What's new in Forefront UAG Service Pack 1 Update 1

Applies To: Unified Access Gateway

This topic summarizes the main features of Forefront Unified Access Gateway (UAG) Service Pack 1 (SP1) Update 1.

For information about installing Forefront UAG SP1 Update 1, see Forefront Unified Access Gateway (UAG) Service Pack 1 Update 1.

Known issues and non-supported scenarios


  • Restart the computer after installing or uninstalling this update.

Dynamics CRM 2011 publishing

  • Forefront UAG supports claims-based authentication for the Remote employee access using claims scenario. Partner employee access using claims is not addressed in this update.


    Converting claims (SAML tokens) to NTLM/KCD is not supported when publishing Dynamics CRM 2011.

  • To publish Dynamics CRM 2011 web resources (stylesheets, webpages, images, and so on) with Forefront UAG, CRM 2011 must be configured with Internet-Facing Deployment (IFD).

  • Some enhanced security, such as print and export data, may not be enforced by Forefront UAG in some scenarios. It is recommended that you verify the enhanced security enforcement in your own environment.

  • Mail merge templates downloaded from Dynamics CRM 2011 published using AD FS 2.0 authentication do not work properly.

  • On the Dynamics CRM 2011 server, the page Settings/Customizations/Developer Resources shows information about service endpoints using the internal CRM server name and not the external CRM server name.

Lync Web App publishing

  • Publishing the Lync Web App through Forefront UAG may require the user to authenticate twice: once to Forefront UAG and once to the application if the user is not signing in as a guest because Forefront UAG is unable to automatically provide the credentials to the Silverlight application.

  • Forefront UAG enforces only the access policy for the Lync Web App. The restricted zone, download, and upload policies are not enforced, and if you configure any policies, Forefront UAG ignores them.

  • By default, Forefront UAG enforces a scheduled log-off after 60 minutes. We recommend that you consider whether a 60 minute scheduled-log off period is adequate for your organization. You can choose to increase the log-off period.

  • The following error message may be shown to the user upon scheduled log-off: “The operation failed with an unexpected error. If the problem persists, contact your system administrator."

  • When a user is disconnected due to a scheduled log-off by Forefront UAG, the Lync Web App does not display the explicit reason to the user.

  • Desktop sharing will not work from Macintosh computers (see Lync Web App Features).

  • There is a known issue when uploading or receiving content through the Lync Web App, for example, files distributed through a meeting, images “pasted” into whiteboard sharing. This issue has been acknowledged by the Lync team and is expected to be addressed in a future Lync update.

  • Forefront UAG does not support Lync Mobility scenarios.