FIX: "You do not have permission to view this folder or page" error when you try to access a web application published by UAG 2010 SP1

Symptoms

Consider the following scenario:

You have a web server that is running Apache with Tomcat.
You publish the Tomcat web application through Microsoft Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 (SP1) by using a generic web application template.
You configure UAG 2010 SP1 to perform single sign-on (SSO) with Kerberos constrained delegation to a back-end web application.
After you log on to the UAG portal, you try to access the Tomcat web application that is published.

In this scenario, you may receive an error message that resembles the following:

You do not have permission to view this folder or page.

This issue can occur if the web application is configured to use SPNEGO authentication, and UAG does not process the response.

To resolve this issue, follow these steps:

Install the rollup package that is described in the following Microsoft Knowledge Base article:
2647899 Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1
Create the following registry entry:

Subkey HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\eGap\von\UrlFilter
Name KCDIgnoreNewProvider
Type REG_DWORD
Value 1
At a command prompt, type IISReset, and then press Enter.
Start the UAG 2010 configuration.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Keywords: kbnotautohotfix, kbexpertiseinter, kbbug, kbsurveynew, kbqfe, kbfix, kb

Article Info

Subkey	HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\eGap\von\UrlFilter
Name	KCDIgnoreNewProvider
Type	REG_DWORD
Value	1