3 Replies Latest reply on Apr 9, 2020 5:51 AM by j_dubs

    Unified Gateway Deployment Using Powershell

    ukcsr Lurker

      I am deploying UAG 3.9 using the powershell scripts supplied by VMware (as per Using PowerShell to Deploy VMware Unified Access Gateway ), but the scripts don't seem to work with v3.9 of the UAG. The DeploymentOption attribute in the OVA is no longer supported so the sections looking for onenic, twonic of threenic dont work. To get this to work I have modified the uagdeploy.ps1 script to avoid this deployment option. I changed these:

       

      Remove line 201 $ovfOptions += " --deploymentOption=$deploymentOption"

      Remove the switch statement in line 191 and just leave the three nic options

       

      markbenson

        • 1. Re: Unified Gateway Deployment Using Powershell
          chriskoch99 Novice

          I'm deploying UAG v3.9 in one NIC mode just fine with PowerShell.   Are you using the correct version of the PowerShell scripts?  You have to download them on the same page as the UAG .ovf file.  The current version has some code changes compared to others.

          1 person found this helpful
          • 2. Re: Unified Gateway Deployment Using Powershell
            ukcsr Lurker

            Hi,

             

            Thanks for your reply. Yes I've double checked the powershell script and OVA version are from the same location. Could you confirm the version of the OVA you have? The one I downloaded was released on 20th March so is very new, the filename I am using is euc-unified-access-gateway-3.9.0.0-15751318_OVF10.ova

             

            The OVA is just reporting it doesnt support the "DeploymentOption" attribute. If I get some time I'll crack open the OVA and see

            • 3. Re: Unified Gateway Deployment Using Powershell
              j_dubs Novice

              Hi,

               

              We have this working in our environment.  Using the same iso, and latest powershell deploy package.

              We tend to pass in just about every config option we need in the .ini, so here is an example of our [General] section which handles all the network configs.

              This should get you up and running in one-nic mode.  Most of these are the defaults anyway.

               

              [General]

              source=D:\temp\uagdeploy\euc-unified-access-gateway-3.9.0.0-15751318_OVF10.ova

              target=vi://<deploy target in vc>

              ds=<ds in vc>

              diskMode=eagerZeroedThick

              netInternet=<your pg in vc>

              netManagementNetwork=<same pg as above>

              netBackendNetwork=<same pg as above>

              ip0=x.x.x.x

              defaultGateway=x.x.x.x

              netmask0=255.255.255.0

              ip0AllocationMode=STATICV4

              name=<vcenter name>

              deploymentOption=onenic

              forceNetmask0=255.255.255.0

              authenticationTimeout=300000

              fipsEnabled=false

              sysLogType=UDP

              uagName=<uag hostname>

              clockSkewTolerance=600

              syslogAuditUrl=syslog://x.x.x.x:514

              locale=en_US

              tls12Enabled=true

              ipMode=STATICV4

              requestTimeoutMsec=10000

              tls11Enabled=true

              clientConnectionIdleTimeout=0

              tls10Enabled=false

              adminCertRolledBack=false

              ntpServers=x.x.x.x y.y.y.y

              honorCipherOrder=true

              cookiesToBeCached=none

              snmpEnabled=false

              healthCheckUrl=/favicon.ico

              quiesceMode=false

              syslogUrl=syslog://x.x.x.x:514

              dns=x.x.x.x y.y.y.y

              isCiphersSetByUser=false

              tlsPortSharingEnabled=true

              ceipEnabled=false

              bodyReceiveTimeoutMsec=15000

              monitorInterval=60

              cipherSuites=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA

              adminPasswordExpirationDays=<# of days for admin password before expire>

              httpConnectionTimeout=120

              dnsSearch=omers.com

              isTLS11SetByUser=false

              sessionTimeout=36000000

              ssl30Enabled=false

              fallBackNtpServers=x.x.x.x