With the recent release of Service Pack 3 (SP3) for Microsoft Forefront Unified Access Gateway (UAG) 2010, Microsoft has published a list of features in UAG SP3 that have been deprecated. To be clear, this does not mean these features cease to function after you install SP3 on UAG! It is simply meant to give network engineers and security administrators an idea about what features are likely to be removed from future releases of Forefront UAG. Some of the deprecated features should come as no surprise. For example, DirectAccess support in Forefront UAG is now deprecated in favor of DirectAccess in Windows Server 2012. Also, features such as Secure Sockets Tunneling Protocol (SSTP) for client-based remote access are better handled using the remote access role in Windows Server 2012. Other deprecated features may present more of a challenge if you’ve been relying on them to provide secure remote access to applications, such as the deprecation of support for some authentication repositories (e.g. Novell Directory, Notes Directory, TACACS) or the Java-based Session Cleanup tool. For a complete list of deprecated features in Forefront UAG SP3, click here.
Awards
Pluralsight
Consulting
Newsletter
- 6to4
- AADJ
- Absolute
- Absolute Secure Access
- Absolute Software
- Active Directory
- Active Directory Certificate Services
- AD CS
- ADC
- Admin Center
- administration
- Always On VPN
- Always On VPN Book
- Always On VPN DPC
- AMA
- Amazon EC2
- Amazon Web Services
- AOVPN
- AOVPN Book
- AovpnDPC
- application delivery controller
- Application Filter
- authentication
- AWS
- Azure
- Azure Active Directory
- Azure AD
- Azure AD Join
- Azure App Proxy
- Azure Application Gateway
- Azure Application Proxy
- Azure Conditional Access
- Azure Load Balancer
- Azure MF
- Azure MFA
- Azure Traffic Manager
- Azure Virtual WAN
- Azure VPN
- Azure VPN Gateway
- BIG-IP
- Certificate Connector for Intune
- Certificate Services
- certificates
- Cisco
- Cisco Umbrella
- Cisco Umbrella Roaming Client
- Citrix ADC
- cloud
- Cloud Service
- Cloudflare
- Compliance
- Conditional Access
- Consulting Services
- Cryptography
- CVE
- Deployment
- Device Management
- device tunnel
- DirectAccess
- DirectAccess Book
- DirectAccess Deprecated
- DirectAccess End of Life
- DirectAccess EOL
- DNS
- DNS Policies
- DPC
- Dynamic Profile Configurator
- EAP
- EC2
- ECC
- education
- Elliptic Curve Cryptography
- encapsulation
- Encryption
- end of life
- Endpoint Manager
- Enterprise
- enterprise mobility
- Entra
- Entra ID
- Entra Internet Access
- Entra Private Access
- EOL
- extensible authentication protocol
- F5
- force tunnel
- force tunneling
- Forefront TMG 2010
- Forefront UAG 2010
- General
- Geographic Redundnacy
- GitHub
- Group Policy
- HAADJ
- High Availability
- Hotfix
- Hybrid Azure AD Join
- IKEv2
- iManage
- Important Links
- Infrastructure
- InTune
- Intune Certificate Connector
- Intune PFX Connector
- IP-HTTPS
- IPv6
- IPv6 Transition
- ISATAP
- Kemp
- learning
- Load Balancing
- LoadMaster
- local traffic manager
- LTM
- Manage Out
- MDM
- MEM
- MEMCM
- MFA
- Microsoft
- Microsoft Endpoint Manager
- Microsoft Entra
- Microsoft Entra ID
- Microsoft Entra Internet Access
- Microsoft Entra Private Access
- Microsoft Intune
- Mobile Device Management
- Mobility
- Multifactor Authentiction
- multisite
- MVP
- NAC
- Name Resolution
- name resolution policy table
- NAP
- NCA
- NCSI
- NDES
- NetMotion
- NetMotion Mobility
- NetMotion Software
- Netscaler
- Network Access Control
- network connectivity assistant
- network connectivity status indicator
- Network Device Enrollment Service
- Network Device Enrollment Services
- network policy server
- nmap
- NPS
- NRPT
- Offline Domain Join
- OMA-DM
- OMA-URI
- OpenDNS
- OpenSSL
- OpenVPN
- Operational Support
- OTP
- PEAP
- PFX Connector
- PKCS
- PKI
- Pluralsight
- PointSharp
- PowerShell
- Professional Services
- ProfileXML
- Protected EAP
- Proxy
- Proxy Server
- public cloud
- public key infrastructure
- Quad9
- Recommended Reading
- Remote Access
- Remote Administration
- reporting
- routing
- routing and remote access service
- RRAS
- RSAT
- SASE
- SCCM
- SCEP
- Secure Access Service Edge
- Secure Service Edge
- Secure Socket Tunneling Protocol
- Secure Web Gateway
- Security
- Security Update
- Server Core
- Simple Certificate Enrollment Protocol
- Split DNS
- split tunnel
- split tunneling
- SSE
- SSL
- SSL and TLS
- SSTP
- Surface Pro
- Surface Pro 4
- SWG
- System Center 2012
- System Center Configuration Manager
- systems management
- Teredo
- TLS
- TLS 1.3
- TND
- TPM
- Traffic Filter
- Training
- transition technology
- Transport Layer Security
- troubleshooting
- Trusted Network Detection
- Trusted Platform Module
- Uncategorized
- Update
- user tunnel
- video
- Visual Studio
- Visual Studio Code
- VPN
- VPN Proxy
- VS Code
- Vulnerability
- Web Application Proxy
- Web Proxy
- Web Proxy Server
- webinar
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows 8.1
- Windows Admin Center
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Workshop
- WorkSite
- XML
- Zero Trust
- Zero Trust Network Access
- Zscaler
- ZTNA
Features Deprecated in Forefront UAG Service Pack 3
Posted by Richard M. Hicks on February 26, 2013
https://directaccess.richardhicks.com/2013/02/26/features-deprecated-in-forefront-uag-service-pack-3/
DirectAccess Clients and TPM
Always On VPN Book
DirectAccess Book
Always On VPN DPC
-
Recent Posts
Resources
- About Me
- Absolute Secure Access
- Absolute Secure Access Enterprise VPN
- Absolute Secure Access Purpose-Built Enterprise VPN Advanced Features In Depth
- Absolute Secure Access Zero Trust Network Access
- Absolute Secure Access ZTNA
- Always On VPN
- Always On VPN and Multifactor Authentication
- Always On VPN Book
- Always On VPN DPC
- Always On VPN DPC Advanced Features
- Always On VPN DPC with Intune
- Always On VPN Training
- Choosing an Enterprise VPN
- Citrix NetScaler ADC Load Balancing
- Consulting
- Consulting Services
- Contact
- Digital Certificates and TPM
- DirectAccess
- DirectAccess Consulting and Troubleshooting Services
- DirectAccess Consulting Services
- DirectAccess End of Life (EOL)
- DirectAccess is now Always On VPN
- DirectAccess Training
- Drawbacks of Multifactor Authentication
- Enterprise Mobility
- Enterprise PKI
- Enterprise VPN
- F5-BIG-IP Load Balancing
- How Do VPNs Protect You From Cyber Threats?
- Implementing Always On VPN
- Implementing DirectAccess with Windows Server 2016
- IPv6
- Kemp LoadMaster Load Balancing
- Multifactor Authentication (MFA)
- NetMotion Mobility
- NetMotion Mobility Enterprise VPN
- NetMotion Mobility Purpose-Built Enterprise VPN
- NetMotion Mobility Purpose-Built Enterprise VPN Advanced Features In Depth
- Network Security and Virtual Private Networks (VPNs)
- Newsletter
- Richard M. Hicks Consulting Named in Enterprise Networking Magazine’s Top 10 VPN Consulting Services for 2020
- Secure Access Service Edge (SASE)
- Secure Service Edge (SSE)
- Security Service Edge (SSE)
- SSE vs. SASE
- Training
- Virtual Private Network (VPN)
- Virtual Private Networking (VPN) and the Cloud
- What is a VPN?
- What Is Always On VPN
- What's The Difference Between SSE and SASE?
- Zero Trust
- Zero Trust Network Access (ZTNA)
- ZTNA
Always On VPN Resources
DirectAccess Resources
Active Directory ADC Always On VPN AOVPN application delivery controller authentication Azure book bug CA certificate certificates Certification Authority cloud configuration device tunnel DirectAccess DNS education encryption endpoint manager enterprise mobility error F5 firewall Forefront Forefront UAG Forefront UAG 2010 GPO group policy high availability hotfix IKEv2 Important Links InTune IP-HTTPS IPsec IPv6 IPv6 transition technology Kemp learning load balancer load balancing LoadMaster management Manage Out MDM MEM Microsoft Microsoft Endpoint Manager Microsoft Intune Mobility multisite NetMotion NetMotion Mobility Networking network load balancing network location server network policy server NLB NLS NPS NRPT OTP performance PKI PowerShell ProfileXML public cloud RasClient redundancy Remote Access routing and remote access service RRAS scalability SCCM security Server 2012 SSL SSTP System Center Configuration Manager TLS training troubleshooting UAG update user tunnel VPN Windows Windows 7 Windows 8 Windows 10 Windows 11 Windows Server Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Windows Server 2022 XML
JohnS
/ February 26, 2013I half-way expected (and in some ways wished) Lync to be listed on there based on the supremely poor and extremely delayed support for the product.
Most of the changes were not eye raising with the following exception:
“The Java-based Session Cleanup component works only on non-Internet Explorer browsers. Instead use Internet Explorer with the ActiveX-based Session Cleanup component. See Introduction to endpoint component deployment design.”
I am not sure that I can realistically force coworkers or clients to use IE, because the development team decided it was imprudent to have a cleanup component
Richard Hicks
/ March 8, 2013No such luck! Perhaps the Lync experience will be improved in v.Next? Let’s hope so. 🙂 Regarding the deprecation of support for Java-based session cleanup, this is purely an effort to limit the focus of the product and make it easier to support. Obviously this will ruffle some feathers as there are many users who prefer to use a browser other than Internet Explorer. Not the best solution in the world, but you have to remember that Microsoft isn’t necessarily competing with other solutions in this space. They are merely trying to provide a solution for very specific customers – those that are heavily invested and closely aligned with Microsoft.
Ian
/ March 8, 2013Hi Richard
We have some customers who now want to upgrade to SP3 for Win 8 support mainly. However some UAG installs also co-exist with DA. As this is now classed as depracted does this mean MS will not support any issues that occur if they have upgraded to SP3?.
Thanks
Richard Hicks
/ March 11, 2013Installing SP3 on Forefront UAG 2010 configured as a DirectAccess server will not cause any issues at all. SP3 will not change any functionality with UAG whatsoever, in fact. The deprecated features list is simply there to provide us with an idea of what Microsoft has planned for the UAG v.Next. If you’re using UAG for DirectAccess today, you can continue to do so. However, future versions of UAG are not likely to support DirectAccess, so Microsoft is giving us some advanced warning so we can plan ahead for this. 🙂