Description of Service Pack 2 for Forefront Unified Access Gateway 2010

This article describes the features and fixes that are included in Service Pack 2 (SP2) for Microsoft Forefront Unified Access Gateway (UAG) 2010.

Features that are included and issues that are fixed in Service Pack 2

Features

Forefront UAG 2010 SP2 includes the following features:

• Improved Microsoft SharePoint 2010 support
  
  Forefront UAG 2010 SP2 lets users authenticate to a trunk by using Microsoft Office Forms-Based Authentication (MSOFBA) when the trunk uses Active Directory Federation Services (AD FS) 2.0 for authentication.
  
  
• Improved Active Directory Federation Services 2.0 support
  
  You can provide remote employees and partner employees with access to published applications that have AD FS 2.0 enabled. For example, you can do the following:
  • Use AD FS multi-namespace support: Multi-namespace support for AD FS 2.0 lets you use a single AD FS 2.0 server that has multiple Forefront UAG trunks when the fully qualified domain names (FQDNs or public host names) of the trunks are in different domains. For example, the FQDN of the first trunk is portal.contoso.com, and the FQDN of the second trunk is portal.fabrikam.com. Both trunks can be configured to perform AD FS authentication by using the same AD FS 2.0 server (sts.contoso.com). In this kind of deployment, the AD FS 2.0 server is published through one of the Forefront UAG trunks or by an AD FS proxy that is parallel to Forefront UAG.
  • Use the AD FS proxy to publish the AD FS 2.0 server: Publishing the AD FS 2.0 server by using an AD FS proxy has many advantages over publishing the AD FS 2.0 server through Forefront UAG. These advantages include support for Office 365 authentication and mobile devices.
  • Enable complex topologies: You can use Forefront UAG to publish a SharePoint website that is located in one site when the AD FS server is located in another site.
    
    
• Added client devices
  
  Forefront UAG 2010 SP2 lets users connect to the following mobile devices:
  • Windows Phone 7.5
  • iOS 5.x on iPad and iPhone
  • Android 4.x on tablets and phones
    
    
  For more information about Forefront UAG and mobile devices, go to the following Microsoft TechNet website:
  System requirements for Forefront UAG client devices

  (http://technet.microsoft.com/en-us/library/dd920232.aspx)

Fixes

Forefront UAG 2010 SP2 includes the following fixes:

• 2696048
  (http://support.microsoft.com/kb/2696048/ )
   FIX: Error message when you try to apply a UAG SP1 array configuration that contains an ADFS trunk: "Invalid External Port address"
• 2696052
  (http://support.microsoft.com/kb/2696052/ )
   FIX: The installation of the Unified Access Gateway 2010 SP1 client components stops responding when you use the MSI-based installer
• 2697188
  (http://support.microsoft.com/kb/2697188/ )
   FIX: Error message when you try to export your configuration settings in Forefront Unified Access Gateway 2010 SP1: "Unspecified error"
• 2697189
  (http://support.microsoft.com/kb/2697189/ )
   FIX: The "Identify by Extension" endpoint download policy does not work as expected in Forefront Unified Access Gateway 2010 SP1 Client
• 2697564
  (http://support.microsoft.com/kb/2697564/ )
   FIX: The "sign out" button and the "user presence" drop-down menu are not visible in Outlook Web Access 2010 when it is published to a Unified Access Gateway 2010 portal
• 2697696
  (http://support.microsoft.com/kb/2697696/ )
   FIX: The NLSessionStrunknamePersistForOffice cookie domain that is generated by Forefront Unified Access Gateway 2010 is set to "host.domain.com" instead of to "domain.com"
• 2699805
  (http://support.microsoft.com/kb/2699805/ )
   FIX: A Unified Access Gateway 2010 SP1 client connection may fail when client traffic fails over between load balanced array nodes
• 2699807
  (http://support.microsoft.com/kb/2699807/ )
   FIX: A client connection to an HTTPS trunk may fail in a Forefront Unified Access Gateway 2010 SP1 array with Error 152 or 116
• 2697058
  (http://support.microsoft.com/kb/2697058/ )
   FIX: Error message when you try to import your configuration settings in Forefront Unified Access Gateway 2010 SP1: "Import configuration failed (0x80070002)"
• 2697053
  (http://support.microsoft.com/kb/2697053/ )
   FIX: Error message when you try to assign an IP address range in Forefront Unified Access Gateway 2010 SP1: "The following array members do not have a static IP address pool defined for VPN client connections"
• 2697052
  (http://support.microsoft.com/kb/2697052/ )
   FIX: External ActiveSync client sessions may be able to view other user mailboxes in Forefront Unified Access Gateway 2010 SP1
• 2697049
  (http://support.microsoft.com/kb/2697049/ )
   FIX: Passwords that contain special characters may not be recognized for Nokia Mail for Exchange users in Forefront Unified Access Gateway (UAG) 2010 SP1
• 2695202
  (http://support.microsoft.com/kb/2695202/ )
   FIX: Configuration activation time may increase significantly after you apply Unified Access Gateway 2010 SP1
• 2702989
  (http://support.microsoft.com/kb/2702989/ )
   FIX: Errors may occur when a user cannot connect to an RD Virtualization Host server after you publish Remote Desktop Services or RemoteApps through Forefront Unified Access Gateway 2010
• 2743268
  (http://support.microsoft.com/kb/2743268/ )
   FIX: You receive the generic "Authentication Failed" error message and are not prompted to change your expired password when you try to log on to a Forefront Unified Access Gateway 2010 portal
• 2743283
  (http://support.microsoft.com/kb/2743283/ )
   FIX: Some security events are not displayed in Web Monitor after a "Warning #18: Invalid Request Version" event is reported when an array deployment is used in Forefront Unified Access Gateway 2010
• 2743301
  (http://support.microsoft.com/kb/2743301/ )
   FIX: User authentication may not function for Exchange ActiveSync in a Forefront Unified Access Gateway (UAG) 2010 environment
• 2745313
  (http://support.microsoft.com/kb/2745313/ )
   FIX: Intermittent socket exhaustion, high CPU and memory usage, and event 111 is logged on a server that is running Forefront Unified Access Gateway 2010
• 2745465
  (http://support.microsoft.com/kb/2745465/ )
   FIX: Application access through a Forefront Unified Access Gateway 2010 server is unsuccessful
• 2748172
  (http://support.microsoft.com/kb/2748172/ )
   FIX: Logon to a Forefront Unified Access Gateway 2010 trunk may be unsuccessful when the Active Directory repository is set to "Use local active directory forest authentication"
• 2748175
  (http://support.microsoft.com/kb/2748175/ )
   FIX: "The application’s digital signature has an error. Do you want to run the application?" error message when you try to log on to a Forefront Unified Access Gateway 2010 trunk
• 2748178
  (http://support.microsoft.com/kb/2748178/ )
   FIX: You may be redirected to an error page after you install security update 2649261 on a server that is running Forefront Unified Access Gateway 2010
• 2748183
  (http://support.microsoft.com/kb/2748183/ )
   FIX: HTTP 500 or "The page cannot be displayed" error message when you try to access the Forefront Unified Access Gateway 2010 portal or a published application
• 2749824
  (http://support.microsoft.com/kb/2749824/ )
   FIX: You receive multiple authentication prompts when you try to use Forefront Unified Access Gateway 2010 to open an Office document that is stored on a SharePoint site
• 2749825
  (http://support.microsoft.com/kb/2749825/ )
   FIX: A client who uses Forefront Unified Access Gateway 2010 to browse to an Outlook Web App website may receive HTTP 500 errors intermittently instead of a Forefront Unified Access Gateway 2010 error page
• 2749826
  (http://support.microsoft.com/kb/2749826/ )
   FIX: A new mail profile is not created when you try to create the profile on a client computer that connects to the Client Access server through Forefront Unified Access Gateway 2010

Additionally, this service pack includes fixes for some stability issues.

Note Forefront UAG 2010 SP2 is cumulative and includes the following previous fixes and security updates:

Service Pack information

The following file is available for download from the Microsoft Download Center:

Prerequisites

To install this service pack, you must be running Update 1 for Forefront UAG 2010 SP1. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Installation notes

• Forefront UAG 2010 SP2 is provided as a service pack update that can be installed on existing Forefront UAG servers. For more information, go to the following Microsoft TechNet website:
  Installing SP2 for Forefront UAG 2010

  (http://go.microsoft.com/fwlink/?LinkID=259478)
• If you run Forefront UAG 2010 in an array configuration, you must apply this update to each array member.
• Before you install Forefront UAG 2010 SP2, we recommend that you create a system restore point. You do not have to back up your existing Forefront UAG 2010 configuration because a backup is automatically created during the installation of Forefront UAG SP2.
• Before you install Forefront UAG 2010 SP2, we recommend that you read the release notes and the installation instructions. To do this, go to the following Microsoft TechNet websites:
  Release notes for Forefront UAG 2010 SP2

  (http://go.microsoft.com/fwlink/?LinkId=260534)

  
  
  Installing SP2 for Forefront UAG 2010

  (http://go.microsoft.com/fwlink/?LinkID=259478)

  
  
  
• For more information about how to uninstall or roll back Forefront UAG 2010 SP2, go to the following Microsoft TechNet website:
  Uninstalling or rolling back Forefront UAG 2010 SP2

  (http://go.microsoft.com/fwlink/?LinkId=260583)

Restart requirement

You must restart the computer after you apply this service pack.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base: