Forefront UAG DirectAccess Troubleshooting: Adapter and IP Address-Related Event Viewer Messages

Forefront UAG DirectAccess Troubleshooting: Adapter and IP Address-Related Event Viewer Messages

The following adapter and IP address related events are sent to Windows Event Viewer when a Forefront UAG activation is unsuccessful.

Event ID Message

10089

UAG DirectAccess is configured to use the internal "%1" IPv6 interface. Traffic to other internal IPv6 interfaces will not be forwarded. Remove the following IPv6 addresses %2 from the "%3" internal network interface.

10091

The adapter configured as external-facing is connected to a domain. This interface cannot be used with UAG DirectAccess.

10092

The selected internal IPv6 address %1 cannot be found on this server.

10093

The selected internal IPv4 address %1 cannot be found on this server.

10094

The selected internet-facing IPv4 address "%1" cannot be found on this server.

10095

The selected internal and external addresses were identified on the same network interface "%1".

10096

The selected internet-facing IPv4 network interface %1 does not support IPv4.

10097

The selected second internet-facing IPv4 address %1 cannot be found on this server.

10099

The UAG DirectAccess server must be configured with two, static, consecutive, public, IPv4 addresses, on the Internet-facing physical interface. Configure the IPv4 addresses, and then try again.

10100

The UAG DirectAccess server requires an IPv6 address on the internal-facing interface. Configure an IPv6 address on the internal-facing interface.

10111

The adapter configured as external-facing is not communicating with the external network. Ensure that the adapter is enabled, and that the network cable is connected.

10118

The selected internet-facing network interface %1 does not support IPv6.


10089 - UAG DirectAccess is configured to use the internal "%1" IPv6 interface. Traffic to other internal IPv6 interfaces will not be forwarded. Remove the following IPv6 addresses %2 from the "%3" internal network interface.

 Cause—the Forefront UAG activation, configures the internal interface selected in the Forefront UAG DirectAccess Configuration Wizard with settings such as forwarding enabled and IPsec Denial of Service Protection (DoSP). If more than one internal IPv6 interface is configured, for example if ISATAP was configured in the Forefront UAG DirectAccess Configuration Wizard, and an array node is configured with a native IPv6 address, the Forefront UAG activation does not configure the extra settings on the additional internal IPv6 interfaces and traffic is only forwarded through the internal IPv6 interface specified in the Forefront UAG DirectAccess Configuration Wizard. This is a Warning level event.

Solution— Remove the internal IPv6 interfaces not configured in the Forefront UAG DirectAccess Configuration Wizard so that all internal traffic passes through the specified internal IPv6 interface.


10091 - The adapter configured as external-facing is connected to a domain. This interface cannot be used with UAG DirectAccess.

Cause—If the external interface detects that it can reach a domain controller, it sets the Windows Firewall with Advanced Security Profile to "Domain Profile", which disables the IPsec rules required for the DirectAccess server to receive connections from DirectAccess clients (connection security rules, firewall rules, etc). This event may occur when the external-facing interface was previously connected to the domain, but was later reconfigured so that it could no longer access the domain.

Warning: Serious problems may occur if you modify the registry incorrectly using the Registry Editor or another method. These problems may require that you reinstall your operating system. Modify the registry at your own risk.

Solution 1— Delete the entries in IntranetAuth that contain the external-facing IP addresses:

  1. Ensure that the external interface is not configured on the for the domain network.
  2. Open the Registry Editor to navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\IntranetAuth
  3. Delete all the entries that apply to the external interface - those will be the ones that have the IP addresses assigned to the external interface. For example, if your two external facing IPv4 addresses are 131.107.0.2, and 131.107.0.3, delete the entries in IntranetAuth that contain those IP addresses.
  4. Reactivate Forefront UAG.

Solution 2—Restart the Microsoft Forefront UAG Configuration Manager (ConfigMgrCom) service, and reactivate Forefront UAG.


10092 - The selected internal IPv6 address %1 cannot be found on this server.

Cause 1—When Forefront UAG DirectAccess is configured in an array with NLB and NLB did not create the internal IPv6 VIP before the Forefront UAG DirectAccess activation steps take place.

Solution 1—Reactivate Forefront UAG.

  1. Reactivate Forefront UAG.
  2. If the activation was still not successful:
    1. Check the activation monitor for more specific error messages.
    2. Look in the Windows Event Viewer for NLB specific events.
    3. Look in the TMG alerts for NLB specific events.

Cause 2—When an internal facing IPv6 address is selected and applied in the Forefront UAG DirectAccess Configuration Wizard, and is then changed between applying and activating Forefront UAG.

Solution 2—Ensure that:

  1. The internal-facing adapter is enabled.
  2. The internal IPv6 address specified in the Forefront UAG DirectAccess Configuration Wizard and the IPv6 address on the internal facing network adapter are the same.


10093 - The selected internal IPv4 address %1 cannot be found on this server.

Cause 1—When Forefront UAG DirectAccess is configured in an array with NLB and NLB did not create the internal IPv4 VIP before the Forefront UAG DirectAccess activation steps take place.

Solution 1—Reactivate Forefront UAG.

  1. Reactivate Forefront UAG.
  2. If the activation was still not successful:
    1. Check the activation monitor for more specific error messages.
    2. Look in the Windows Event Viewer for NLB specific events.
    3. Look in the TMG alerts for NLB specific events.

Cause 2—When an internal facing IPv4 address is selected and applied in the Forefront UAG DirectAccess Configuration Wizard, and is then changed between applying and activating Forefront UAG.

Solution 2—Ensure that:

  1. The internal-facing adapter is enabled.
  2. The internal IPv4 address specified in the Forefront UAG DirectAccess Configuration Wizard and the IPv4 address on the internal facing network adapter are the same.


10094 - The selected Internet-facing IPv4 address "%1" cannot be found on this server.

Cause 1—When Forefront UAG DirectAccess is configured in an array with NLB and NLB did not create the external IPv4 VIPs before the Forefront UAG DirectAccess activation steps take place.

Solution 1—Reactivate Forefront UAG.

  1. Reactivate Forefront UAG.
  2. If the activation was still not successful:
    1. Check the activation monitor for more specific error messages.
    2. Look in the Windows Event Viewer for NLB specific events.
    3. Look in the TMG alerts for NLB specific events.

Cause 2—When an Internet-facing IPv4 address is selected and applied in the Forefront UAG DirectAccess Configuration Wizard, and is then changed between applying and activating Forefront UAG.

Solution 2—Ensure that:

  1. The Internet-facing adapter is enabled.
  2. The Internet-facing IPv4 address specified in the Forefront UAG DirectAccess Configuration Wizard and the second IPv4 address on the Internet-facing network adapter are the same.


10095 - The selected internal and external addresses were identified on the same network interface "%1".

Cause—The same the internal and external-facing IPv4 addresses specified in the Forefront UAG DirectAccess Configuration Wizard are configured on the same network interface.

Solution— Ensure that the internal and external IPv4 addresses are configured on the correct network interfaces.


10096 - The selected internet-facing IPv4 network interface %1 does not support IPv4.

 

Cause—IPv4 is disabled on the specified Internet-facing network interface of an array node.

Solution— Enable IPv4 on the specified network interface of the array node:

  1. On the array node, start Network and Sharing Center.
  2. Click Change adapter settings, right-click the connection that you want to configure, and then click Properties.
  3. On the General tab, in This connection uses the following items, select Internet Protocol Version 4 (TCP/IPv4), and then click OK.
  4. Reactivate Forefront UAG.


 10097 - The selected second internet-facing IPv4 address %1 cannot be found on this server.

Cause—When the second Internet-facing IPv4 address is selected and applied in the Forefront UAG DirectAccess Configuration Wizard, and is then changed between applying and activating Forefront UAG.

Solution—Ensure that:

  1. The Internet-facing adapter is enabled.
  2. The second Internet-facing IPv4 address specified in the Forefront UAG DirectAccess Configuration Wizard and the second IPv4 address on the Internet-facing network adapter are the same.


10099 - The UAG DirectAccess server must be configured with two, static, consecutive, public, IPv4 addresses, on the Internet-facing physical interface. Configure the IPv4 addresses, and then try again.

Cause—When a node is added in an external load balancing scenario, and the node is not configured with two static, consecutive, public Internet-facing DIP addresses.

Solution—Ensure that:

  1. Two static, consecutive, public Internet-facing DIP addresses are configured on all the array nodes.
  2. The interface which the IPv4 DIPS are configured on is configured as External in Forefront UAG Network Interfaces wizard.


10100 - The UAG DirectAccess server requires an IPv6 address on the internal-facing interface. Configure an IPv6 address on the internal-facing interface.

Cause—When configuring external load balancing in the Forefront UAG DirectAccess Configuration Wizard, the system validates that the internal facing IPv6 DIP exists on the AMS. When Forefront UAG is activated, if one or more of the nodes is not configured with an internal facing IPv6 DIP the activation fails.

Solution—Ensure that:

  1. Internal-facing IPv6 DIPs are configured on all the array nodes.
  2. The interface which the IPv6 DIP is configured on is configured as Internal in Forefront UAG Network Interfaces wizard.


10111 - The adapter configured as external-facing is not communicating with the external network. Ensure that the adapter is enabled, and that the network cable is connected.

Cause—No communication activity can be detected from the external-facing adapter.

Solution—Verify that:

  1. The external-facing adapter is enabled
  2. The network cable is connected to the external-facing adapter.
  3. There are no communication problems between the Forefront UAG server and its next communications hop. For example, communication between the Forefront UAG server and a switch or router.


10118 - The selected internet-facing network interface %1 does not support IPv6.

Cause—IPv6 is disabled on the specified Internet-facing network interface of an array node.

Solution— Enable IPv6 on the specified network interface of the array node:

  1. On the array node, start Network and Sharing Center.
  2. Click Change adapter settings, right-click the connection that you want to configure, and then click Properties.
  3. On the General tab, in This connection uses the following items, select Internet Protocol Version 6 (TCP/IPv6), and then click OK.
  4. Reactivate Forefront UAG.

 

Leave a Comment
  • Please add 2 and 2 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Maheshkumar S Tiwari edited Revision 4. Comment: Added tags

Page 1 of 1 (1 items)