Unified Access Gateway | Released on 24 March 2020

Check for additions and updates to these release notes.

What is in the Release Notes

The release notes cover the following topics:

What is New in This Release

VMware Unified Access Gateway 3.9.1 includes bug fixes, which is documented in the Resolved Issues section.


The Unified Access Gateway user interface, online help, and product documentation are available in Japanese, French, German, Spanish, Brazilian Portuguese, Simplified Chinese, Traditional Chinese, and Korean. For the complete documentation, go to the Documentation Center.

Compatibility Notes

For more information about the VMware Product Interoperability Matrix, go to http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

UAG Lifecycle Support policy

For information about the UAG Lifecycle Support policy, go to https://kb.vmware.com/s/article/2147313.

Installation and Upgrade

To download the Unified Access Gateway, see the Product Download page.

Resolved Issues

  • After uploading files to the VMware Content Locker application, files are saved with the .smbconnector extension. Such files cannot be viewed on the network server. 
    As part of the fix, you must configure certain custom settings on the Content Gateway configuration page in the Workspace ONE UEM Console.
    For more details about the fix, see the https://kb.vmware.com/s/article/78305.

  • Optimized behavior of tunnel service when syncing the trusted device list from Workspace ONE Unified Endpoint Management (UEM) in large deployments.

Known Issues

  • When UAG is set up for Horizon SAML 2.0 authentication, some versions of the Horizon Client for Windows hide the client UI after the desktop or application opens. This prevents the opening of subsequent desktops or applications. However, the URL used to access Horizon through UAG can specify individual desktops or RDSH Apps.

    Workaround: Upgrade to VMware Horizon Client for Windows version 5.4 or newer.

  • When Horizon SAML 2.0 is used with Horizon True SSO to avoid the initial AD password prompt, if the session is manually locked or locks due to inactivity, the user must either enter their AD password to unlock the session or close the client and reconnect. The Horizon True SSO unlock mechanism currently depends on Workspace ONE Access.

  • UAG RADIUS settings using a local hostname can sometimes fail.

    Workaround: Use a hostname in DNS or an IP address.

  • When using Horizon SAML IDP authentication with Microsoft ADFS, users receive the HTTP ERROR 500.

    The SAML metadata XML file is used for configuring SAML trust on UAG. This file is obtained from Microsoft ADFS. The XML file might contain a SPSSODesriptor section. This section is not required for UAG and causes the HTTP ERROR 500.
    The UAG esmanager.log displays the Error on validating assertion with a ClassCastException as follows:

    org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorImpl cannot be cast to


    Workaround: Before uploading the identity provider’s SAML metadata to UAG, edit the XML file to remove the SPSSODescriptor section. This section starts with "<SPSSODescriptor" and ends with "</SPSSODescriptor>"  tags.

  • Authentication timeout on Unified Access Gateway might not work for Horizon HTML Access client.

    When a user enters the Username and Password and clicks Login even after the authentication timeout interval, the user can still log into the Horizon client. This issue occurs intermittently.

    Workaround: None

  • In the Unified Access Gateway Admin UI, the Auth Methods drop-down box might not appear in the IE and Edge browsers.
    Auth Methods is a field in the Horizon Settings page.

    Workaround: None

check-circle-line exclamation-circle-line close-line
Scroll to top icon