Once again the UAG product group have worked diligently on releasing a much awaited update for UAG - SP4 Rollup 1
This update includes numerous fixes for the issues we have heard from customers over the last 12 months, plus also some improvements. However, one particular issue is not included in this release, so we thought to share the details on this…
Users from a trusted forest are unable to change their password using the Credentials Management option on the UAG portal page.
E.g., a user from a trusted forest logs into the UAG portal and selects the Credentials Management icon on the toolbar. The user then chooses the “Change Password” option, which displays the password change dialog. After completing the form with their current and new password, the user clicks “Save” to apply the change. However, the password is not changed and the user receives an error message stating, “The password change cannot be applied”.
On the other hand, this behavior does not affect users from a domain within the UAG forest and their password is successfully changed. In this scenario, you may also observe that the “User name:” field appears to display the logged in user’s name as “Repository\username”, rather than “TrustedForest\username”.
The suggested fix is to make a modification to UAG’s LoginChangePassword.inc,so that the domain_name variable includes the user’s respective domain.
It’s not possible to customize the LoginChangePassword.incfile using the standard UAG CustomUpdate mechanism, and therefore it’s required to modify the built-in file using a manual method.
Note:Unless advised by Microsoft support personnel, making changes to core UAG files is wholly unsupported. You should not make changes to these files except under strict guidance set out by the UAG support team, or other exceptions provided through an official channel such as this blog. Applying any future updates or running repairs may overwrite the modified file.
1. Navigate to ..\<UAG_Installation_path>\Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\ and make a copy of the LoginChangePassword.incfile within the same folder
2. Now edit the original file and locate the below block of code…
repository = ""
3. Change this to include the following 6 lines…
repository = ""
######### Below lines added to correct issue post SP4 RU1 ##########
domain_name = user.Domain
4. Save the file and repeat these same steps on any other remaining UAG servers
Support Escalation Engineer - Microsoft Edge Security Team
Sr. Escalation Engineer - Microsoft Edge Security Team