Friday, June 15, 2012


I have already written about UAG authentication providers available out-of-the-box (here) and mentioned "WinHTTP" and "Other" options as the way to extend this default functionality. Here's a good example based on a popular configuration for exposing Sharepoint based content to external parties (extranet): UAG + SQL Authentication + Sharepoint FBAThis would basically be a 2 part process, and I found a couple of great blog posts that cover it really well:
  1. Configure UAG for SQL authentication (
    • Define custom authentication provider in UAG (for the SQL/aspnetdb) 
    • Add a custom [repository].inc 
    • Build a custom authentication function (within [repository].inc)
  2. Enable UAG SSO (
    • Extend the Sharepoint site to external Users using ASP.Net Membership
    • Publish the extranet Sharepoint site via the UAG
    • Configure the UAG to work with Sharepoint FBA
Many thanks to Andreas Hecker for putting together these thorough instructions!

Wednesday, June 13, 2012

Problems Accessing UAG Server

Sometimes administrators may find themselves in a situation when they don't seem to be able to access UAG server (via RDP and/or Ping). In most cases the issue is due to either – 1) routing; 2) security restrictions:
  1. UAG [typically] has two interfaces – internal and external, but only one, external, should be configured with the default gateway. This means that for internal interface to be reachable from subnets other than the one it’s on one would need to add persistent static routes using “route add –p [destination network] mask [mask] [gateway]” command. Verify the results using “route print” command.
  2. UAG is a harden network device protected by TMG and as such only allows administrative access from authorized hosts. To see or modify the list of allowed hosts go to TMG Management Console, navigate to Firewall Policy, select Toolbox \ Computer Sets \ Remote Management Computers, double-click to view or edit (modify to suit your needs):