ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    ForeFront UAG trunks stopped working

    Scheduled Pinned Locked Moved IT Discussion
    forefront tmgforefront uagreverse proxy
    14 Posts 4 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      Any Windows updates installed recently?

      thwrT 1 Reply Last reply Reply Quote 2
      • jt1001001J
        jt1001001
        last edited by

        Any internal or external DNS changes??

        thwrT 1 Reply Last reply Reply Quote 2
        • thwrT
          thwr @bsouder
          last edited by thwr

          @bsouder said in ForeFront UAG trunks stopped working:

          How long ago did you update the Cert? I am assuming that was the last thing you did tot he system. I had one recently that even though it said it updated, it did not actually update. Removed the certificates (including verifying all old certificates were gone), added them back in. Check bindings.

          Months ago. But thx 🙂 Configs not applying is a common problem. Same for bindings getting lost

          1 Reply Last reply Reply Quote 0
          • thwrT
            thwr @jt1001001
            last edited by

            @jt1001001 said in ForeFront UAG trunks stopped working:

            Any internal or external DNS changes??

            Nope

            1 Reply Last reply Reply Quote 0
            • thwrT
              thwr @Dashrender
              last edited by

              @Dashrender said in ForeFront UAG trunks stopped working:

              Any Windows updates installed recently?

              That's what I'm currently looking for. Unfortunately, I won't have access to the system until Monday

              1 Reply Last reply Reply Quote 0
              • thwrT
                thwr
                last edited by

                I'm currently thinking about replacing the UAG with nginx or Apache. What are your thoughts about losing the pre-auth from a security point of view?

                IMHO:

                • it's nice to have, but not a critical component.
                • A reverse proxy and some IDS/IPS between the user and the SharePoint farm is more important.

                Sadly, SharePoint Online is not an option.

                1 Reply Last reply Reply Quote 0
                • DashrenderD
                  Dashrender
                  last edited by

                  I've been told that Windows server can do the reverse proxy stuff. might be an idea.

                  thwrT 1 Reply Last reply Reply Quote 0
                  • thwrT
                    thwr @Dashrender
                    last edited by

                    @Dashrender said in ForeFront UAG trunks stopped working:

                    I've been told that Windows server can do the reverse proxy stuff. might be an idea.

                    You mean WAP, Web Application Proxy available since 2012R2. Would be an option, but I would need to buy a bunch of 2012R2 UserCALs. WAP is also very limited in functionality, not even comparable to mod_proxy.

                    I think I will be going the open source route here. UAG left a bad taste: Not only did they cancel the product without any recommendations, no, you can't even buy UAG CALs anymore. And to be honest, it was never running really stable.

                    1 Reply Last reply Reply Quote 0
                    • jt1001001J
                      jt1001001
                      last edited by

                      We are loking at replacing our ForeFron UAG for Skype for Business reverse Proxy with Kemp Load balancers; they provide a Sharepoint config guide:
                      https://support.kemptechnologies.com/hc/en-us/articles/203123539-SharePoint

                      They offer a free Load Balancer VM if you dont' need too much bandwidth:
                      http://freeloadbalancer.com/features/

                      I unfortunately am not part of the project team designing and implementing the Kemp solution so I can't tell you much about its capabilities YET

                      thwrT 1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender
                        last edited by

                        Oh good point - though I'm not sure why you would need more CALs, don't you already have all the CALs you need for access to Sharepoint?

                        thwrT 1 Reply Last reply Reply Quote 1
                        • thwrT
                          thwr @Dashrender
                          last edited by

                          @Dashrender said in ForeFront UAG trunks stopped working:

                          Oh good point - though I'm not sure why you would need more CALs, don't you already have all the CALs you need for access to Sharepoint?

                          yup, but only 2008R2 without SA. WAP is 2012R2+

                          1 Reply Last reply Reply Quote 0
                          • thwrT
                            thwr @jt1001001
                            last edited by

                            @jt1001001 said in ForeFront UAG trunks stopped working:

                            We are loking at replacing our ForeFron UAG for Skype for Business reverse Proxy with Kemp Load balancers; they provide a Sharepoint config guide:
                            https://support.kemptechnologies.com/hc/en-us/articles/203123539-SharePoint

                            They offer a free Load Balancer VM if you dont' need too much bandwidth:
                            http://freeloadbalancer.com/features/

                            I unfortunately am not part of the project team designing and implementing the Kemp solution so I can't tell you much about its capabilities YET

                            Thx for mentioning it. Unfortunately, we have some confidential (and up) data on our SharePoint. A third party reverse proxy might (in theory) copy the data using the users session. I'm not saying that Kemp is doing this, but on the other hand ... gov'd firmware on Cisco devices.

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post