The basic concept behind Forefront UAG backups is the automatic backup during an activation triggered by a Forefront UAG configuration change. Forefront UAG keeps a backup history of the last Forefront UAG configuration changes so you can restore a configuration to the last working one. You are also able to create manual backups of the configuration from the Forefront UAG MMC or with a command line utility called ConfigMgrUtil.exe. Forefront UAG export configuration files contain a record of the latest configuration settings, and can be used, during maintenance or disaster recovery, to restore configuration settings to the same Forefront UAG server or to a different Forefront UAG server with a short Registry configuration change. By default, the Forefront UAG export file is automatically exported to the \Program files\Microsoft Forefront Unified Access Gateway\Backup folder, when you activate the Forefront UAG configuration.
During the first Forefront UAG configuration you will be asked for a password and a backup directory. You can change the password and the backup directory from the Forefront UAG MMC.
Figure 1: Forefront UAG automatic backups
The automatic backup configuration files contain the configuration and some other files like customized configuration files and bitmaps.
Figure 2: Forefront UAG configuration backups
Part of a Forefront UAG configuration backup is a backup of Forefront UAG Activation Monitor log files. You can find the log file in the directory C:\ProgramData\Microsoft\UAG\LOGS. The Activation Monitor log files contain the status of the Activation process in Forefront UAG.
Figure 3: Forefront UAG Activation monitor log file
Before you activate a configuration change in Forefront UAG, you should mark the checkbox to back up the configuration before performing the activation. Forefront UAG stores the configuration backups by default in the \Program files\Microsoft Forefront Unified Access Gateway\Backup folder.
Figure 4: Backup a Forefront UAG configuration before activation
Built-in log files
When using built-in log files, events are logged in native Forefront UAG format. The log files are used by the Forefront UAG Web Monitor. Web Monitor queries the event logs, and lets you filter events according to type, time, users, trunk usage and many other parameters. When setting up built-in logging, you can specify the location to where log files that are generated by the built-in reporter should be stored. Forefront UAG Web Monitor creates a new event log file for every day and the previous log files will be stored in the default folder \Program files\Microsoft Forefront Unified Access Gateway\Logs\Events, or to a location you specify when configuring Forefront UAG logging.
Figure 5: Forefront UAG log files and event message log files
Export / Import configuration
As a Forefront UAG Administrator you are able to create a backup of your Forefront UAG configuration at any time. Start the Forefront UAG MMC and select the Export configuration option from the File menu. In the following dialog box specify a path to store the Forefront UAG configuration and a password to encrypt the configuration file. You will be asked for the password when you try to import the Forefront UAG configuration.
The configuration export creates two files. One XML file for the Forefront UAG configuration and one cab file called WhlBackup.cab as shown in the following screenshot.
Figure 7: Forefront UAG files after a manual backup
The WhlBackup.cab file contains some additional configuration files like the UAG.EGF which contains the configuration of Forefront UAG or the whlreg.reg file which contains specific Forefront UAG settings and the HTTP_RuleSet.ini or HTTPS_RuleSet.ini which contains specific settings for the Whale URL filter in Forefront UAG portals. The WhlBackup.cab file in this example also contains one gif file called FileAcess.gif which is a replacement gif file for a customized bitmap for the Forefront UAG File access feature.
Figure 8: Content of the whlbackup.cab file
Import a Forefront UAG configuration
If you need to revert the current Forefront UAG configuration to a last known good configuration, you can use the import configuration task in the Forefront UAG MMC. Specify the location of the configuration file to import as shown in the following screenshot.
Figure 9: Import a manually or automatically created backup
During the import process you must specify the password of the Forefront UAG configuration file.
Figure 10: Check the file schema version and description before the import process
Compare the file schema version of the import file with the current built number of the Forefront UAG configuration. The file schema version and the current Forefront UAG built number must match.
The import process of the Forefront UAG configuration will overwrite the existing configuration. Keep this in mind before you start the import process.
Figure 11: The existing Forefront UAG configuration will be overwritten
It takes a while until the import of the configuration is completed. After that you must activate the configuration and you have to check the Forefront UAG Activation monitor, the Forefront UAG Web Monitor and the TMG MMC to see if the configuration has been synchronized successfully.
Figure 12: After a successful import, you must activate the configuration
Import the configuration to a different Forefront UAG Server
It is possible to import a Forefront UAG configuration to a different computer. To allow the import process you must modify a Registry key on the destination Forefront UAG Server: Navigate to HKEY_LOCAL_MACHINE\Software\WhaleCom\e-Gap\Configuration. Create a DWORD (32-bit) Value ImportFromOtherVersion, and set the DWORD value to 1.
Command line backup
If you want to automate the backup process of a Forefront UAG configuration you can use the ConfigMgrUtil.exe located in the Utils directory of the Forefront UAG installation. You must specify the export file name and directory and a password. The password is typed in clear text which will be used to protect the backup file against unauthorized imports into a running Forefront UAG configuration.
Figure 13: ConfigMgrUtil.exe to create Forefront UAG backups from the command line
In this article I tried to show you how to backup and restore a Forefront UAG configuration. With a valid Forefront UA backup in place you are able to restore a faulty Forefront UAG configuration on the same Forefront UAG Server or to a different Forefront UAG Server when the Forefront UAG patch level is nearly the same as on the origin Forefront UAG Server. Please, keep in mind that it may be necessary to create a backup of additional data like TMG log files, and SQL database files used by Forefront TMG.