FIX: Endpoint policies for existing trunks are not updated after you install Forefront Unified Access Gateway 2010 Service Pack 3


Symptoms


After you install Microsoft Forefront Unified Access Gateway 2010 Service Pack 3 (SP3), endpoint policies for existing trunks are not updated. Specifically, Site or Application access policies that are configured to use the platform-specific endpoint policy expression "Any Personal Firewall (Windows)" may not evaluate as TRUE for Windows 8 endpoints. This problem may occur even though endpoint detection correctly detects the presence of an installed and running personal firewall.

Cause


Forefront Unified Access Gateway 2010 SP3 adds support for Windows 8 client access. This includes endpoint detection functionality and Windows 8 client variables that are added to the default policy template. When SP3 is installed and a new trunk is created, the default endpoint policy expression "Any Personal Firewall (Windows)" is updated by using the Windows 8 variables. However, this policy expression is not updated on any trunks that were created before you installed SP3.

Resolution


This problem is fixed in the update that is described in Description of Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 3 .

When this update is installed, the endpoint policy expression "Any Personal Firewall (Windows)" is updated to include the new Windows 8 client variables PFW_WIN8_INSTALLED and PFW_WIN8_RUNNING for Forefront Unified Access Gateway SP3 trunks and also pre-SP3 existing trunks.

Workaround


You can manually update the platform-specific endpoint policy expression "Any Personal Firewall (Windows)" for existing trunks to include the new Windows 8 client variables PFW_WIN8_INSTALLED and PFW_WIN8_RUNNING after Forefront Unified Access Gateway SP3 is installed.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


For information about how to change access policies and expressions, please see Configuring Forefront UAG access policies.

For information about how to create, edit, and remove platform-specific policies and expressions, please see Configuring Forefront UAG platform-specific access policies.

For information about software update terminology, please see Description of the standard terminology that is used to describe Microsoft software updates .