The UAG needs a lot of tweaking after you’ve installed it, here is a list of my top 10 things to do to get started:
- Make sure you have SP1 update 1 installed – KB2585140.
- If something is not working (like a Remote Desktop link), run the Best Practice Analyser. This will highlight any issues, like certificate errors that are stopping the application from working.
- Increase the default session timeouts – ‘Inactive session timeout=300 seconds’ and ‘Trigger automatic logoff after 60 mins’. Way to low for most environments. Increase to suit yours.
- Enable access for mobile users – This is disabled by default.
- Customise your portal – Not easy to do, but the sooner you brand it the better.
- Integrate with a two factor authentication product to increase security.
- When adding Active Directory integration update the search root and scope to include the domain only, i.e. the root, enable subfolders and leave nested groups blank so every group in the domain is queried. Takes longer but less hassle for Ops teams.
- Once you have configured authorisation don’t move the groups to another OU in Active Directory or your authorisation will break.
- To clean up the logon page, remove the language bar, deselect ‘Enable users to select a language’ from the Authentication -> Trunk configuration settings.
- Update the language files to customise all the logon and portal text.
And 1 to remember!
- If you are going to modify your Login.asp file make sure when you update the user logon page fields you do NOT use a leading forward slash, e.g. ‘/CustomUpdate/Login.asp’ is incorrect. The correct format is ‘/CustomUpdate/Login.asp’. Read a full outline here
- Check the protocols and encryption available via the best public website checker – http://ssllabs.com
- Install JVM for web monitor in IE – http://java.com/en/download/manual.jsp
- Disable TCP chimney, Receive Side Scaling and Taskoffload to resolve client endpoint issues as per this post: