I administer a Windows 2008 R2 Active Directory Domain.
All was good, all worked OK.
Came to install Exchange 2010 and found the missing “Document” functionality (but I don’t like to talk about this!).
Made a decision to implement UAG 2010 with SSO for OWA along side File Access and access to Remote Apps (RDS).
Followed recommended guides for setting up UAG with SSO but was always prompted for Username and Password when accessing OWA.
Upon further investigation and coming across this document;
http://technet.microsoft.com/en-us/library/bb676377.aspx
I discovered I did in fact have a Disjoint Namespace.
DNS Domain Name : name.local
Primary DNS suffix : name.local
NetBIOS domain name : name_nt_dom
Now as you can see the NetBIOS domain name dates back over 12 years to when the NT Domain was created and the user accounts were migrated over from a Novell 4.12 network (a.k.a. The Good Old Days!).
All was fine and dandy until I came to SSO through UAG for OWA (acronyms.com).
I then followed the instructions here;
http://technet.microsoft.com/en-us/library/aa998420(EXCHG.80).aspx
and using ADSI Edit changed the domain properties of msDS-AllowedDNSSuffixes
Steps;
- Open ADSI Edit
- Connect to a Domain Controller
- Under Default naming context, Right Click “DC=name,DC=local”
- Select Properties
- In “Attribute Editor”, highlight “msDS-AllowedDNSSuffixes” and click “Edit”
- In “Value to add:” type in your DNS Domain name “name.local” and click “Add”
- Again in “Value to add:” type in your Netbios Domain name “name_nt_dom” and click “Add”
Images;
Now you will need to wait a decent amount of time for these changes to propogate across your domain DC’s (get a brew or something!).
I also carried out a re-boot on the UAG server just to be on the safe side.
After all this my UAG SSO now works with OWA, File Access and Remote Apps.
Hope this helps anyone else having the same issues.