1. In order to setup Microsoft Forefront Unified Access Gateway (UAG) for SharePoint 2013, you first have to setup a virtual machine for SharePoint 2013
a. The first thing we must do is open the Console program from this machine, add new Snap-in that is Certificates (select ‘Computer account’ option from the previous screen):
After Certificates has been added successfully, we need to import the certificates file for the ‘Personal’ branch copying the existing certificates file. Keep the default settings for the next screens, and then check to see that certificates has been added clicking on the ‘Certificates’ branch below ‘Personal’ before finishing.
b. Next we must configure alternate access mappings in Central Admin. Make sure the port you want to configure is correctly changed from ‘Alternate Access Mapping Collection.’
First we ‘Edit Public URLs’ and enter the site in the ‘Internet’ field using https as with the previously imported certificates.
And then ‘Add Internal URLs’: enter the same Publish URLs with http and choose the ‘Internet’ option for the ‘Zone’ drop-down list:
c. The last item for this machine is to add new site binding for the port which you want to configure. Choose https for Type, enter IP address of this virtual machine, enter the names of the above URLs, and choose the correct certificate:
That’s all for the SharePoint machine.
2. Next we’ll setup a virtual machine for Forefront Unified Access Gateway
a. Repeat step 1a
b. Use the Administrator user to add another domain user, and then log on as this user. Install the ‘MS Forefront unified access gateway’ program and then restart machine -> installing is completed
Now we configure for Forefront Unified Access Gateway running ‘Forefront Unified Access Gateway Management’ from ‘All Programs’. We must run three steps the first time you use UAG management. Check ‘Internal’ column, add range IP address while running step1. For Step2 and Step3, keep the default:
Enter password with policy and then click the ‘Activate’ button to complete.
- c. Now Forefront Unified Access Gateway Management is ready and we will create a parent site and child site to access
- With the parent site, we’ll do as below: create an Https trunk from the ‘HTTPS Connection’ branch.
Choose the ‘Portal trunk’ option and uncheck the checkbox for ‘Publish Exchange applications via the portal’ (if checked):
Enter ‘Trunk name’ and ‘Publish host name,’ which is the site name of the parent site. IP address is Forefront Unified Access Gateway machine IP:
Click the ‘Add’ button to add a new server. Enter ‘Server name’, ‘Define’ domain controllers, enter User and password for ‘Server access,’ and name for ‘Domain,’ and keep the default for the screens which follow until finishing. Note that clicking on the ‘Settings’ button on studio provides an update/save all configuration:
Add host file with IP is Forefront Unified Access Gateway machine with parent site name. Run it as https link: https://bad.ndkhoi.com and check to see that it logs on successfully:
- With the child site, we ‘Add Application’ from the created Forefront Unified Access Gateway name:
Choose the ‘Web’ option, and select ‘Microsoft SharePoint Server 2010’ (version 2013 has not updated yet) – it’s is then added site to the parent site:
Enter a title for the child site, and select ‘Microsoft SharePoint Server 2010 Upload/Download’ for ‘Upload/ Download policy’ (version 2013 has not updated yet):
Enter the IP of the SharePoint machine and ‘Publish host name’ to link to the child site:
Add Authentication servers and select existing server, check on ‘User SSO’ checkbox and ‘Next’ for the remaining screens to finish. Note that clicking on the ‘Settings’ button provides an update/save all configuration:
Add host file with IP is Forefront Unified Access Gateway machine with the parent site name. Run https://good.ndkhoi.com (child site) clicking the link from the parent site or run a direct link with https://good.ndkhoi.com and check to see that it logs on successfully.
3. FINISH
* For SharePoint 2010, we repeat all steps as SharePoint 2013; it’s the same process.