Release notes for Forefront UAG SP2

These release notes address late-breaking issues for Forefront Unified Access Gateway (UAG) Service Pack Two (SP2).

If you are reading this help from the Forefront UAG Management console, the latest version of this topic is available in the Forefront UAG TechNet library.

  • Installation, upgrade, and administration issues

  • Client issues

  • Forefront UAG portal issues

  • AD FS publishing issues

  • Endpoint detection and access policy issues

Installation, upgrade, and administration issues

  1. We recommend that you add a restore point on the Forefront UAG server before running SP2 installation.

  2. You must install SP2 on a server running Forefront UAG SP1 Update 1 as follows:

    1. Install Forefront UAG with SP1 as a clean installation. See Installing Forefront UAG 2010.

    2. Install Update 1 for Forefront UAG SP1. See Installing Update 1 for Forefront UAG SP1.

    3. Install Forefront TMG SP2. See Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2.

    4. Install Forefront UAG SP2.

  3. We recommend that you do not have installations of other applications in progress when you install SP2 on an existing Forefront UAG server. Otherwise you might receive the following message during SP2 installation: “Setup failed during Forefront UAG prerequisites installation”. If you do receive this error, do the following:

    1. Restart the computer.

    2. Wait several minutes for any installations that are in progress to complete.

    3. Reinstall SP2.

  4. For a summary of known globalization issues in Forefront UAG, see Compliance notes.

Client issues

  • In Forefront UAG SP2, when you publish Exchange, SharePoint, or Dynamics CRM applications, the Forefront UAG Management console shows the default access, upload, and download endpoint policies in use. However, Exchange, SharePoint, and Dynamics CRM always use application specific policies regardless of the endpoint policy selected in the Forefront UAG Management console. For example, a SharePoint 2010 application will always use the Microsoft SharePoint Server 2010 Download and Microsoft SharePoint Server 2010 Upload policies.

  • When using mobile devices with the Android operating system, if a user configures their Exchange email account to work wirelessly with a proxy server, the proxy settings apply only to HTTP browsing. This prevents email from synchronizing correctly.

Forefront UAG portal issues

  • When a user views the System Information in the Forefront UAG portal using either the Safari or Firefox web browsers, the Endpoint Detection version is reported incorrectly as

  • After users log in to the Forefront UAG portal, they may create a bookmark for the page. For example, after logging in to the portal, and then opening the published SharePoint application, the user may create a bookmark for the SharePoint page. When users attempt to access the bookmark, the user sees an error message “You cannot access this site due to internal error”. The same error occurs if a user session timeout occurs and the user clicks Back.

  • When attempting to access the Forefront UAG portal using a computer running Windows XP SP3 and using the Safari web browser, an error appears and the portal is not accessible.

AD FS publishing issues

When creating two HTTPS trunks that use the same Active Directory Federation Services (AD FS) 2.0 repository and activating the configuration the administrator should see a warning message: One or more applications are configured to use AD FS 2.0 server <server_name> for authentication, but no published AD FS application exists for this server.

When activating the configuration the first time, the message may take several minutes to appear. On subsequent activations, it may not appear at all.

Endpoint detection and access policy issues

  • If you configure an access policy to allow access to computers running any WMI-based firewall, Windows 7 computers are blocked, because the Windows 7 firewall is not WMI-based.

  • Forefront UAG SP2 includes new policy variables for the following antivirus products:

    • Kaspersky: AV_Kaspersky_xxx for Mac OS and AV_KasperskyWin_xxx for Windows

    • NOD32: AV_NOD32_xxx and AV_NOD32Win_xxx

    • Bitdefender: AV_BitDefender_xxx and AV_BitDefenderWin_xxx