Checking that authentication servers are available

Updated: April 8, 2010

Applies To: Unified Access Gateway

Forefront UAG allows you to control endpoint access to applications and resources published via Forefront UAG, and to configure the frontend authentication scheme for applications that require authentication. It is important that you check that the authentication servers that Forefront UAG requires are available, as and when required.

The Forefront UAG server can communicate with many types of authentication servers, including:

  • Active Directory

  • RADIUS

  • SecurID

  • Netscape LDAP

  • TACACS

When the selected authentication method is not available, users are not granted access to the requested resource. For more information about the different authentication methods supported by Forefront UAG, see Implementing frontend authentication.

Monitoring authentication servers

You can check that the authentication servers that Forefront UAG requires are available, using one of the following methods:

  1. Manually accessing authentication servers; however, this can be time consuming.

  2. Using connectivity verifiers to monitor that there is connectivity to a specific authentication server. You can configure connectivity verifiers that test connectivity to specified required authentication servers, and if connectivity fails, Forefront TMG generates an alert to the event viewer.

    Note

    Connectivity verifiers only confirm that there is connectivity to servers.

To manually monitor authentication servers

  1. From a remote client, open your browser.

    Note

    Vendor’s documentation may include other methods for testing that the vendor authentication services are available.

  2. In the address bar, browse to the public host name that is configured for each trunk. For example, if you created an HTTPS trunk with a public host name of portal.contoso.com, from your browser type: https://portal.contoso.com.

  3. Before loading the portal, if there is connectivity, a screen requesting authentication credentials displays. Successfully logging on to a trunk validates that the selected authentication server for that trunk is functioning.

Note

Vendor’s documentation may include other methods for testing that the vendor authentication services are available.

To configure connectivity verifiers

  1. On the taskbar, click Start, click All Programs, click Microsoft Forefront TMG, and then click Forefront TMG Management.

  2. Expand the Forefront TMG node, click Monitoring, click the Connectivity Verifiers tab, in the right pane, click Tasks, and then click Create New Connectivity Verifier.

  3. Follow the on-screen instructions to create connectivity verifiers for each server whose connectivity you want to monitor. For more information, see Monitoring server connectivity (https://go.microsoft.com/fwlink/?LinkID=184793).

To monitor connectivity verifiers

  1. On the taskbar, click Start, click All Programs, click Microsoft Forefront TMG, and then click Forefront TMG Management.

  2. Expand the Forefront TMG node, click Monitoring, and then click the Connectivity Verifiers tab. If the status indicates connectivity problems, select the Alerts tab to see which server has failed.