10 August 2010

When are my changes finally active?

Back when I started out with ISA server i continually got my self tied up in circles and could not understand how I could not get the simplest of firewall rules to apply correctly.  I would make the rule change click on apply wait for the process bar and then test.  And of course noting worked as expected.

These is a simple reason for this.  When you are making changes in the ISA, TMG or even the UAG console you are not making changes directly, you are changing the configuration that will be applied at the next sync.

So when you make a change and click apply it is only the first step.  You need to wait for the configuration to be applied to your machine or machines.

You can check this progress in TMG by selection monitoring and checking the configuration tab.  The Refresh button will become a big friend of yours.  The icon will chnage from Red to Grey to Yellow  - just wiat till it gets to green.

When we are working with UAG we add another configuration layer on top of this.  Whne you make a change to your UAG console and click on the "Activate Configuration" gear you get the following screen.

It does say activation might take several minutes and they are not kidding - especially of you are running on a test lab machine that is low on RAM.  After you click the activate butting you get a progress indicator.  This like the TMG example just tells you that the change are applied to the configuration.  And not that the new configuration has been applied to the machines.

For this there is a utility called the Forefront Unified Access Gateway Activation Monitor.  It is installed by default. and at first you might not know what it is there for.

This will let you know when your changes are finally applied on your UAG server and only then should you start testing to see if your changes worked.

The things to look for is the green tick, and the message to state "Activation completed successfully"

No comments:

Post a Comment