Forefront UAG: AppWrap code to remove the “Sign Out” from the Remote Desktop Services Website (RDWeb)

 Create a new folder named “CustomUpdate” under <UAG Installation Directory>vonConfWebSites<PortalName>conf

1. Copy the WhlFiltAppWrap_HTTPS.XML from <UAG Installation Directory>vonConfWebSites<PortalName>conf to the CustomUpdate folder created in step 1
2. Open the WhlFiltAppWrap_HTTPS.XML in notepad and scroll down till you find the <HEADER_CHANGE> XML tag
3. Just above the <HEADER_CHANGE> XML tag copy paste the below code
4. Save the file and Activate the configuration

<MANIPULATION_PER_APPLICATION>
    <APPLICATION_TYPE></APPLICATION_TYPE>
    <!-- RDS Website -->
    <DATA_CHANGE>
    <URL case_sensitive="false">/RDWeb/.*/default.aspx</URL>
        <SAR conditional_variable="UsePortalFrame" conditional_var_value="True">
            <SEARCH encoding="base64">PGEgaWQ9J1BPUlRBTF9TSUdOT1VUJyBocmVmPSJqYXZhc2NyaXB0Om9uVXNlckRpc2Nvbm5lY3QoKSIgdGFyZ2V0PSJfc2VsZiI+U2lnbiBvdXQ8L2E+</SEARCH>
            <REPLACE encoding="base64">PGE+PC9hPg==</REPLACE>
        </SAR>
    </DATA_CHANGE>
    <DATA_CHANGE>
    <URL case_sensitive="false">/RDWeb/.*/desktops.aspx</URL>
        <SAR conditional_variable="UsePortalFrame" conditional_var_value="True">
            <SEARCH encoding="base64">PGEgaWQ9J1BPUlRBTF9TSUdOT1VUJyBocmVmPSJqYXZhc2NyaXB0Om9uVXNlckRpc2Nvbm5lY3QoKSIgdGFyZ2V0PSJfc2VsZiI+U2lnbiBvdXQ8L2E+</SEARCH>
            <REPLACE encoding="base64">PGE+PC9hPg==</REPLACE>
        </SAR>
    </DATA_CHANGE>
    <DATA_CHANGE>
    <URL case_sensitive="false">/RDWeb/.*/config.aspx</URL>
        <SAR conditional_variable="UsePortalFrame" conditional_var_value="True">
            <SEARCH encoding="base64">PGEgaWQ9J1BPUlRBTF9TSUdOT1VUJyBocmVmPSJqYXZhc2NyaXB0Om9uVXNlckRpc2Nvbm5lY3QoKSIgdGFyZ2V0PSJfc2VsZiI+U2lnbiBvdXQ8L2E+</SEARCH>
            <REPLACE encoding="base64">PGE+PC9hPg==</REPLACE>
        </SAR>
    </DATA_CHANGE>
</MANIPULATION_PER_APPLICATION> 

Snapshot of the  RDWeb after applying the above AppWrap

Cheers !!

Forefront UAG: When accessing UAG portal on HTTP redirecting to HTTPS, it complains about too many users connected OR the website page comes back with a Page cannot be displayed OR it shows a Request Error with a “Forbidden Directory” message

This is an unusual behavior of the Forefront UAG when creating a HTTP Trunk or creating a HTTP-to-HTTPS redirector. The internal cause of this behavior is unknown at this time but seems that IIS does not react to the changes until and unless it’s restarted.

If you get an error saying (I don’t remember the exact message) that too many users connected OR you see in the Network Monitor that the HTTP GET request was made by the client machine but no response came from the server then go to the UAG Server and restart the IIS Service.

Make sure you restart the IIS Service on every node in case the UAG servers are in Array.

Cheers !!

Error: Forefront UAG endpoint components could not run on this computer since the script signature could not be verified

I recently came across this error when accessing the UAG portal from Firefox web browser. I had a custom VBScript to check if the computer was part of the domain or not. The script was working as expected in IE web browser but was throwing the above error when running it through the Firefox.

As confirmed by MS support, this behavior is not by design and is a bug with how the Windows Java component is parsing the data received from the server.

Users who connect with Windows OS systems to an IAG or UAG server that has custom client detection scripts with a supported non IE browser will receive a notification that the script signature could not be verified. 

Although, Non Windows OS systems regardless of the browser used are not capable of doing custom detection and that behavior is by design.

Error Snapshot

Fix / Resolution : No workaround available until hotfix is released. The best you can do is to use the IE browser in place of FireFox.

Cheers !!

UAG DirectAccess Deployment using NAT64 and DNS64

Part 1 : UAG DirectAccess Configuration using the NAT64 and DNS64 – Certificate Authority Configuration

Part 2 : UAG DirectAccess Configuration using the NAT64 and DNS64

Part 3 : UAG DirectAccess Configuration using the NAT64 and DNS64

Cheers !!!