I found some spare time this week to work my way through chapter two and get my UAG up and running in the lab. Even though the install most of UAG’s install is a next > next > next > finish type install it’s important to understand what the screens say and know what you are doing so don’t skip it.
Despite the simple and straight forward install I still ran into an issue during install not really covered by the book so read-on, you might end-up needing this info.
- What I loved:
In a chapter like this visual referencing is important as an image often says more than 100 words and they really come through on this. The whole install is neatly screenshot in the book and each setting explained.
- The install checklist and post install verify list are great to know what you need to do before and can check after the install.
- A very clear overview is given of all the different components that will be installed by the setup and indicating an ETA of install for each component.
- Very illustrated overview of the second faze of the install, the getting started wizard and again each setting explained to the level you expect and gives confidence you know what you are clicking.
- What I missed:
- We know what’s being installed like the SQL, Ajax,.. and even how long each component on an average takes but a tee bit more insight into the different components and what UAG uses them fore will help when things go wrong so you know what to check. Just knowing a bit of what the ISATGCTRL does could point you in the right direction of checking this service is running if X or Y is not doing what you expect. I don’t know if it’s possible but an addition to the verify overview indicating what breaks if X is not working would be nice.
- Surprising for me to see was the ever old debate of domain vs workgroup where clearly the WG edition is being promoted as more secure. This does conflict a bit with what I read many years ago in the ISA books and what we have been promoting for so long => domain join is better. Of course this will always be a tricky thing to answer and I guess the real answer is chose what best works for you but I definitely don’t believe domain joining is in any way less secure than WG.
- In the trouble shooting section there are some common know issues mentioned and that great, the only thing I was missing here (apart from the below error I had) was a reference to the install log. TMG during install does some very extensive logging through the windows installer interface and outputs it all to the %windir%\temp (click for more info). Of course I don’t know if UAG has this type of log location but if it does i would expect it in this chapter and as TMG is a core UAG component some mention of these files would have been nice. When thing go wrong you need somewhere to find out why and most of all that is done is logged somewhere we just don’t generally know where.
- My install error:
To my surprise however the install did not go as expected despite following the book to the letter. I ended up with an error during the very first step of the install and the book had given no info on this situation or where to look so. I ended up using the Bing to find the answer.
After inserting the ISO into my Virtual system and hitting the install UAG on the splash screen I got the following nasty message on the screen
After reading on the internet it seems this is a know issue and can have a number of different reasons: NIC mis-config , RDP issues,…
I was installing the server through RDP as this method is mentioned throughout the book and should work fine. I had followed all the checklists to the letter so had no idea why this was happening. In any case I logged of the RDP and went in through the remote console and sure enough the error was gone and install ran exactly as in the book.
After the install however I was faced with a second challenge but luckily this hit my trusted TMG field and I knew exactly what was going on: “When you install TMG using RDP an allow RDP system policy is automatically activated, however if you go through the console this rule is not created. End result was a UAG box I could not reach to configure through RDP :-(
As I was told by the book not to change config straight in the TMG interface I explored the UAG interface to find how I could enable RDP without success. To be quite honest I didn’t really expect to find it but had a quick poke just for the sake of it. In the end I went down to the TMG interface and reconfigured the system policy and sure enough, problem solved. And my system was ready for chapter 3 ;-)
Stay tuned for a quick rap-up of the third and currently final published chapter.