Quantcast
Channel: Forefront Edge Security – DirectAccess, UAG and IAG フォーラム
Viewing all articles
Browse latest Browse all 1485

Publishing a farm of HTTPS only-servers using UAG

$
0
0

Hi guys, I'm in desperate need of some help here. I've worked a lot with TMG, but I'm quite new to UAG so bear with me:

The scenario:
I need to use UAG to publish a web farm of ADFS servers. This is related to a Office365 implementation, and has nothing to do with the ADFS-integrations in UAG. I simply need to publish a web farm. Now, ADFS 3.0 (or 2.2 or whatever it's called in Windows Server 2012R2) is a bit weird, as it doesnt use IIS. Instead, it registers itself in http.sys, and from my testing I've found that it ONLY responds to requests with the correct hostname. So, If my ADFS farm is configured with for instance "adfs.mycompany.com", the server will simply not respond to requests to its servername (https://MyAdfsServer01).

Related to UAG, this is not a big problem when publishing a single server. I can use the hosts file on the UAG server to map the adfs farm address (adfs.mycompany.com) to the IP address of the ADFS server. However, the problem is that I'm trying to publish a farm of two adfs servers. The only way I can get this working in UAG, is to use the host file to "trick" UAG into sending the correct host header to the backend ADFS server, like this (see pic), which of corse won't work with multiple backend servers:

This is my testlab, where "testhost1.hindenes.com" is the name the ADFS server will respond to, and 172.16.10.11 is the ADFS server's IP address.

If i replace the server name in the "addresses" tab with the ip address of the ADFS server, UAG stops sending the correct hostname to the backend ADFS server, and all goes to shit.

So, here's the problem:

As far as I can see, both farm verification and actual traffic gets sent to the hostname of the server, and not the "farm hostname" specified in UAG.

Am I out of luck, or did I forget to configure something?



Viewing all articles
Browse latest Browse all 1485

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>