UAG Portal Home Page Customization – Left Side Menu/Scroll Bar Example

Posted by Ahmed Nabil In | 0 comments»
Microsoft UAG 2010 offers a very flexible way for customizing different pages and settings. The UAG Customization mechanism is deployed using a “CustomUpdate” Folder structure. Under the “Microsoft Forefront Unified Access Gateway” folder tree you will notice that several folders contain this “CustomUpdate” folder, in this folder the UAG admins can create their own Files and place them in the CustomUpdate folder. 

When the UAG is activated it checks these folders first before checking the default folder. Its highly recommended to try all your customizations in this Folder “CustomUpdate” and the main reason is that if things went wrong, you can just delete these files and everything will be back to the default state before customization. Most of the Customization done for the UAG portal is done via the PortalHomePage folder as per attached screenshot.

UAG 2010 Customization Folders

An Example of Customization that I came across lately is the ability to increase the width of the Portal Home Page Left Side Menu. To Increase the Left Side Menu are you need to do the following:

  1. On the Forefront UAG server, open the folder Microsoft Forefront Unified Access Gateway\von\PortalHomePage
  2. Copy the file Standard.Master to the folder Microsoft Forefront Unified Access Gateway\von\PortalHomePage\CustomUpdate.
  3. Go to the Below section and modify the Width Portion <td class="midTopSideBarCell" style="width: 200px;"> then Activate the UAG and test the change.

<td class="contentLeftSideBarCell" id="LeftSideBarCell">
                            <table cellpadding="0" cellspacing="0" class="leftSideBarTable">
                                    <td class="leftTopSideBarCell">
                                    <%-- Folder View Title --%>
                                    <td class="midTopSideBarCell" style="width: 200px;">

This will increase/Expand the left Side Menu however the Bottom scroll bar is not automatically sized according to the main cell, to adjust it to automatically size/fit with the main left area you will need to customize the Office.css (Thanks to Microsoft team) file as follows:

  1. On the Forefront UAG server, open the folder Microsoft Forefront Unified Access Gateway\von\PortalHomePage\App_Themes\Office\Office.css
  2. Copy the Office.css file to the \von\PortalHomePage\App_Themes\CustomUpdate\Office\Office.css
  3. Go to the below section (.SideBarContent) and modify the Width from 165px to 100% as shown below. Activate the UAG and test the change. This will automatically adjust the scroll bar to fit the left area in the portal.

Office CSS side bar content UAG Portal Customization

A very good reference is Technet Article of Customizing the Portal and Ben Ari/Rainier Amara Latest comprehensive book dedicated for UAG 2010 Customization.

Publishing IMAP/IMAPS on Microsoft UAG 2010 – UAG Support Boundary

Posted by Ahmed Nabil In | 0 comments»
Recently several users with BlackBerry phones approached me seeking to access their corporate email on their phones. Microsoft UAG doesn’t support Blackberry service however a workaround to this is using the IMAP to access and download their emails on their Blackberry phones.

Microsoft Highly recommend and Advice all UAG administrators to leave the TMG configuration (Installed by default on the UAG box) untouched. The TMG rules and configuration is controlled and configured by the UAG. The administrators should not use the TMG for publishing applications and other stuff. However there are some exceptions to this strict recommendation and its published in the UAG support Boundaries document. I also checked with Microsoft Support team and they confirmed the IMAP publishing based on this document.

As per the above mentioned document, Forefront TMG can be used to publish IMAP/IMAPS. Attached below is the section dealing with supported configuration on the TMG as per the above document.

TMG supported configuration on UAG

Accordingly IMAP/IMAPS can be published normally from the TMG server (On UAG Box). This will be a simple Server Publishing Rule with the following settings:

  1. Action - Allow
  2. Traffic - IMAPS Server
  3. From - Anywhere
  4. To - Type You Exchange Server IP
  5. Networks - External or DMZ (As per your setting)
  6. Schedule  - Always
Its Highly recommended to use the IMAPS over the IMAP to ensure the traffic is encrypted.

Windows 7 Direct Access Client Troubleshooting – Part 1 – Client Transition Technologies

Posted by Ahmed Nabil In | 4 comments»
During the past few months I was heavily engaged with different DirectAccess implementations and passed by several interesting issues/problems. The Direct Access Wizard is so simple and normally things get working from the first time however sometimes things can go wrong.

In this article series by fdm I will try to go through several troubleshooting items moving from the basic commands to more advanced issues.
First of all we need to ensure that the Direct Access components on the Windows 7 client are running and functioning normally. The basic steps are as follows:

  1. From the Start Menu - Right Click Computer Object – Properties – Device Manager – View (Show Hidden Devices) – Expand Network Adapters – Ensure the “IPHTTPSinterface” and “Teredo Tunneling Pseudo-Interface” are enabled.
  2. From the Services, Check the “IP Helper” service startup type is Automatic and the status is up and running.
  3. IPconfig /all to check which interfaces are up and which interfaces have IPV6 address.
  4. Ensure the Machine is located outside the Corporate Network by running the following command:

          Netsh dnsclient show state

Netsh dnsclient show state

Which Transition Technology is my DA client using?

1.       If the Direct Access client has a public IPV4 address (Assigned to its Ethernet or Wireless NIC) and the IP Protocol 41 is allowed on Company Corporate Firewall/UAG/TMG then the client will connect using the 6to4 Transition Technology
            The Three main Netsh Commands that should be used for Troubleshooting are:
·         Netsh interface 6to4 show state (The State should be Default or Enabled, Disabled means the DA client will never bring 6to4 Interface up)
·         Netsh interface 6to4 show relay (This should list the First Consecutive public IPV4 address configured on the DA server)
·         Netsh interface 6to4 show interface (Displays the Configuration Information)
·         For detailed 6to4 Troubleshooting

Troubleshooting 6to4 interface

2.       If the 6to4 Interface didn’t come up (For DA clients with public IPV4 Addresses) then the DA client will automatically fall back to IPHTTPS Interface connection.
                  The main Netsh command for IPHTTPS is:
·         Netsh interface httpstunnel show interfaces (This will list the IPHTTPS URL and the status were active means the Interface is up and running, deactivated mostly means the DA client is connected using other transition technology)
·         For detailed Direct access HTTPS troubleshooting

Troubleshooting IPHTTPS interface

3.       If the DA client is behind a NAT device then it should connect using Teredo provided that Port 3544 (UDP) is enabled and allowed all the way to the DA Server
                  The main Netsh command used with Teredo is:

·         Netsh Interface Teredo show state (If the state is qualified then Teredo is functioning normally, otherwise there will be a problem mostly with the UDP port blocked)

Troubleshooting Teredo connectivity

4.       If the Teredo didn’t work (Clients behind NAT) then the DA client will fall Automatically to the IPHTTPS option (Step 2)