After running through all the configuration wizards for DirectAccess there are two steps to putting it all into play. First Apply the Policies and finally Activate the Configuration. Both are necessary steps to complete the deployment of your UAG DA server, but what do they do?
Apply Policies
This will trigger the generation and execution of a powershell script that will create the Active Directory Group Policies that reflects the settings you’ve defined in the various wizards. It links them to the correct OU’s and sets the appropriate security group filtering and let’s you know if it went well or not. Note: This used to be called “Generate Policies” in RTM.
Once the Group Polices are in place, servers and client computers can get the new settings, but there is one more thing to do…
Activate Configuration
The UAG server must have it’s Configuration “Activated” to start using the settings you’ve defined that are not part of Group Policy. If you decided to create a high availability solution with multiple UAG servers this step also would pass the configuration around to other array members so you would not be required to identically configure the other servers manually.
You will be prompted to back up the configuration, just like when you initially ran activation.
When you’re all done, click finish and you are ready to test your DirectAccess client machines.
A Quick Client Test
If you have the option, I would create a Virtual Machine with windows 7 Enterprise and give it two network adapters, one on the Corpnet, one on the same internet connection as the UAG server with it’s own a public IP. Disable the internet nic and test connectivity and process group policy. Then disable the corpnet nic and enable the internet nic. You should still be able to access the Internet and Corporate resources, but now you’r using DirectAccess to reach it over the 6TO4 IPSec tunnel. If it’s not working then you’ll should deploy the Connectivity Assistant as a starting point for troubleshooting.
- Before Getting Started
- IP Addressing the Server
- Installation and Updates
- Certificates, Groups and Prerequisites
- Internal and External DNS
- Network Location Server (NLS)
- Firewalls and TMG Settings
- Config Wizard: The First Time
- Config Wizard: Clients
- Config Wizard: DirectAccess Server
- Config Wizard: Infrastructure Servers
- Config Wizard: End-to-End Access
- » Apply and Activate «
- Connectivity Assistant v1.5
PDF 
Tags: 
7 Responses
Hello. We had a working UAG RTM DA solution up and running.
now after applying SP1 I am unable to activate the config. Also tried clean install. Same failure. Reformated and imaged the whole system. Installed the complete UAG with SP1 package. Still, as soon as the wizard is complete, and I press activate, “DirectAccess could not be activated. The UAG DirectAccess configuration Cannot be loaded. Re-Configure UAG DirectAccess.
Do you have any tips ? There is no
Tommy, did you ever resolve your issue. We are currently doing a proof of concept and get the same error once SP1 is installed. This does not give me confidence that the product is mature for enterprise market.
I’d like to see the entire log from the activation process. Is the TMG Storage service running on the UAG server?
TMG Storage services is defintely running. I know with DirectAccess the configuration is stored in C:\Windows\DirectAccess as an XML file. Where does it get stored when used with UAG. As for the Activation logfile it is pretty lean for DirectAccess as shown below:
February 16, 2011 11:39:11 Information Configuring DirectAccess.
February 16, 2011 11:39:11 Error The UAG DirectAccess configuration cannot be loaded. Re-configure UAG DirectAccess.
February 16, 2011 11:39:11 Error DirectAccess could not be activated.
This just becomes an endless loop. This all worked fine with Update 2 before SP1 was installed.
What about the Microsoft Forefront UAG Configuration Manager service? That might be set to Disabled. Try changing that to Automatic and reboot. If it’s still not working you might want to try uninstalling SP1 and trying again.
http://technet.microsoft.com/en-us/library/gg281603.aspx
Dennis Lee has a post that might also be of help.
http://forefrontdennislee.wordpress.com/2011/01/06/microsoft-forefront-uag-configuration-manager-not-starting/
Thanks I will check that next time I get a chance as I have already rolled back SP1.
Well finally got round to looking at your suggestion with Microsoft Forefront UAG Configuration Manager Service. The service is started and set to Automatic. Just opening the UAG Management console gives the error “An error occurred while loading the configuration. Please configure DirectAccess again”. I reconfigure it without issue. Apply Policy works fine too, but when I select Save I get this same error again.