Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Trunk authentication fails when the global catalog server is unavailable in Forefront Unified Access Gateway 2010

Trunk authentication fails when the global catalog server is unavailable in Forefront Unified Access Gateway 2010

View products that this article applies to.

Symptoms

You configure Microsoft Forefront Unified Access Gateway 2010 to use the Use local Active Directory forest authentication option. In this case, Forefront Unified Access Gateway detects and uses only a single global catalog server in the forest to query for existing domain controllers during trunk authentication.

If this global catalog server is offline or otherwise unavailable, Forefront Unified Access Gateway will not detect this condition and becomes unable to locate domain resources for authentication. Trunk authentication by using this local Active Directory forest authentication repository option continues to fail until the server is restarted, and a different global catalog server is detected.

↑ Back to the top

Cause

This problem occurs because, in order to perform Active Directory Domain Services (AD DS) forest authentication, Microsoft Forefront UAG User Manager (the UserMgrCom service) performs a Domain Name System (DNS) query for the Active Directory _gc srv records. The UserMgrCom service does this to find an available global catalog server, based on the authentication repository forest configuration. After a global catalog server is selected, and the connection information is cached, the UserMgrCom service does not perform any additional query or create a new global catalog server connection until the service is restarted.

↑ Back to the top

Resolution

To resolve this problem, install Service Pack 4 for Microsoft Forefront Unified Access Gateway 2010.

↑ Back to the top

Workaround

To work around this problem, manually restart the UAG User Manager (the UserMgrCom service) to start a new global catalog server query and connection if the original global catalog server is no longer available.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

References

See the terminology Microsoft uses to describe software updates.

↑ Back to the top

Keywords: kbqfe, kbfix, kbexpertiseinter, kbsurveynew, kbbug, kbnotautohotfix, kb

↑ Back to the top

Article Info
Article ID : 2909151
Revision : 1
Created on : 1/7/2017
Published on : 11/27/2013
Exists online : False
Views : 257