Most of us might have come across the Error “The UAG Configuration cannot be loaded from Forefront TMG Storage” while trying to launch the UAG Management Console, in multiple scenarios. Recently, I was working on a similar issue with one of my customers and I would like to share my experience on this.
In this scenario, the UAG Server nodes were in Sync and connectivity to the domain controllers was fine.
We verified the server sync status from the UAG Activation Monitor console and tested the Domain connectivity using the command “NLTEST /SC_Query : <DomainName>”. And the Domain Connectivity was fine.
But still we were getting the below error while opening the UAG Management Console:
So, we went to the TMG server console and verified the Network settings. We verified the Internal Network by going to the Internal Network –> Properties –> Addresses (Tab) –> Add Adapter (button).
But we got the following error on the TMG console:
Srvxxxxx in the above Screenshot is the Array node name.
Then after doing some more troubleshooting and digging deeper into it we decided to do a sanity check of the Network configuration of that server. So, we went to the Network Card Properties and started looking at the settings.
Everything looked normal except one strange part. We had the Secondary DNS Server’s IP added twice in the DNS tab of “Advanced” Settings of the TCP/IPv4 Properties:
It looks strange, right? It’s not clear how the secondary DNS Server entry was duplicated.
But, we know for sure that the TMG/UAG code doesn’t like it that way. So we went ahead and removed that duplicate entry of the Secondary DNS Server from there. And after that we did not get any errors while going to the Internal Network Properties of TMG. And we could now open the UAG console as well.
Sunil Nair – Support Engineer, Microsoft CSS Forefront Security Edge Team
Nitin Singh – Support Escalation Engineer, Microsoft CSS Forefront Security Edge Team