While fixing some other errors on our UAG 2010 server (enabling Windows 8.1 and Internet Explorer 11 support), I came across a strange error about the backend server certificate. The error I got was:
“An unknown error occurred while processing the certificate. Contact the site administrator”
I connected to the backend server (a sharepoint 2010 server) and checked the certificate. It was a certificate issued by my domain CA and nothing was wrong with it. There was no error if I open the site from within my network but the UAG server was still giving me error.
The solution was to disable the certificate validation and CRL validation on the UAG server. This are the steps you need to do on your UAG server:
- On the UAG Server, open the Registry Editor (Start –> Run –> Type “regedit” and click OK).
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL.
- To cancel the validation check, right-click ValidateRwsCert, select Modify, and change the Value data to 0.
- To cancel the CRL check, right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0.
- Close the Registry Editor
- Activate the UAG configuration to make the change permanent (otherwise, a reboot will revert it)
- If this is applied to a UAG array, the registry needs to be edited only on the array manager. The activation will push it to the other server/s
- Restart the IIS service on the Forefront UAG server. If this is an array, this needs to be done on all members.
After the restart the webpage was again accessible from all devices (mobile, outside the network, domain computers…)