And hi again.
Today a customer had problems with Forefront AUG Direct Access.
Recently they had renewed CA-Root -certificate and then crl and delta crl -lists got renewed also with name ca-root(1).crl and ca-root(1)+.crl
They are using a internal CA-Root -certificate for IP-HTTPS.
So the problem was that client machines got this error with “netsh int http show int”
So the reason was that crl -lists were indeed published to externally available website, but UAG showed this error message:
“You have attempted to access a restricted. The URL is blocked by on or more Forefront UAG out-of-the-box rules”
And below are the instructions how to allow them.
BUT WAIT! It wasn’t so easy. I didn’t find any out-of-the-box security configuration in the trunk config …
So this must a older version then. Here is the correct way: