Book Image

Microsoft DirectAccess Best Practices and Troubleshooting

By : Jordan Krause
Book Image

Microsoft DirectAccess Best Practices and Troubleshooting

By: Jordan Krause

Overview of this book

DirectAccess is an amazing Microsoft technology that is truly the evolution of VPN; any Microsoft-centric shop needs this technology. DirectAccess is an automatic remote access solution that takes care of everything from planning to deployment. Microsoft DirectAccess Best Practices and Troubleshooting will provide you with the precise steps you need to take for the very best possible implementation of DirectAccess in your network. You will find answers to some of the most frequently asked questions from administrators and explore unique troubleshooting scenarios that you will want to understand in case they happen to you. Microsoft DirectAccess Best Practices and Troubleshooting outlines best practices for configuring DirectAccess in any network. You will learn how to configure Manage Out capabilities to plan, administer, and deploy DirectAccess client computers from inside the corporate network. You will also learn about a couple of the lesser-known capabilities within a DirectAccess environment and the log information that is available on the client machines. This book also focuses on some specific cases that portray unique or interesting troubleshooting scenarios that DirectAccess administrators may encounter. By describing the problem, the symptoms, and the fixes to these problems, the reader will be able to gain a deeper understanding of the way DirectAccess works and why these external influences are important to the overall solution.

Related Content you might be interested in

Current Title:

Small book image
Microsoft DirectAccess Best Practices and Troubleshooting
Jordan Krause
Oct, 2013 | 116 pages
No titles found
Table of Contents (13 chapters)
Microsoft DirectAccess Best Practices and Troubleshooting
Microsoft DirectAccess Best Practices and Troubleshooting
Credits
Credits
Foreword
Foreword
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
DirectAccess Server Best Practices
DirectAccess Server Best Practices
Preparing your Remote Access servers for DirectAccess
NIC configuration
NIC binding
MAC address spoofing for virtual machines
Adding static routes
Hostname and domain membership
Time for certificates
Adding the roles
Don't use the Getting Started Wizard!
Security hardening the server
Summary
2
DirectAccess Environmental Best Practices
DirectAccess Environmental Best Practices
To NAT or not to NAT?
Planning for Certificates (PKI)
Defining your GPOs and security groups
Setting up the Network Location Server (NLS)
Do I need IPv6 or ISATAP?
Teredo and 6to4 tips and tricks
Summary
3
Configuring Manage Out to DirectAccess Clients
Configuring Manage Out to DirectAccess Clients
Pulls versus pushes
What does Manage Out have to do with IPv6?
Creating a selective ISATAP environment
Setting up client-side firewall rules
RDP to a DirectAccess client
No ISATAP with multisite DirectAccess
Summary
4
General DirectAccess Troubleshooting
General DirectAccess Troubleshooting
Remote Access Management Console
Windows Firewall with Advanced Security
Reading the client logfiles
What happened to Teredo?
Clients with native IPv6
Summary
5
Unique DirectAccess Troubleshooting Scenarios
Unique DirectAccess Troubleshooting Scenarios
What happens when NLS is offline?
I enabled NLB and DA broke!
IPv4 applications don't connect over DA
Cannot contact some servers
Summary
Index
Index

Adding the roles

Now that we have all of our settings and prerequisites in place on the DirectAccess server, the last step before we can get into the actual configuration is adding the Remote Access role, and possibly the Network Load Balancing feature, depending on your plan for implementation. To do this, as with any other role or feature, simply launch Server Manager if not already running, and click on the Add roles and features link from inside the dashboard. Click on Next, then click on Next again choosing the default option for role-based or feature-based installation, and click on Next once more on the screen showing your server name selected in the list.

Click on the Remote Access role and click on Next.

You will now be prompted with a screen that shows some additional options that need to be enabled to support the Remote Access role. Go ahead and click on the Add Features button to continue.

Our next screen is for adding features to the server, and we may or may not have to do anything on this screen. If this is your one-and-only DirectAccess server, and you don't plan to ever have more, go ahead and simply click on Next. If you are interested in creating an array, or a cluster of DirectAccess servers in the future, or if this server is going to be an additional node to an existing array or cluster, then make sure to select the Network Load Balancing feature from this list before clicking on Next.

From here you will again be prompted that there are some additional items that need to be enabled to support this Network Load Balancing feature, go ahead and accept that screen to continue.

After clicking on Next a couple more times, you will be presented with an option on whether you want to utilize DirectAccess and VPN (RAS), or Routing, or both. In my opinion, a DirectAccess server should be a remote access platform and nothing else, so let's stick with the defaults, and choose only the DirectAccess and VPN (RAS) option.

Now simply finish out the wizard using all the default settings, and your server is officially ready for use with DirectAccess!

This ends the section of steps that you want to take on each of your servers to prepare them for use with DirectAccess. After adding the roles, you are now ready to either start actual DirectAccess configuration if this is your primary server, or ready to add this server to your array if this is an additional server that you are adding to an existing DirectAccess environment.

Previous Section
End of Section 9
Next Section