This article describes features and fixes that are included in Service Pack 1 (SP1) for Forefront Unified Access Gateway (UAG) 2010. Forefront UAG 2010 SP1 provides the following:
SharePoint 2010 support: You can publish SharePoint 2010 via Forefront UAG.
RMS support: SharePoint libraries that use Active Directory Rights Management Services (AD RTM), and have Information Rights Management (IRM) enabled, can be accessed via Forefront UAG.
AD FS 2.0 support: You can provide remote and partner employees with access to published applications that have Active Directory Federation Services (AD FS) 2.0 enabled.
DirectAccess simplified deployment: You can configure Forefront UAG DirectAccess using the DirectAccess Wizard in the Forefront UAG Management Console. Use the wizard to set up your core DirectAccess deployment, and then complete optional tasks as required.
Remote access and management: You can deploy Forefront UAG DirectAccess to remotely manage DirectAccess clients, and enable DirectAccess clients to connect to internal networks. Alternatively, you can deploy Forefront UAG DirectAccess for remote client management only.
Force tunneling: By default Internet requests from DirectAccess clients are routed directly to the Internet. Alternatively you can enable force tunneling, to route client Internet requests via the Forefront UAG DirectAccess server.
Client health: The health of DirectAccess clients can be verified using Network Access Protection (NAP) policies. NAP policies can be implemented in enforcement mode that allows only compliant clients to connect, or in monitoring mode that monitors client health, but allows both compliant and non-compliant DirectAccess clients to connect.
Two-factor authentication: In addition to using the Kerberos protocol to authenticate DirectAccess clients, you can require clients to authenticate with a smart card or a one-time password (OTP).
DCA 1.5: SP1 includes a new version of the DirectAccess Connectivity Assistant (DCA). Run this application on Forefront UAG DirectAccess client computers to provide DirectAccess status information and troubleshooting options. You can configure settings for the DCA application in the DirectAccess Wizard. These settings are stored in the client group policy object (GPO), and applied to client computers with DCA installed.
GPOs: DirectAccess settings are applied to the DirectAccess server, DirectAccess clients, and infrastructure servers using GPOs. In SP1, you can specify that GPOs are created automatically when you run the DirectAccess Wizard, or use predefined GPOs.
DirectAccess OUs: Prior to SP1, computers that should receive the client GPO were identified using Active Directory security groups. In SP1 you can identify DirectAccess clients using organizational units (OUs), in addition to security groups.
Automatic discovery of management server: SP1 supports the automatic discovery of DirectAccess management servers, including domain controllers, System Center Operations Manager servers, and Health Registration Authority (HRA) servers.
Monitoring: Using SP1 you can log and monitor Forefront UAG servers and arrays, to assess the state of Forefront UAG DirectAccess servers and clients. You can monitor DirectAccess using the in-built Web Monitor, SQL Server logs, PowerShell, or the Forefront UAG Systems Center Operations Manager management pack.
Additionally, SP1 includes the following:
A number of internal fixes.
The ability to change internal IP addresses.
A fix for issues that are listed in Microsoft article 2316074.
Note: Forefront UAG SP1 is cumulative and includes Forefront UAG Update 1, Forefront UAG Update 2, and the security fixes that are listed in article 2316074.
The following file is available for download from the Microsoft Download Center:
Download Forefront Unified Access Gateway (UAG) 2010 SP1 now.
You can also obtain the full version of Forefront UAG 2010 with SP1 integrated. To obtain the full version of Forefront UAG, visit the following Microsoft Volume Licensing Service Center website:
To apply Forefront Unified Access Gateway (UAG) 2010 SP1, you must be running one of the following versions of Forefront UAG 2010:
Forefront UAG 2010 (RTM)
Forefront UAG 2010 with Update 1
Forefront UAG 2010 with Update 2
For more information about Forefront UAG Update 1, click the following article number to view the article in the Microsoft Knowledge Base:
981323 Description of Update 1 for Unified Access Gateway 2010 For more information about Forefront UAG Update 1 Rollup 1 hotfix package, click the following article number to view the article in the Microsoft Knowledge Base:
2288900 Description of Update 2 for Unified Access Gateway 2010
If you run Forefront UAG 2010 in an array configuration, you must apply this update to each array member.
Before you install Forefront UAG SP1, we recommend that you create a system restore point. You do not have to make a backup of your existing Forefront UAG 2010 configuration because a backup is automatically created during the installation of Forefront UAG SP1.
Before you install Forefront UAGSP1, we recommend that you read the release notes and the installation instructions.
For more information about the release notes for Forefront UAG 2010 SP1, visit the following Microsoft TechNet website:
Release notes for Forefront UAG 2010 SP1
For more information about the installation instructions for Forefront UAG 2010 SP1, visit the following Microsoft TechNet website:
For more information about how to uninstall or roll back Forefront UAG 2010 SP1, visit the following Microsoft TechNet website:
You must restart the computer after you apply this hotfix.