Manual add of Shares to Microsoft UAG File Access

Microsoft UAG 2010 File Access is a nice feature to securely publish your internal shares on your UAG Portal for Internet users. To successfully publish your shares on UAG portal and for the File access to work, it requires the following:

1. NETBIOS should be enabled, Ports 137-139 should be open and not blocked by any internal Firewall
2. Port 445 for SMB should be open so UAG server can access/Locate the shares.
3. On the UAG NIC facing the internal Network as well as on your Domain Controllers NICs, make sure to enable the NETBIOS Over TCP from the NIC advanced properties (WINS Tab).
4. The File servers should have the Turn On discovery feature enabled (check attached) from the Network card advanced sharing options. By design it will turn off automatically unless you started several services as SSDP and UPnP services, please check this thread for more information http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2networking/thread/17e7b386-53ea-411c-8d90-cf4a6229ba27

Sometimes its hard to configure all these settings or maybe its restricted by your network policy. To manually add a network share or even DFS share to your UAG file access you need to modify the ShareAccessCfg.xml (This is the core file for the File Access Application). This file is located under ..\Microsoft Forefront Unified Access Gateway\von\FileAccess

The ShareAccessCfg.xml file can be edited easily using a notepad or any Free XML Editor, one editor that i use frequently is the Microsoft XML Notepad 2007 http://www.microsoft.com/en-us/download/details.aspx?id=7973

To manually add a server or Share you need to add them under the Server section or Share section as shown below

   <servers>

<server name="Domain\Server1" marked="1" provider="MS"/>

</servers>

<shares>

<share name="Domain\Server1\Share_name" marked="1" provider="MS"/>

</shares>

After changing and saving the ShareAccessCfg.xml, make sure of the following:

1. Restart Microsoft Forefront UAG File Sharing Service
2. Open the Application from the UAG Console - Admin - File Access and make sure to hit Apply on each item (Domain, Server and Share)
3. Activate UAG

Read More

DHCP Superscope Keeps reverting back after Deletion

I passed by this experience after the deletion of a DHCP superscope where the Superscope reverts back after the DHCP server is rebooted or after the restart of the DHCP service. To properly remove a DHCP Superscope, you can perform any of the following methods:

1.      Right click on the Superscope and click delete. It’s safe and won't have any impact on the Sub-scopes under this DHCP superscope. In fact you will receive a message that confirms the deletion without impacting or deleting any child scopes as per attached below.

2.      One other way is to deactivate the sub-scopes (under your DHCP Superscope), move these scopes and then activate them. After all sub-scopes are moved, the DHCP superscope was removed/deleted automatically.

DHCP Technical Documentation:

• How DHCP Technology Works:  http://technet.microsoft.com/en-us/library/cc780760(WS.10).aspx 
• DHCP Superscopes: http://technet.microsoft.com/en-us/library/cc757614%28v=WS.10%29.aspx

Read More

SQL 2012 Protection with DPM 2012 RTM fails immediately after the job starts

I passed by this experience when i was setting a new protection group using DPM 2012 for the latest SQL database server 2012. As per Microsoft System Center 2012 - Data Protection Manager Release Notes http://technet.microsoft.com/en-us/library/hh848297.aspx DPM 2012 should backup and recover SQL 2012 Databases except if the AlwaysOn feature is enabled. The AlwaysOn feature is not supported under the current DPM 2012 RTM but expected to be fully supported with the release of the System Center 2012 SP1 (expected in the next few weeks).

Although my SQL 2012 DB AlwaysOn feature wasn't enabled the DPM job always fails immediately after it starts, Consistency check also didn't work as well. After some investigation and several trials it turns out that the NT AUTHORITY\SYSTEM account on the SQL server needs to have Sysadmin role/right

Briefly, To backup and recover SQL 2012 workload under DPM 2012 RTM

1. Make sure the AlwaysOn feature is not enabled (Currently DPM 2012 RTM doesn't support it)
2. Grant the SQL NT AUTHORITY\SYSTEM account SysAdmin Right.
3. Remove the Protection group and add it again after applying the above changes.

Read More

DNS64 Not Healthy after Applying UAG SP2

For those who missed the latest news on UAG, Microsoft released UAG SP2 early this month. For what is new in Microsoft UAG SP2 please check the following link:

http://technet.microsoft.com/library/jj590875

http://support.microsoft.com/kb/2710791

To Download Microsoft UAG SP2, please follow this link:

http://www.microsoft.com/en-us/download/details.aspx?id=30459

Everything went fine while downloading and updating UAG server with the latest SP2, After reboot i noticed that the DNS64 shows Not healthy under the DirectAccess Monitor/Current Status. This is the same behavior that i faced while installing update 1 Rollup 1 early this year and the workaround to fix it was to disable/enable Direct Access from the UAG 2010 console. For detailed steps please check my earlier link:

http://itcalls.blogspot.com/2012/01/dns64-unhealthy-after-applying-uag-sp1.html

Read More

Windows 8 and Server 2012 RTM available for Software Assurance Customers

Yesterday August 16, 2012 Windows 8 and Server 2012 RTM versions became available for all Software Assurance Customers

Everyone is talking about Windows 8 and how it will change the world again with the new Microsoft Ecosystem and Cloud support. I would encourage everyone to get their hands on the new Windows 8 and start testing the new features and enhancements promised by Microsoft.

Windows 8 New Features:

http://technet.microsoft.com/en-us/windows/explore-windows-8.aspx

Windows 8 different milestones and release dates for different programs:

http://windowsteamblog.com/windows/b/bloggingwindows/archive/2012/08/01/windows-8-has-reached-the-rtm-milestone.aspx

Read More

Microsoft UAG DirectAccess Clients Cannot Reach and Ping your Partner/Newly Acquired Company Network

Its quite often that many corporations acquire a new company or merge with another company with different domain name, subnets................etc. DirectAccess clients in one company cannot reach or ping the different resources, servers, routers..........etc in the other side (acquired/partner company). This can be solved by modifying your DNS infrastructure and UAG DirectAccess Settings as per the following steps:

1. Configure the UAG server to have an IPV4 route to the new acquired network(s). 
2. Make sure that the new acquired Network(s) are added to the UAG internal Networks. This can be done from the UAG Admin Menu – Network Interfaces – Define Internal network IP address range.
3. The DNS servers used by the UAG and DirectAccess clients should be configured to resolve the acquired/Partner Domain either by having their DNS zone or by using conditional Forwarders.
4. Configure your DirectAccess clients to use a DNS suffix search list. This list should include their current original company domain and the newly acquired domain. You may want to test it manually to ensure its working however its preferred to be done on the UAG DirectAcccess clients OU using Group policy as per attached.

5. Microsoft UAG need to be configured to ensure that the client’s NRPT (Name Resolution Policy Table) instructs the client to contact UAG for name resolution of the acquired domain. This will be done from the DirectAccess UAG configuration Step 3 (Infrastructure Servers – DNS Suffixes) as shown below

6. Apply the new config/policy and Activate the UAG.
7. Finally run gpupdate /force on the client to refresh the client group policy. To ensure that the policy is updated on the DirectAccess client you can run the “netsh namespace show pol”.

Read More

RemoteApp and Web Application ICON Customization in UAG 2010 Portal

UAG 2010 Portal customization is one of the key strengths in the UAG system. The Customization of UAG is based on the Custom Update concept, for more details and real life example, please check the following articles:

• http://itcalls.blogspot.com/2012/03/uag-portal-home-page-customization-left.html
• http://technet.microsoft.com/en-us/library/ee861168.aspx

One of the main customization issues that i faced during the last few weeks is changing the Default icons for applications and RemoteApp published applications on the portal. UAG by default is pre-loaded with several default icons for different applications however Custom apps published using the Remote Desktop Services (RDS) RemoteApp or custom Web published apps gets the default ICON which is not sometimes representing the application as per the Owner point of view. In this article i will provide two examples for ICON customization in UAG 2010 Portal.

1. RDS RemoteApp applications, This includes three fairly simple steps:
• You need to have your ICON file saved in PNG format, the size won't matter as the UAG will automatically re-size it according to its placement in the portal. I tried 15x15 and 32x32 and 64x64 Pixels and it worked fine for the three of them.
• The ICON need to be saved under
  C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage\images\AppIcons\CustomerUpdate (Provided that you installed the UAG in the default C-drive Location). The file should be saved under the application name, for example if your RemoteApp published application is named App1, then its icon should be App1.png.
• Activate the UAG
2. Custom Web Application, By default Custom Web application is published with the default App.gif file, to change this you have to do it in two locations:
• The main (Home) Portal area will need a GIF icon 90x50 Pixels and it will be saved same as the RemoteApp under C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage\images\AppIcons\CustomerUpdate (Provided that you installed the UAG in the default C-drive Location). Again Make sure to name the GIF file with the same name as per your published Application (For example App1.GIF).
• Edit the Properties of the published Application on the UAG portal and change the ICON properties on the Portal Link TAB to reflect the new ICON

• The LeftExplorer Menu needs another ICON file with lower Pixel 15x15 and it should be named with the application name_ICON (For example App1_icon.GIF), similar to the above example, its saved under C:\Program Files\Microsoft Forefront Unified Access Gateway\von\PortalHomePage\images\AppIcons\CustomerUpdate (Provided that you installed the UAG in the default C-drive Location).
• Activate the UAG

These two examples should lay the basic knowledge to customize your UAG Portal application ICONS and hopefully you will find it useful.

Read More