Forefront UAG 2010 Video Training Course Now Available

I’m happy to announce that my latest Trainsignal video training course is now available! This new video training course is on Forefront Unified Access Gateway (UAG) 2010. It is an introductory course on Forefront UAG designed to teach network engineers and security administrators the basic essentials of planning, preparing, installing, configuring, monitoring, and maintain a Forefront UAG 2010 remote access solution. In the course I demonstrate how to publish popular Microsoft on-premises applications like SharePoint and Exchange Outlook Web App (OWA). In addition I cover publishing Remote Desktop Services and VPN remote access. I also provide a high level explanation of endpoint detection and endpoint policy enforcement and demonstrate how to provide high availability for the solution. Here is the entire course outline:

Lesson 1 – Introduction and Course Outline
Lesson 2 – Forefront UAG 2010 Overview
Lesson 3 – Planning to Deploy Forefront UAG 2010
Lesson 4 – Installing and Configuring Forefront UAG 2010
Lesson 5 – Configuring a Portal
Lesson 6 – Publishing Exchange Outlook Web App
Lesson 7 – Publishing SharePoint
Lesson 8 – Publishing Remote Desktop Services
Lesson 9 – Configuring VPN Remote Access
Lesson 10 – Enabling Endpoint Detection
Lesson 11 – Configuring High Availability
Lesson 12 – Web Monitor Overview
Lesson 13 – Forefront UAG Backups

Once again I had the opportunity to work with my good friend and fellow Microsoft MVP Jordan Krause on this course. As he did in my previous Trainsignal video training course on Windows Server 2012 DirectAccess, Jordan served as the technical reviewer and provided valuable insight that ultimately made the course better. If you’re planning to implement Forefront UAG 2010 to provide secure remote access to both managed and non-managed systems and devices, be sure to sign up for a subscription at Trainsignal.com today! Not only will you have access to this video training course on Forefront UAG 2010, you will gain access to the entire Trainsignal library of content, including my course on Windows Server 2012 DirectAccess, all for just $49.00 per month!

TrainSignal Windows Server 2012 DirectAcess Video Training Course

Forefront UAG 2010 Service Pack 3 Hotfix Rollup 1 Now Available

Hotfix rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 3 is now available for download. Hotfix rollup 1 for Forefront UAG SP3 addresses the following issues:

KB2810229 – You cannot redirect local computer resources in remote desktop session after you disable the client endpoint components in Forefront UAG 2010 SP3

KB2831570 The URL you requested cannot be accessed error message may be returned when a client sends an HTTP POST request to a portal in Forefront UAG 2010 SP3

KB2831573 – Traffic is not forwarded or you receive an error message about ADVAPI32.dll when you use a Windows XP client to start an application from a Forefront UAG 2010 SP3 portal

KB2831865 – The endpoint policy expression Any Personal Firewall (Windows) is incorrect for Windows 7 and Windows 8 in Forefront UAG 2010 SP3

KB2831868 – Endpoint policies for existing trunks are not updated after you install service pack 3 for Forefront UAG 2010

KB2832679 – You receive a 500 Internal Server error when you run the File Access application from the Forefront UAG 2010 SP3 portal trunk

KB2832681 – You receive a script error that prevents file access configuration in the Management Console in Forefront UAG 2010 SP3

KB2832685 – The Forefront UAG 2010 portal may intermittently become unresponsive to clients after Service Pack 2 is installed

You can download hotfix rollup 1 for Forefront UAG 2010 SP3 here. After installation the Forefront UAG 2010 build number will be 4.0.3206.10100.

Forefront UAG 2010 DirectAccess Clients and Repeated OTP Prompts

In a very specific DirectAccess deployment scenario it is possible that users may be prompted repeatedly for One-Time Password (OTP) credentials. Specifically this may occur when you have Windows 7 clients accessing a Forefront UAG 2010 DirectAccess server with two-factor authentication enabled with OTP, along with forced tunneling required and the client configured to use a corporate web proxy server. The root cause of the issue has to do with Network Connectivity Status Indicator (NCSI) probes and security permissions on the private key of the certificate used for OTP authentication. To resolve the issue will require creating a custom certificate template for use with two-factor authentication and setting key permissions for the NETWORK SERVICE on the certificate template. You can also workaround this issue by disabling forced tunneling or disabling the 6to4 and Teredo adapters, which will stop the NCSI probes from occurring. For more detailed information read Microsoft KB article 2797301.