IPSec / SSL VPN, Security

Microsoft UAG – Invalid External Port bug

René Jorissen on November 2, 2011 4 Comments • Tags: #2010 #a #access #activated #address #be #cannot #choose #different #due #external #following #forefront #gateway #invalid #microsoft #port #sp1 #the #to #uag #unified

Last week I have installed a Microsoft UAG array. I installed Microsoft ForeFront Unified Access Gateway 2010 including Service Pack 1. When using an array configuration you have to deploy Microsoft’s Network Load Balancing (NLB) for redundancy and load balancing purposes. I configured NLB with multicast and IGMP support. I had configured some HTTPS trunks and some HTTP trunks for http-to-https redirection.

Everything was working perfectly and I decided to install the update KB2585140 (ForeFront UAG SP1 Update 1). The main reason for installation was the introduction of SharePoint 2010 with Office Web Apps and Lync web services publishing.

The installation process was easy and completed without any errors. I noticed that after installing the update I couldn’t activate any configuration changes. Everything I hit Activate I receive the following error message:

uag-error-update1

The Activation works again by deleting all HTTP trunks and only use HTTPS trunks. The customer started a support call with Microsoft and Microsoft acknowledges this behavior when installing the update on an array configuration. At first Microsoft advised to “break” the array and use a stand-alone server deployment. If that isn’t an option we should uninstall the update. We are told that the current configuration will get to the configuration state prior to the installation.

This morning the customer received another e-mail from Microsoft stating at more and more calls were logged with the same issues. The issues now has the highest priority for the Microsoft UAG developers. Microsoft couldn’t tell when the issue will be fixed, but I guess very soon.

So when using a Microsoft UAG array configuration DON’T install Microsoft UAG SP1 Update-1.

The following two tabs change content below.
My Twitter profileMy LinkedIn profile

René Jorissen

Co-owner and Solution Specialist at 4IP Solutions
René Jorissen works as Solution Specialist for 4IP in the Netherlands. Network Infrastructures are the primary focus. René works with equipment of multiple vendors, like Cisco, Aruba Networks, FortiNet, HP Networking, Juniper Networks, RSA SecurID, AeroHive, Microsoft and many more. René is Aruba Certified Edge Expert (ACEX #26), Aruba Certified Mobility Expert (ACMX #438), Aruba Certified ClearPass Expert (ACCX #725), Aruba Certified Design Expert (ACDX #760), CCNP R&S, FCNSP and Certified Ethical Hacker (CEF) certified. You can follow René on Twitter and LinkedIn.
My Twitter profileMy LinkedIn profile

Latest posts by René Jorissen (see all)

  1. Nick says:
    November 28, 2011 at 11:05 am

    Any update from MS on this issue, we have it also.. How do you uninstall the update, is it possible?

  2. René Jorissen says:
    November 28, 2011 at 11:12 am

    The customer received an “unofficial” update. This fixed the problem. I guess the best option is to contact support.

  3. Pavel Aleman says:
    February 18, 2012 at 4:24 am

    Hello,
    I have this issue, I’ve installed the roll up 1 but still have the problem. I’ve deleted all the trunk and disable Direct Access and still it’s impossible to activate the UAG cluster. Any idea or update could be great for us.

    Thanks so much

  4. René Jorissen says:
    February 18, 2012 at 8:52 am

    Dear Pavel,

    I had to delete all the HTTP trunks to get the UAG going. I would suggest to create a support call at Microsoft. My customer did so and he received an update to fix the problem.

    René

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.