File Access is one of the most useful but also most misunderstood technologies in Unified Access Gateway. It was an application that was built into UAG predecessors E-GAP and IAG. The application was created arguably in a time where internal firewalls, blocking NETBOIS traffic and personal client side firewalls and antivirus were not considered a security standard. With that said, we need to keep that in mind when we start troubleshooting File Access in UAG.
If you reached my blog post then I’m assuming by now you know that File Access requires domain membership. I am also assuming that you’ve installed UAG Update-1+ and maybe read some other blogs and forums.
So let’s discuss the most common error. “Failed to enumerate domains, Please Check your permissions”. I’ve came across a lot of great topics that mentioned fixes and problems… but what if the fix mentioned doesn’t work? This is where my blog post comes in and tries to provide additional input because I will explain the topic in terms of “non-UAG” talk.
Are you able to browse to \\servername\ But, when you go under “My Computer” >> “Network” and nothing shows up?
First and foremost, let’s rule out any firewalls, network or environmental issues. Take a Windows-XP laptop and assign it a static IP address that’s the same as UAG’s internal IP. You should add the default gateway or copy UAG’s static routes. Pull out the network cable that is plugged into the LAN adapter of the UAG server and plug it right into your laptop. Fight off anyone that tells you to use a different cable etc… we need a 99.9% identical test with the only exception being the UAG server. Try to browse to My Network Places; if it fails then there is certainly something on the network. Apply the unofficial 15 minute IT waiting rule after plugging in the cable if you’d like.
If the Windows XP laptop is able to browse to network places then the problem most likely exist on the UAG server. Between TMG, corporate hardening, appliance hardening, group policies and so forth, there are many things that could be the root of the problem.
I will be discussing the “Computer Browser” service. This service is one of those services that are considered required for File Access. However, on more than one occasion, I’ve published File Access successfully without this service running. With that said, let’s troubleshoot how to start this service and keep it running. You can start this service by going to the “services mmc” >> “Computer browser” >> click “run”. But what happens if the service stops running after 3 to 60 seconds?
Goto “Network and Sharing Center” >> “Change Advanced Sharing Settings” >> under “Public (current profile)” >> Enable “Turn on file and print sharing”. Believe it or not, this option controls whether or not the Network Browser service can stay running or not.
Consider applying the 15 minute waiting rule if this doesnt work right away.
I hope after reading my blog you can successfully enumerate the domains and start publishing your shares!