Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Symptoms

Consider the following scenario:

  • You publish Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010 by using Microsoft Forefront Unified Access Gateway (UAG) 2010.

  • You log on to the trunk from a client computer and then access the SharePoint application.

  • You access an Office document from a SharePoint document library.


In this scenario, the NLSessionStrunknamePersistForOffice cookie domain that is generated by Forefront UAG is set to "host.domain.com" instead of to "domain.com."

Note In certain logoff customization scenarios, this behavior may cause trunk logoff not to complete successfully.

Cause

This problem occurs because the InternalSiteSharePoint.inc hook incorrectly uses the TrunkDomain parameter instead of the DomainBasedCookie parameter.

Resolution

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:

2710791 Description of Service Pack 2 for Forefront Unified Access Gateway 2010

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

The NLSessionStrunknamePersistForOffice cookie is used in SharePoint Office integration scenarios. The domain attribute of this cookie can be viewed by using either F12 developer tools for Internet Explorer 9 or some third-party web debugging tools.

Some Forefront UAG trunk logoff customizations rely on an external server that uses the same domain suffix as the trunk's public host name to invalidate all the relevant cookies in order to complete the logoff process. Those customizations may be affected by this problem. Although other Forefront UAG cookies may be invalidated by that external server, the NLSessionStrunknamePersistForOffice cookie is never sent to the external server because it is a host cookie instead of a domain cookie. Therefore, the external server cannot invalidate this cookie. Then, when another request is made to the published SharePoint application, the NLSessionStrunknamePersistForOffice cookie is presented to the Forefront UAG server. The server considers this to be a valid ongoing session request and continues to give access.

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×