTTPS interface called iphttpsinterface (Note the interface name is all in lower case). When the IP-HTTPS role is configured as server, it creates an IP-HTTPS interface named IPHTTPSinterface.

Forefront UAG DirectAccess configures the IP-HTTPS role as server, and on activation it looks for an IP-HTTPS interface called IPHTTPSinterface (Note that IPHTTPS is in upper case), which it cannot find because the IP-HTTPS role is already configured as client with an IP-HTTPS interface called iphttpsinterface.

This can be corrected as follows:

  1. In the registry, change every occurrence of the string iphttpsinterface to IPHTTPSinterface (Note the capitalization).
  2. Reactivate Forefront UAG.


  1. The registry editor ignores changes of capitalization. To overcome this, change the name of the iphttpsinterface to something else, for example to iphttpsinterfacezz, and then rename it to IPHTTPSinterface.
  2. Some keys have permissions for the SYSTEM account only. To modify them, you have to take ownership of the registry key. For more information, see