11 August 2010

Configuring File Access for UAG

The idea behind this if a fairly simple one.  Give your users access to their files and or drives remotely without having to give them a full VPN connection.  You migth want to do this if the endpoint machine does not comply with your Anti Malware requirements etc.

The Technet article on how to do this here here:


Unfortunately this will not get you up and running...

First up  - to avoid this error -

We need to make some changes.

Make sure that Network Discovery is enabled on the Internal network connection.

Open Start > Admin Tools > Services.
Make sure you have the following services enabled and running

  • Computer Browser
  • Function Discovery Resource Publication
  • SSDP Discovery
  • UPnP Device Host

I made these changes and of course tested immediately and had no luck.  The discovery process apparently takes a bit of time.  - see failed-to-enumerate-domains-error-while-configuring-file-access-in-uag for the full article

According to http://support.microsoft.com/kb/981932 after installing UAG update 1 you should be prompted to allow netbios traffic. I did not get the prompt and had to manually add an access rule.  For now my rule is allow

NetBios Name Service (UDP 137)

NetBios Datagram (UDP 138)

From All networks to All networks

This works but should be turned to be more restrictive if your UAG is not behind another firewall.

Once you are able to browse the domains and the network you can pick the domain, server and shares you want to allow access to.  Be warned this is one of the worst interface possible... Why MS why?  You have to tick and click Apply and WAIT.

It is fairly stright forward from there..

No comments:

Post a Comment