I have a strange issue, that I have logged on the Technet forums (http://bit.ly/9ptWzS) and am logging with MS Support shortly
When you login to a trunk with valid credentials, everything works fine, and you get to the site behind the UAG with no errors. However logins with invalid credentials to the domain result in a 500 error page - not the Login.asp page you would expect to see saying "Authentication failed" or similar - but a plain page that just has the ASP 500 error text. Neither is the 500 error page the one that exists in the UAG von folders, and I have disabled IE from showing me a 'nice' version of errors. The URL in IE when the 500 page is showing is:
https://mytrunk.mydomain.com/uniquesig323ea943fa68b62274545754478452/uniquesig0/InternalSite/Validate.asp
The error text on the page is:
"An error occurred on the server when processing the URL. Please contact the system administrator.
If you are the system administrator please click here to find out more about this error."
I have worked my way through from the most obvious, to a full trace at 'Noise' level, IIS logging and Debug mode on UAG (to eliminate rules & security) and I cannot work out why it is happening. I see in the trace that the credentials do not authenticate then I see the 500 page being created. I am expecting that Validate.asp should be triggering an InternalError page if it has a problem, or display Login.asp with 'Authentication Failed' following the credentials fail. However what I see is the error above. If you run a trace on UAG you see:
<trimmed time, cpus etc> [whlcomtrace Validate.asp@0] ERROR:[207] @ [0] @ [1] @ [Validate.asp] @ [0] @ [ERROR: Failed to authenticate the credentials of [MyAD]]
Then lots of function in/outs etc then the 500 page being issued. No exceptions or anything that would indicate a problem
In the IIS logs I can see
2010-07-26 14:01:55 127.0.0.1 POST /InternalSite/Validate.asp |655|ASP_0174_:_80004005|Invalid_Path_Character(s) 6001 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/4.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729) 500 0 0 50
I have done a lot of testing, and it seems to be down to using a login.asp in the CustomUpdate folder.
- If you use a login.asp file in the CustomUpdate folder you get this error (/CustomUpdate/login.asp in the trunk advanced settings)
- If you use login.asp in the normal folder you do not get the error (login.asp in the trunk advanced settings)
- You can use an exact copy of login.asp from the InternalSite folder in CustomUpdate and it does this, same with the version from the samples directory
- If I put my customised, rewritten login.asp in place of the original one in the InternalSite folder (just to test!) it does not happen
- Thus it is not a coding issue as such, definitely not one caused by any changes to the file
I have replicated this on another identical server, with a freshly created trunk.
Both the test and 'live' boxes are running UAG2010 with Update 1
I will post any solution that solves this issue
_____________________________________________________
Update - Microsoft have come back with an answer....the problem was the leading / before CustomUpdate. It causes a problem internally. If you remove the initial / it works properly. Bizarre. Full summary of the fix:
To change the default page designs in UAG, you place updated versions in the CustomUpdate folder. In order to get a trunk to use these files, you enter them in the Authentication tab in the trunk config. However, beware of the inconsistent use of slashes. For the User login page, the format is CustomUpdate/mylogon.asp (replace mylogon with your file name)
For the Logoff page, it is /InternalSite/CustomUpdate/mylogoff.asp
The error message pae is the same as the logoff pageNote *no slash* on the logon page. Thanks (again) to MS support for figuring that one out for me!
1 comment:
Thanks for that! I had the exact same problem and this post helped me!
Post a Comment