Assuming you did not encounter any errors during setup, you can easily check your installation from the Start menu. You should see four new items:

You can also open the Services administrative tool and see the new services which have been added:

As you can guess, not all of them directly belong to UAG, but they are necessary. For example, the Network Policy Server is a service that allows for health checking of client computers which connect to the UAG server. This check allows the organization to block access to computers which do not meet the organization's security standards, thereby protecting the entire network from computers which may contain harmful software such as back-doors or worms.

Before you can start publishing applications on the server, you need to configure some basic settings, and that is done with the Getting Started Wizard. It will launch automatically once you start the Forefront UAG Management console, which you can find under Microsoft Forefront UAG on the computer's Start menu:

When you launch the wizard, you will see a notification about the application being configured for the first time, and that typically takes about a minute or two. Then, the Getting Started Wizard appears, with 3 steps:

The first step is configuring the network settings. This wizard will show you a table with the network cards that are configured on the server. If you are installing a version of UAG that precedes SP1, you will also see an additional card named SSL Network Tunneling, which you should ignore. On this page, click on the appropriate table cell to choose which of the adapters will be Internal and which External, shown in the following screenshot. If you had not taken the time to rename your Network Cards earlier, this might get a bit confusing. If that's the case, you can either open the Network management console or check which is which, but you could also close the wizard by clicking Cancel, and then rename the cards.

When you launch the UAG configuration console again, it will launch the wizard again.

If the SSL Network Tunneling adapter is present, it is supposed to remain Unassigned, so leave it at the default, and click Next. If you have left one or more of the Network Cards with a dynamically assigned (DHCP) configuration, you will be warned by the wizard at this stage. You can continue despite this, but again, we strongly recommend against that, even on a temporary basis.

The next page is where you can define the exact IP ranges of the internal network. This is one of the most critical steps in the installation, as a mistake here can cause the server to go berserk. For example, if you forget to include the range which your Domain Controller belongs to, this will cause TMG to block access to it, thinking it is "External", and then, you won't even be able to open the UAG management console again. If you have configured your networking correctly, UAG should be able to detect the appropriate ranges on its own, and suggest them on this page. Are you using a virtual machine? If so, this would be a good time to pause and take a Snapshot of the server. We can't stress enough the importance of setting the correct internal ranges, so if you feel that your TCP/IP or Subnetting skills are rusty or not up to speed, you might consider involving a senior Network engineer, or refreshing yourself on that topic before continuing.

The next wizard page summarizes the settings you have selected, and also reminds you that finishing the wizard might cause a network disruption that would terminate a remote session and may force you to physically go to the server to continue. This would typically happen if you had not included the range of IPs from which you are accessing the server in the internal IP range. Take that into account before clicking Finish.

The server will apply the configuration, which should take no more than a few seconds, and go back to the wizard, pointing to the next step—Define Server Topology.

This stage is where you might choose to include this server as part of an Array of UAG servers, for load balancing purposes. You do not have to make this decision now. You can always start by using this UAG server as a stand-alone server, and join it to an array later. If the computer is not a domain member, then the option of joining an array will be greyed out, since domain membership is a prerequisite for UAG array functionality. Unfortunately, if you do intend to use this UAG as part of an array but have not yet joined the machine to the domain up to this stage, doing it now might be too late, since, as we mentioned earlier in this chapter, this should be performed before UAG installation. If you are planning on creating or joining an array, please refer to Chapter 10.

Lastly, the wizard will ask you if you want to use Microsoft Update to update the server when future updates are released. You may choose to skip this and install updates manually, though it's usually a pretty good idea to let this be taken care of automatically. However, some organizations do prefer to have total control over updates, in case the update involves downtime for the server.

Having completed these three configuration steps, you may click Close, at which point you will be asked to activate the configuration. That's a term you are about to become very familiar with in the next few weeks. This, thankfully, is not related to the Windows Activation we have all come to know and love in the past ten years, but to an activation of the UAG configuration. The Activation process translates the UAG server's configuration into various settings that are pushed into IIS and TMG. Upon doing this for the first time, you will be asked to select a default location for backups, where UAG will be storing CAB files with your configuration. We recommend choosing a folder that will be easy for you to backup to more secure media on a regular basis. You will also be asked to create a Password, which will be used to protect your backups. As a general security precaution, we urge you to avoid re-using a password you already use somewhere else, and as always, do choose one that's not easy to guess (in case you're wondering, your birthday is not that hard to find, so you might as well go with something more original).

Once you finish the activation wizard, UAG will start the process, which typically takes about three minutes on a freshly installed server.

Congratulations! Your server is finally ready to publish its first application. Be aware, though, that at this point, there are no trunks or applications configured on the server, so connecting to it using a browser will not get you anywhere. Creating trunks and applications will be discussed in the next chapter and then you will have something to show for all your efforts thus far.

If updates or Service Packs for UAG have been issued, and were not already included with your ISO Image or DVD disc installer, we recommend applying them at this point. Updating UAG is pretty simple, and the only complication is that they require a re-activation of the server (similarly to what we just did, after completing the Getting Started Wizard). Normally, an update is cumulative, meaning it will include all updates that were issued before it, so it is sufficient to install Update 2, and there's no need to install Update 1 before it. Updates, however, are incremental between Service Packs, so in the future, after a Service Pack is released, and an Update is released after it, you will need to install the Service Pack prior to installing the update. This is quite similar to how things are with all other Microsoft products, so that should not come as a surprise or too much of a distraction. In fact, if you are used to installing several Windows updates a month, you will probably be relieved to hear that UAG will most likely have no more than two or three per year.

The installation process itself is pretty simple, and very difficult to botch up. Here are some issues that have been observed since the product's introduction into the market and instructions about how to resolve them.

The following TechNet article mentions a few more possibilities:

http://technet.microsoft.com/en-us/library/ff607359.aspx.

Most other installation failures could occur if the server is "dirty" from installation of other products or from a corrupt uninstall of UAG, TMG, or SQL, but that's easily resolvable by simply installing on a fresh and clean server. If you get an unexplained failure that does not meet any of the above, the best place to troubleshoot it would be the installation log. UAG's install logs can be found under %ProgramData%\Microsoft\UAG\Logs and if the failure is of the TMG portion of the installation, then those can be found under %windir%\Temp. Reading installation logs is a tough job, so don't expect any easy answers, but if push comes to shove, Microsoft's customer support group will surely be able to help.