“Failed to enumerate domains” error while configuring File Access in UAG

by Shijaz Abdulla on 12.02.2010 at 23:55

If you’re trying to enable File Access in Microsoft Forefront Unified Access Gateway 2010, you might encounter the following error when you try to configure “File Access” from “Admin” menu.

image

Failed to enumerate domains
Please Check your permissions

Before we troubleshoot this problem, it’s important to understand how the File Access feature in UAG works. The File Access feature is dependent on the Computer Browser service. The Computer Browser service, as we all know, is used when we try to browse the network using “Network Neighborhood”, “My Network Places” or “Network”.

If the file servers are members of a domain, UAG computer has to be a member on that domain, or on a domain that has trust relationship with that domain.

To fix this error,

  1. Make sure that Network Discovery is enabled on the Internal network connection.
  2. Open Start > Admin Tools > Services.
  3. Make sure the Computer Browser service is not disabled.
  4. Make sure the Computer Browser service is set to Automatic and started.
  5. Open “Network” on the UAG computer, and see if you can browse other computers on the internal network. If not, troubleshoot accordingly. Once you are able to browse the other computers, then UAG File Access will also work.

If you’re still facing problems,

  • take a look at the steps needed in mixed-mode domain environments.
  • if there is a firewall between UAG and the file servers, look at this article

image

Security session at TechEd Dubai

by Shijaz Abdulla on 12.02.2010 at 23:14

I’m doing a breakout session at the Microsoft TechEd in Dubai. Here are the details:

Session: SIA308 – Secure Remote Access with Unified Access Gateway and Direct Access

Track: Security, Identity and Access
Speaker: Shijaz Abdulla
When: Wed, Mar 03, 2010 (13:30 – 14:30) | Breakout Session
Where: Sheikh Maktoum Hall A
Level: 300 – Advanced
Audience: Security Administrator, IT Manager

Here’s what I will be covering:

  • Overview of Microsoft Forefront Unified Access Gateway
  • Overview of DirectAccess
  • Demo: Enabling Windows 7 DirectAccess feature with UAG
  • Unified Access Gateway features: Remote access with SSL-VPN, Secure Application Publishing, Secure File Access, Endpoint security
  • Demo: Unified Access Gateway features

See you there!

teched

UAG error: “A timeout occurred. The 6to4 network interface cannot be enabled”

by Shijaz Abdulla on 06.02.2010 at 09:51

I was trying to configure DirectAccess on UAG in a test environment, and kept getting the above error whenever I tried to activate my configuration.

image

The solution is simple. UAG needs two consecutive public IP addresses assigned on the external network interface. In a test environment, you would sometimes use a private IP range like 10.0.0.0 or 192.168.0.0 for the external interface, which is not supported. Also note, the UAG DirectAccess server cannot be behind a NAT.

Change the IP address on the external interface to a public IP address, and the error will go away! 🙂

Forefront Technology Webcast

by Shijaz Abdulla on 19.01.2010 at 09:03
Next posts >