FIX: "Authentication failed" error when you try to log on to Unified Access Gateway by using the UPN format

Applies to: Forefront Unified Access Gateway 2010

Symptoms


Consider the following scenario:
  • You configure Microsoft Forefront Unified Access Gateway 2010 to accept user principal name (UPN) logons.
  • Domains from all forests are served by one repository.
  • You try to log on to the Unified Access Gateway portal from a domain in a trusted forest by using the UPN format.

In this scenario, you receive an "Authentication failed" error message. However, if you specify your logon credentials by using the SAM account name format, you can successfully log on. Additionally, other users from a domain in the Unified Access Gateway forest can log on by using the UPN format.

Cause


This issue occurs when Unified Access Gateway cannot convert the UPN name into the Security Accounts Manager (SAM) account name format.

Resolution


This problem is fixed in Rollup 1 for Forefront Unified Access Gateway 2010 Service Pack 4.

Workaround


To work around this problem, log on to the Unified Access Gateway portal by using the SAM account name, or create a separate authentication repository for the domain in the trusted forest. Users from the remote forest then have to select the repository for the new domain in the drop-down list on the logon page.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


Learn about the terminology that Microsoft uses to describe software updates.