A New Tech Talk Show–Security Talk with Yuri Diogenes and Tom Shinder

Yuri Diogenes and I have worked together on a number of projects over the years – last year we published three new books on TMG, UAG and Forefront Security for Exchange. You can find more information on these books on Yuri’s blog at http://blogs.technet.com/b/yuridiogenes/archive/2010/07/08/new-forefront-books-by-microsoft-press.aspx We also worked together on the TMG Firewall Administrator’s Companion which…

4

A Solution to the “Forwarding on the 6to4 Interfaces Cannot be Enabled” Error

Ben Ari posted an answer to the Forwarding on the 6to4 Interface cannot be enabled error that you might see when you try to activate the DirectAccess configuration on the UAG DirectAccess server. When you activate the configuration, it will look something like this:   Check Ben’s blog post at http://blogs.technet.com/b/ben/archive/2011/01/27/forwarding-on-the-6to4-network-interface-cannot-be-enabled.aspx for the reason and…

0

URL and Antivirus Filtering for DirectAccess Clients

The question on how to handle DirectAccess clients and Internet security for those clients is always a popular topic. As I’ve mentioned many times in this blog, the overall threat and management profile of the DirectAccess client should be little different than a client that is on the intranet. However, there is one major difference…

19

Does Removing ISATAP for the DNS Block List Impact Security?

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names…

0

IPv6 and DirectAccess Troubleshooting Cheat Sheets

What would you be willing to pay for a really cool IPv6 and DirectAccess troubleshooting cheat sheet? $5? $10? $100? ONE HUNDRED BILLION DOLLARS? Would you pay one hundred billion dollars for these cheat sheets? Since these cheat sheets are priceless we’re going to give them away. Thanks to DirectAccess guru and all around good…

2

Choosing Between Forefront TMG or Forefront UAG for Publishing Scenarios

Your first decision when planning a publishing solution using Forefront TMG 2010 (TMG) or Forefront UAG 2010 (UAG) is to determine which of the two products best fits the needs of the deployment. Both TMG and UAG can securely publish Exchange, SharePoint, Terminal Services and web-based line of business applications to the Internet. However TMG…

5

Serving Up Quality Content on the TechNet Wiki–The TMG Troubleshooting Survival Guide

There’s a continuing debate in the IT Pro community whether or not you can host quality content on a wiki. If you don’t know what a wiki is, it’s a platform where anyone can post content and then after the content is posted, anyone can edit it. Seems like a good idea, since IT Pros…

0

DirectAccess Gets Positive Comments in The Register

From what I hear, this year is going to be the year where we see the wave of enterprise Windows 7 rollouts take place. While I’m not sure how these assessments are made, it makes sense from where I sit. Windows 7 Service Pack 1 has been released and end users, admins and the media…

1

Heads Up on New Contest for Forefront Security Enthusiasts

Many of your might know my friend Yuri Diogenes from the great work he’s done over the years for ISA Server and the TMG firewall. Yuri has spent the last several years working in the CSS Security Team, and most of his work was focused on Forefront products. Last Month, Yuri moved from the support…

0

DirectAccess – More Information on the “No Usable Certificate(s)” 0x103 Error

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive/2011/02/21/another-cause-of-the-no-usable-certificates-s-0x103-error.aspx#3415408 we’ll expand on the explanation for the reason why the computer certificate isn’t included in the NTAUTH store on the UAG DirectAccess server. In the second link noted above, we discovered that…

1