Description of the Service Pack 1 Rollup 1 hotfix package for Unified Access Gateway 2010


Microsoft has released the Service Pack 1 Rollup 1 hotfix package for Microsoft Forefront Unified Access Gateway (UAG) 2010. The build number of this hotfix rollup is 4.0.1752.10020.

More Information

Issues that are fixed in this hotfix rollup

This hotfix rollup fixes the following issues that were not previously documented in the Microsoft Knowledge Base.

Issue 1

The UAG Active Directory Service Interfaces (ADSI) repository and LDAP repository functions Change User Password and Check for Password Expiration cannot handle non-ASCII characters that are contained in the Username, Password, or Path fields of the distinguished name (DN).

The ruleset that is preventing users who use non-ASCII characters from changing their passwords is as follows:
The following two parameters of this ruleset fail the password change:
  • dummy_user_repository
  • user_repository

Both parameters have a default value of 50. After this hotfix rollup is applied, these parameters have a default value of 500.

Issue 2

You publish a web application by using a webapp generic template that uses the Portal Host Name type. If, during a response, the application sets a cookie with a domain attribute that has a character count longer than the trunk public host name, an Access Violation error is generated from the Secure Remote Access (SRA) file when SRA tries to sign the domain attribute of cookies. The result is that the filter abandons the process and sends error 500 to the endpoint.

Issue 3

You cannot define a WinHTTP repository in Unified Access Gateway (UAG). The path that you type inside the Path field is sometimes accepted. However, when you try to enable the UAG configuration, you receive one of the following error messages:

Error message 1
The following operation failed: Allowing connection by URL "urlname" Error code [0x80004005]

Error message 2
Failed to find port for service [urlname] [0x80004005]

Error message 3
Firewall settings could not be configured.

Issue 4

The silent removal of client components restarts the client computer without a warning message.

Issue 5

Kerberos Constrained Delegation (KCD) does not work if a back-end application does not support SPNEGO or is not configured to support SPNEGO. The HTTP log indicates that a "200 OK" response is returned immediately after UAG sends a Kerberos token. The application sends a "200 OK" response. However, UAG is expecting a negotiation token.


In an optimal scenario, the back-end web server should return error 401 when it receives a GSS_S_CONTINUE_NEEDED value to complete the negotiation. In this scenario, UAG should send a token back to the back-end web server to finish the authentication process. However, some back-end applications do not support or are not configured to support mutual Kerberos authentication (for example, no support for the Simple and Protected Negotiate [SPNEGO] implementation). For these applications, an additional Security Service Provider (SSP) may be used by setting the registry.

The following registry entry changes the SSP from Negotiate to Kerberos:
Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\eGap\von\UrlFilter
Entry: KCDUseKerberosSSN
Value: 1

Issue 6

You cannot define a WinHTTP repository when the repository URL does not specify the port number explicitly.

To work around this issue, define the URL in the WinHTTP repository. For example, change https://urlname to https://urlname:443.

Issue 7

RemoteApps Single Sign-On (SSO) does not work when UAG component installation and activation is disabled.

Issue 8

Authorization fails for users who have Unicode display names in Active Directory when LDAP signing is required. This problem occurs only if you have to have LDAP signing enabled on the domain controller.

Issue 9

Client components do not provide a meaningful return code to indicate whether the installation succeeded or whether it failed and is pending a restart. The MSI package always returns 0 (zero) after the installation or removal of the client components, regardless of whether the installation or removal succeeded or failed.

Issue 10

During the unattended removal of UAG client components, a dialog box appears on the user's screen. Because of the deployment method, this dialog box is displayed as a black box on the user’s desktop. However, the dialog box still reacts to user inputs, and the buttons in the dialog box can be clicked.

After you install this hotfix rollup, you have more control over whether there any progress dialog boxes are displayed during the installation, removal, or upgrade of the UAG client components.

Issue 11

You download the OfflineInstaller.msi file from the UAG portal site. When you run the offline installation from a client computer, you receive the following error message:
This installation package could not be opened. Contact the application vendor to verify that this is a valid Windows Installer package.

Issue 12

This problem occurs on the Japanese Windows operating system. You copy any of the WhlClientSetup-*.msi files from the UAG server to the client computer. When you run the file, you receive the following error message:
The installation wizard does not start and no endpoint component is installed. But, on Event Viewer "Installation completed" log is recorded. There is no program in the Add or Remove Programs in Control Panel.


Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.


You must have UAG 2010 Service Pack 1 installed to apply this hotfix rollup.

For more information about how to obtain UAG 2010 Service Pack 1, visit the following Microsoft website:

Restart information

You do not have to restart the computer after you apply this hotfix rollup. However, you must enable UAG 2010 after you install the hotfix rollup.

Removal information

To remove this hotfix rollup, use one of the following methods:
  • Log on as a built-in administrator, and then uninstall the update by using the Programs and Features item in Control Panel.
  • At a command prompt, type the following command, and then press Enter:
    msiexec.exe /uninstall
    Note The command line should be elevated for this removal method. Removing the Unified Access Gateway 2010 Service Pack 1 automatically removes the Rollup 1 hotfix package for Unified Access Gateway 2010 Service Pack 1.

Replacement information

This hotfix rollup does not replace a previously released hotfix.

File information

The English version of this hotfix rollup has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

File nameFile versionFile sizeDateTimePlatform
Adfs.whlclientinst.incNot applicable1,10419-Dec-201022:43Not applicable
Clientcompres.cabNot applicable256,00319-Dec-201023:35Not applicable
Clientconf.cabNot applicable8,41319-Dec-201023:35Not applicable
Clientconf.xmlNot applicable8,56119-Dec-201022:05Not applicable
Clientconf.xml.sigNot applicable12819-Dec-201022:05Not applicable
Install.jsNot applicable11,22219-Dec-201022:43Not applicable
Otp.whlclientinst.incNot applicable1,10419-Dec-201022:43Not applicable,89619-Dec-201023:14x86
Portalhomepage.whlclientsetup_all.msiNot applicable3,556,86419-Dec-201023:23Not applicable
Portalhomepage.whlclientsetup_basic.msiNot applicable3,557,88819-Dec-201023:29Not applicable
Portalhomepage.whlclientsetup_networkconnector.msiNot applicable3,557,88819-Dec-201023:19Not applicable
Portalhomepage.whlclientsetup_networkconnectoronly.msiNot applicable3,557,88819-Dec-201023:20Not applicable
Portalhomepage.whlclientsetup_socketforwarder.msiNot applicable3,557,88819-Dec-201023:25Not applicable
Rsast.cabNot applicable79,76619-Dec-201023:35Not applicable
Sfhlprutil.cabNot applicable63,01619-Dec-201023:35Not applicable
Uagqec.cabNot applicable64,83219-Dec-201023:35Not applicable
Uninstalluagupdate.cmdNot applicable18319-Dec-201023:45Not applicable
Whlcache.cabNot applicable265,47919-Dec-201023:35Not applicable
Whlclientinst.incNot applicable1,10419-Dec-201022:43Not applicable
Whlclntproxy.cabNot applicable244,28019-Dec-201023:35Not applicable
Whlcompmgr.cabNot applicable951,81219-Dec-201023:35Not applicable
Whldetector.cabNot applicable262,30619-Dec-201023:35Not applicable
Whlio.cabNot applicable192,92019-Dec-201023:35Not applicable
Whllln.cabNot applicable167,09119-Dec-201023:35Not applicable
Whlllnconf1.cabNot applicable6,52119-Dec-201023:35Not applicable
Whlllnconf2.cabNot applicable6,61019-Dec-201023:35Not applicable
Whlllnconf3.cabNot applicable6,59919-Dec-201023:35Not applicable
Whltrace.cabNot applicable255,94619-Dec-201023:35Not applicable


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Article ID: 2475733 - Last Review: Feb 3, 2011 - Revision: 1

Microsoft Forefront Unified Access Gateway 2010