UAG Direct Access IP-HTTPS fail with SAN Certificate

Posted by Ahmed Nabil In , , | 2 comments»

Lately I passed by this issue with a client trying to implement the UAG Direct Access using UCC SAN (Subject Alternative Name) Certificate. The Problem was that the Direct Access IPHTTPS URL name “” was not the common name of the Certificate (The common name was  Microsoft recommends either Wildcard certificate or normal HTTPS certificate for the DA name. If you don't have other option but the SAN certificate then Its recommended to have the Common name matching the Direct Access IPHTTPS URL otherwise a manual work around should be done on both the UAG server and the UAG client.

UAG Server

The Direct Access URL should be adjusted manually on the UAG server using the Netsh command as follows:

Netsh Interface HTTPStunnel Set Interface
Then run
Netsh Interface HTTPStunnel show interface

Netsh Interface HTTPStunnel show interface

UAG Client

The UAG clients/OU (according to your setup) GPO need to be modifed manually to add the Direct Access URL.
Computer Configuration/Policies/Administrative Templates/Network/TCPIP Settings/IPv6 Transition Technologies/IP-HTTPS State

IP-HTTPS State Group Policy

Make sure to update the GPO on the client (GPupdate /force) and activate the UAG configuration.



Anonymous Says:

Its key trigger information about SAN Certificate at UAG direct access IP https. We really want to appreciate your efforts and we would like to add your this information in our SSL eduction, I wish you blog will aid our SSL education users. Thank you so much for sharing with us a key trigger information about SAN certificate at UGA.

SAN Certificate


Amazing Quotes Says:

Very Nice And Interesting Post, thank you for sharing
Inspirational Quotes - Gym Quotes
Best Quotes - Success Quotes
Positive Life Quotes - Image Bank
Future Quotes - Excellence Quotes
كلام جميل - Keep Smiling Quotes

Post a Comment