Posts

Showing posts from June, 2012

UAG, SQL, FBA

I have already written about UAG authentication providers available out-of-the-box (here) and mentioned "WinHTTP" and "Other" options as the way to extend this default functionality. Here's a good example based on a popular configuration for exposing Sharepoint based content to external parties (extranet): UAG + SQL Authentication + Sharepoint FBA. This would basically be a 2 part process, and I found a couple of great blog posts that cover it really well:
Configure UAG for SQL authentication (http://bit.ly/L1Gizs):Define custom authentication provider in UAG (for the SQL/aspnetdb) Add a custom [repository].inc Build a custom authentication function (within [repository].inc)Enable UAG SSO (http://bit.ly/MYrgZQ):Extend the Sharepoint site to external Users using ASP.Net MembershipPublish the extranet Sharepoint site via the UAGConfigure the UAG to work with Sharepoint FBAMany thanks to Andreas Heckerfor putting together these thorough instructions!

Problems Accessing UAG Server

Image
Sometimes administrators may find themselves in a situation when they don't seem to be able to access UAG server (via RDP and/or Ping). In most cases the issue is due to either – 1) routing; 2) security restrictions:
UAG [typically] has two interfaces – internal and external, but only one, external, should be configured with the default gateway. This means that for internal interface to be reachable from subnets other than the one it’s on one would need to add persistent static routes using “route add –p [destination network] mask [mask] [gateway]” command. Verify the results using “route print” command.UAG is a harden network device protected by TMG and as such only allows administrative access from authorized hosts. To see or modify the list of allowed hosts go to TMG Management Console, navigate to Firewall Policy, select Toolbox \ Computer Sets \ Remote Management Computers, double-click to view or edit (modify to suit your needs):