Symptoms
This article describes the features and fixes that are included in Service Pack 2 (SP2) for Microsoft Forefront Unified Access Gateway (UAG) 2010.
Features that are included and issues that are fixed in Service Pack 2
Features
Forefront UAG 2010 SP2 includes the following features:
-
Improved Microsoft SharePoint 2010 support
Forefront UAG 2010 SP2 lets users authenticate to a trunk by using Microsoft Office Forms-Based Authentication (MSOFBA) when the trunk uses Active Directory Federation Services (AD FS) 2.0 for authentication. -
Improved Active Directory Federation Services 2.0 support
You can provide remote employees and partner employees with access to published applications that have AD FS 2.0 enabled. For example, you can do the following:-
Use AD FS multi-namespace support: Multi-namespace support for AD FS 2.0 lets you use a single AD FS 2.0 server that has multiple Forefront UAG trunks when the fully qualified domain names (FQDNs or public host names) of the trunks are in different domains. For example, the FQDN of the first trunk is portal.contoso.com, and the FQDN of the second trunk is portal.fabrikam.com. Both trunks can be configured to perform AD FS authentication by using the same AD FS 2.0 server (sts.contoso.com). In this kind of deployment, the AD FS 2.0 server is published through one of the Forefront UAG trunks or by an AD FS proxy that is parallel to Forefront UAG.
-
Use the AD FS proxy to publish the AD FS 2.0 server: Publishing the AD FS 2.0 server by using an AD FS proxy has many advantages over publishing the AD FS 2.0 server through Forefront UAG. These advantages include support for Office 365 authentication and mobile devices.
-
Enable complex topologies: You can use Forefront UAG to publish a SharePoint website that is located in one site when the AD FS server is located in another site.
-
-
Added client devices
Forefront UAG 2010 SP2 lets users connect to the following mobile devices:-
Windows Phone 7.5
-
iOS 5.x on iPad and iPhone
-
Android 4.x on tablets and phones
For more information about Forefront UAG and mobile devices, go to the following Microsoft TechNet website:
-
Fixes
Forefront UAG 2010 SP2 includes the following fixes:
-
2696048 FIX: Error message when you try to apply a UAG SP1 array configuration that contains an ADFS trunk: "Invalid External Port address"
-
2696052 FIX: The installation of the Unified Access Gateway 2010 SP1 client components stops responding when you use the MSI-based installer
-
2697188 FIX: Error message when you try to export your configuration settings in Forefront Unified Access Gateway 2010 SP1: "Unspecified error"
-
2697189 FIX: The "Identify by Extension" endpoint download policy does not work as expected in Forefront Unified Access Gateway 2010 SP1 Client
-
2697564 FIX: The "sign out" button and the "user presence" drop-down menu are not visible in Outlook Web Access 2010 when it is published to a Unified Access Gateway 2010 portal
-
2697696 FIX: The NLSessionStrunknamePersistForOffice cookie domain that is generated by Forefront Unified Access Gateway 2010 is set to "host.domain.com" instead of to "domain.com"
-
2699805 FIX: A Unified Access Gateway 2010 SP1 client connection may fail when client traffic fails over between load balanced array nodes
-
2699807 FIX: A client connection to an HTTPS trunk may fail in a Forefront Unified Access Gateway 2010 SP1 array with Error 152 or 116
-
2697058 FIX: Error message when you try to import your configuration settings in Forefront Unified Access Gateway 2010 SP1: "Import configuration failed (0x80070002)"
-
2697053 FIX: Error message when you try to assign an IP address range in Forefront Unified Access Gateway 2010 SP1: "The following array members do not have a static IP address pool defined for VPN client connections"
-
2697052 FIX: External ActiveSync client sessions may be able to view other user mailboxes in Forefront Unified Access Gateway 2010 SP1
-
2697049 FIX: Passwords that contain special characters may not be recognized for Nokia Mail for Exchange users in Forefront Unified Access Gateway (UAG) 2010 SP1
-
2695202 FIX: Configuration activation time may increase significantly after you apply Unified Access Gateway 2010 SP1
-
2702989 FIX: Errors may occur when a user cannot connect to an RD Virtualization Host server after you publish Remote Desktop Services or RemoteApps through Forefront Unified Access Gateway 2010
-
2743268 FIX: You receive the generic "Authentication Failed" error message and are not prompted to change your expired password when you try to log on to a Forefront Unified Access Gateway 2010 portal
-
2743283 FIX: Some security events are not displayed in Web Monitor after a "Warning #18: Invalid Request Version" event is reported when an array deployment is used in Forefront Unified Access Gateway 2010
-
2743301 FIX: User authentication may not function for Exchange ActiveSync in a Forefront Unified Access Gateway (UAG) 2010 environment
-
2745313 FIX: Intermittent socket exhaustion, high CPU and memory usage, and event 111 is logged on a server that is running Forefront Unified Access Gateway 2010
-
2745465 FIX: Application access through a Forefront Unified Access Gateway 2010 server is unsuccessful
-
2748172 FIX: Logon to a Forefront Unified Access Gateway 2010 trunk may be unsuccessful when the Active Directory repository is set to "Use local active directory forest authentication"
-
2748175 FIX: "The application’s digital signature has an error. Do you want to run the application?" error message when you try to log on to a Forefront Unified Access Gateway 2010 trunk
-
2748178 FIX: You may be redirected to an error page after you install security update 2649261 on a server that is running Forefront Unified Access Gateway 2010
-
2748183 FIX: HTTP 500 or "The page cannot be displayed" error message when you try to access the Forefront Unified Access Gateway 2010 portal or a published application
-
2749824 FIX: You receive multiple authentication prompts when you try to use Forefront Unified Access Gateway 2010 to open an Office document that is stored on a SharePoint site
-
2749825 FIX: A client who uses Forefront Unified Access Gateway 2010 to browse to an Outlook Web App website may receive HTTP 500 errors intermittently instead of a Forefront Unified Access Gateway 2010 error page
-
2749826 FIX: A new mail profile is not created when you try to create the profile on a client computer that connects to the Client Access server through Forefront Unified Access Gateway 2010
Additionally, this service pack includes fixes for some stability issues. Note Forefront UAG 2010 SP2 is cumulative and includes the following previous fixes and security updates:
2647899 Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 12663860 MS12-026: Vulnerabilities in Forefront Unified Access Gateway (UAG) could allow information disclosure: April 10, 2012
Resolution
Service Pack information
The following file is available for download from the Microsoft Download Center:
Download the Forefront Unified Access Gateway (UAG) 2010 SP2 package now.
Prerequisites
To install this service pack, you must be running Update 1 for Forefront UAG 2010 SP1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2585140 Description of the Service Pack 1 Update 1 for Forefront Unified Access Gateway (UAG)
Installation notes
-
Forefront UAG 2010 SP2 is provided as a service pack update that can be installed on existing Forefront UAG servers. For more information, go to the following Microsoft TechNet website:
-
If you run Forefront UAG 2010 in an array configuration, you must apply this update to each array member.
-
Before you install Forefront UAG 2010 SP2, we recommend that you create a system restore point. You do not have to back up your existing Forefront UAG 2010 configuration because a backup is automatically created during the installation of Forefront UAG SP2.
-
Before you install Forefront UAG 2010 SP2, we recommend that you read the release notes and the installation instructions. To do this, go to the following Microsoft TechNet websites:
Release notes for Forefront UAG 2010 SP2 Installing SP2 for Forefront UAG 2010
-
For more information about how to uninstall or roll back Forefront UAG 2010 SP2, go to the following Microsoft TechNet website:
Restart requirement
You must restart the computer after you apply this service pack.
References
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates