UAG Powershell upgrade from UAG 3.2.1 to 3.9.1 fai...

GreenMachine18 · ‎04-10-2020

I created a new text file to use for the powershell scripts (since that is the only way we can get the RSA settings to set correctly for the UAG's)

When I deployed, it has the correct IP address but the hostname is a default uag-XXX name instead of the name I told it to use

I cannot get into the UAG gui to try to change host name.

I am using the PowerShell deployment script that is downloadable from the UAG 3.9 download page.

This could be just an issue from upgrading UAG from way older version to new version. If so please let me know.

ap_idb · ‎04-10-2020

Silly question but....Can you get to the gui via IP?

a_p_ · ‎04-10-2020

When I deployed, it has the correct IP address but the hostname is a default uag-XXX name instead of the name I told it to use

You may add uagName=<hostname> to the .ini file to set the hostname. The "name=" entry is just the UAG's name in the vCenter Server's inventory.

I cannot get into the UAG gui to try to change host name

Please provide some details to help understand what may be the issue.

André

GreenMachine18 · ‎04-14-2020

Yes I can

I just can’t get my RSA settings to… appear? To take the RSA config file… etc

GreenMachine18 · ‎04-14-2020

The uagName= worked....

Now I just need to get the RSA configuration figured out.

It doesn't even have the option to set the auth method to what I want.

And when I go to save the RSA settings under the authentication settings, it gives me an error.

I can not set the Secure auth

I need it to be set to securid-auth

And I dont have the option to set that

It gives me the option for passthrough and SAML

This is what it should look like....

a_p_ · ‎04-14-2020

I don't have access to a UAG at the moment, so I can just guess. Did you already add the RSA secure ID configuration to the UAG Configure RSA SecurID Authentication in Unified Access Gateway? Maybe that's required for additional authentication methods to show up?

The last time I deployed the UAG with RSA, I did this via PowerShell, and included the configuration settings in the .ini file.

André

Shreyskar · ‎04-15-2020

Hi GreenMachine18

To configure RSA with UAG,

the admin UI Configure Manually section, click Select.
In the General Settings Authentication Settings section, click Show.
Click the gearbox in the RSA SecurID line.
Follow Configure RSA SecurID Authentication in Unified Access Gateway

GreenMachine18 · ‎04-15-2020

Yes - well i tried. But it will not let me save the configuration settings.

a_p_ · ‎04-15-2020

What is it complaining about?

Is it about networking (access to the RSA server, remember to open the required network port on the firewall), the sdconf.rec, name resolution, ...?

André

GreenMachine18 · ‎04-15-2020

So what VMware is basically saying is that 3.7 and later can not have a .local in the servers name or DNS Entries. So reason why UAG is failing through PowerShell using RSA Token. Appreciate the feed back from all parties.

Work Around:

So when deploying, do not specify any RSA settings

And then when you’re in the admin UI, add an entry into the hostfile for the RSA and then you can add the conf rec file from there

And that populates the settings I need

First time I have posted questions to the form and appreciate the quick response from everyone.

a_p_ · ‎04-15-2020

You can actually specify "hostEntry#" settings in the .ini file, so that you can do a complete deployment via PowerShell.

Here's a snippet from how I've done this in the past.

~snip~

authMethods=securid-auth && sp-auth

matchWindowsUserName=true

#

# A list of 1 or more /etc/hosts file entries to be added to UAG.

# This is useful if there is a requirement for host name resolution on UAG and DNS is not accessible from UAG.

# The hostEntry list must start at 1 and the list must be incremental and consecutive.

#

hostEntry1=10.10.10.100 rsa-server.domain.local rsa-server

[SecurIDAuth]

serverConfigFile=C:\temp\UAG\sdconf.rec

externalHostName=192.168.2.100

internalHostName=192.168.2.100

~snip~

André

All

UAG Powershell upgrade from UAG 3.2.1 to 3.9.1 fails