Resources For IT Professionals
Post an article
Wikis - Page Details
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  Forefront UAG: Troubleshoot Forefront UAG with AD FS 2.0 Activation Errors

Forefront UAG: Troubleshoot Forefront UAG with AD FS 2.0 Activation Errors

Forefront UAG: Troubleshoot Forefront UAG with AD FS 2.0 Activation Errors

When you use Forefront Unified Access Gateway (UAG) with Active Directory Federation Services (AD FS) 2.0 authentication, you may encounter a number of errors when activating the configuration in the Forefront UAG Management console.

The following table provides links to troubleshooting topics for the errors that you may encounter:

Wiki topic title Forefront UAG error message

Forefront UAG Troubleshooting - The AD FS 2.0 application does not allow unauthenticated access

 The AD FS 2.0 application 'application_name' in trunk 'trunk_name' is not configured to allow unauthenticated access. This is required when using federated trunk authentication.

Forefront UAG Troubleshooting - The application uses KCD for SSO, but no claim type is provided

 The application 'application_name' in trunk 'trunk_name' is configured to use Kerberos constrained delegation for single sign-on. Select a claim type that is provided by the authentication provider for Kerberos constrained delegation.

Forefront UAG Troubleshooting - The AD FS 2.0 authentication server is used in more than one trunk

The AD FS 2.0 authentication server 'authentication_server' is used in more than one trunk: trunk_list. Configure Forefront UAG to use the AD FS 2.0 authentication server in one trunk only.
Forefront UAG Troubleshooting - The application uses authorization rules based on claims from the wrong trunk authentication server The application 'application_name' in trunk 'trunk_name' uses authorization rules based on claims from authentication servers that are not configured for trunk authentication. Remove these rules from the application configuration.
Forefront UAG Troubleshooting - The application uses authorization rules based on claims that are not provided by the authentication server The application 'application_name' in trunk 'trunk_name' uses authorization rules based on claim types that are no longer provided by the authentication server. Update the authorization rules using available claim types.
Forefront UAG Troubleshooting - The trunk contains applications that have the same public host name and path

The trunk 'trunk_name' contains applications that have the same public host name and path. Configure unique public host names and paths for these applications:
Forefront UAG Troubleshooting - Do you want to associate your current AD FS 2.0 application with the authentication server?

An AD FS 2.0 authentication server is used in trunk 'trunk_name'. The authentication server should be associated with an AD FS 2.0 application to provide automatic management of the AD FS 2.0 application. You can associate your current AD FS 2.0 application 'application_name' or you can create a new AD FS 2.0 application. Do you want to associate your current AD FS 2.0 application with the authentication server?
, , , , , , , [Edit tags]
Leave a Comment
  • Please add 1 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (2 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 4 Mar 2011 11:17 AM

    Ed Price MSFT edited Revision 2. Comment: Title and tag updates.

  • Posted by
    on 10 Sep 2013 11:20 PM

    Maheshkumar S Tiwari edited Revision 3. Comment: Added tags

Page 1 of 1 (2 items)