There is an issue that may arise after the installation of UAG Service Pack 3 on Forefront UAG acting as a DirectAccess server. After the installation, DirectAccess clients may not be able to connect to corporate intranet resources which are provisioned with only IPv4 addresses.
This problem occurs because the Microsoft Forefront UAG DNS64 service is not running on the DirectAccess server. This service provides DNS translation of IPv4 A records to IPv6 AAAA records required for DirectAccess client access. During the installation of UAG SP3, this service is stopped and the startup type is set to MANUAL. The service startup type should be AUTOMATIC and the service should be running when DirectAccess is enabled on the UAG server.
After installing UAG SP3 (or UAG SP3 Rollup 1) on a Forefront UAG server acting as a DirectAccess server ensure the DNS64 service is set to AUTOMATIC and started.
J.C. Hornbeck | Knowledge Engineer | Microsoft GBS Management and Security Division
System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/