Another UAG 2010 issue that we came across!!
By default, true UPN logon (e.g. username@domain.com) is not enabled when logging onto a UAG trunk. As a result, we had a site with UAG 2010 enabled and an SSL Portal presenting OWA and Sharepoint out to the internet. We had SSO configured for AD authentication.
When we would logon to the SSL Portal with a standard username such as kevin.greene, then OWA and Sharepoint would work fine. When we attempted to logon to the portal with a UPN such as kevin.greene@domain.com, then the OWA application would work fine, but the Sharepoint app would present us with a 'Permission Not Granted' error message and would proceed no further. When we monitored the UAG Web Monitor, we found that UAG was processing the UPN logon as domain\kevin.greene@domain.com and when Sharepoint attempted to read this logon string, it didn't want to know about it!!!
We found this on Microsoft's Technet site that pointed us in the right direction to resolving the UPN logon issue:
http://technet.microsoft.com/en-us/library/ee809087.aspx
If you take a look at the section that describes the 'TranslateUPN' registry key, there are 5 steps to follow that will enable UPN logon to pass through correctly to the Sharepoint server.
Hope this saves someone else out there some time on site!!
Kevin Greene's IT Blog. This is a blog about all things Cloud and Datacenter!
Showing posts with label UAG UPN Logon. Show all posts
Showing posts with label UAG UPN Logon. Show all posts
Tuesday, September 14, 2010
Subscribe to:
Posts (Atom)