FIX: Application access through a Forefront Unified Access Gateway 2010 server is unsuccessful

Article translations Article translations
Article ID: 2745465 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenario:
  • You have a server that is running Microsoft Forefront Unified Access Gateway (UAG) 2010.
  • The Forefront UAG server is not a domain member.
  • Forefront UAG application authorization is based on primary group membership such as "Domain Users," and the user account that is used for access to applications is a member of this primary group.
  • The user tries to access an application through the Forefront UAG server.

In this scenario, application access through the Forefront UAG server is unsuccessful.

Cause

When Forefront UAG 2010 looks up the user's primary group by using Active Directory Service Interfaces (ADSI), the lookup is unsuccessful when Forefront UAG is not part of the domain. When a Lightweight Directory Access Protocol (LDAP) repository is used for authentication, the LDAP search response for the MemberOf attribute does not include the user's primary group.

Resolution

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2710791 Description of Service Pack 2 for Forefront Unified Access Gateway 2010

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

For more information about the need to query groups to give users access that is based on group membership, click the following article number to view the article in the Microsoft Knowledge Base:
275523 Setting Primary Group excludes the user from the group membership in Active Directory
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2745465 - Last Review: December 7, 2012 - Revision: 1.0
Applies to
  • Microsoft Forefront Unified Access Gateway 2010 Service Pack 1
Keywords: 
kbqfe kbfix kbexpertiseinter kbsurveynew kbbug KB2745465

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com