We have released Windows 7 & Windows Server 2008 R2 last year. One of the features that we had deployed internally was DirectAccess. You must have heard about DirectAccess many times during our New Efficiency and similar set of launch events. We have been telling Better Together story with Windows 7 & Windows Server 2008 R2.
From the blog topic you must have received some hint what am I going to cover in today’s post. Exactly the same thing i.e. Connecting to your Office Corporate Network using TATA Photon+ and Reliance NetConnect. I believe that many users are connecting to the Internet by using various options such as ADSL, Wireless, ISDN etc. DirectAccess feature works well seamlessly for most of the connections such Wireless at home, hotel, airports etc. I will be covering about connectivity in India where we have some of the major players offering high speed CDMA broadband connection. These players are TATA Photon+ and Reliance NetConnect Broadband. Both of them offer up to 3.1 Mbps connectivity but anyways we won’t go into that discussion. We will cover specifically connecting to CorpNet using TATA Photon+ and Reliance NetConnection because the very simple fact is that most of the users not able to use DirectAccess feature over these Internet Connection.
I have been on to DirectAccess pilot since long time and by the time I joined it’s been an amazing experience connecting to CorpNet without going through standard VPN/RAS dialing process. But the sad part when I was not able to connect to my CorpNet using TATA Photon+ Card. I am using Tata Photon+ from last December but every time I was trying to connect to my CorpNet using DirectAccess there was no success and I was using regular RAS/VPN process. The same case happened even by trying out Reliance NetConnect Broadband. I tried different settings but no luck and then I decided to let it go. Later I got to know that most of colleagues are also facing similar problem and not able to leverage the DirectAccess feature.
So, last week I was travelling and by that time I decided to find a solid conclusion before quitting
and asking for the product group. And here it is how I found the solution to this problem and here are my findings.
Checking DirectAccess Status
Trying to connect to CorpNet Environment using TATA Photon+ Internet.
Here is the standard TATA Photon+ Dialer, I will click on Connect to get connected to Internet.
The Reliance Dialer looks exactly similar except the logo in the right corner. Basically the complete software is designed by HUAWEI Technologies Co., Ltd.
In the red box, it is the actual profile or the actual Dial Up Connection created by the Huawei Access Manager.
Let me try connecting to my computer in corporate environment, say aviraj-demo is my server in my Microsoft office environment. A minute after connecting to the internet, I will try to ping it and I get the reply in IPv6 format. It means by DirectAccess seems to be operational so far on my machine but not completely functional. Let’s test it.
DirectAccess Attempt #1: Connecting to resources in my CorpNet
Now, that I can ping let me try accessing files on that server or try to take remote of that server.
Resource Output 1: Accessing internal site: http://sharepoint Status: FAILED
The does not open and it goes over the internet to search for this internal portal due to lack of connectivity.
Resource Output 2: File Share (start -> run -> \\aviraj-demo ) Status: FAILED
Resource Output 3: Remote Desktop Protocol – RDP (mstsc) Status: FAILED
TROUBLESHOOTING DirectAccess Using Windows 7 Built-in Troubleshooting Packs
I am getting Ping response but it seems I have not yet got complete CorpNet access due to authentication. Then I decided to run the Troubleshooting Option located in Network and Sharing Centre.
You can do that by clicking on Connection to a Workplace Using DirectAccess. I selected Automatic Repair check box.
After running this wizard I got the following result. This was not much help, I tried updating group policy assuming that something is missing but nothing worked.
TESTING OUTLOOK CLIENT CONNECTION…Hint for the solution!!!
Since I am connected to Internet, I decided to open up Outlook 2010 Client. As soon as clicked on Outlook 2010 here is the prompt I got.
Hmm, surprisingly instead of my own Domain\Alias i.e. fareast\i-aviraj I am prompted with something like internet. At this point I got that that every time I get connected to Internet I am prompted with my Alias so why every time when I get connected using TATA Photon+ I am prompted with internet.
AND NOW THE SOLUTIONS FOR THIS PROBLEM.
Get DirectAccess Working – SOLUTION # 1: Using Huawei Dialer & Credentials Manager
Step 1: Get connected to the internet using the above stated process using TATA PHOTON+ Dialer or RELIANCE NETCONNECT BROADBAND DIALER.
Step 2: Go to Control Panel , double click on Credentials Manager
Step 3: Expand the first entry named *Session in the Windows Credentials with status Modified: Today
IMPORTANT NOTE: DO NOT DISCONNECT THE CONNECTION.
This is the exact reason, the DirectAccess in not fully functional. Every time you connect using HUAWEI Connection Manager, it creates this Windows Credentials named *Session with Persistence: Logon Session. Because of this Logon Session entry, it bypasses the default domain credentials and the dialer provided credentials are used for authentication and subsequently gets failed due to failure of authentication.
What is Logon Session?
A logon session begins whenever a user logs on to a computer. All processes in a logon session have the same primary access token. The access token contains information about the security context of the logon session, including the user's SID, the logon identifier, and the logon SID.
More to read http://msdn.microsoft.com/en-us/library/aa378338(VS.85).aspx
Step 4: Solving this issue and getting back to Domain Credentials
Click on Remove Credentials and click on Yes
Step 5: Success within a Minute. :)
The moment you delete it, wait for few seconds and try to open any internal website say http://msw. Within moments, you will be asked for the prompt you have been for since months over your High Speed CDMA Broadband Connection.
Voila!!! Success, this is what you have been waiting for since long time. DirectAccess over TATA Photon+ and Reliance NetConnect Broadband using HUAWEI Dialer.
Windows Needs your Smart Card Credentials
Double click on the Credential’s icon in system tray, insert Smart Card in reader and Enter PIN
You will see your credentials getting verified.
THAT’S IT. YOUR ARE CONNECTED TO YOUR CORPNET. NO MORE STEPS.
***** SOLUTION 1 ENDS HERE *****
We will test this solution if this really worked.
DirectAccess Attempt #2: Connecting to resources in my CorpNet…Post Applying Solution 1
Now that I have authenticated my credentials using Smart Card, I will check different resources.
Resource Output 1: Accessing internal site: http://sharepoint Status: SUCCESS
Resource Output 2: File Share (start -> run -> \\aviraj-demo ) Status: SUCCESS
This time I go to start run and enter the file share \\aviraj-demo and wait for the response.
While hovering on to the taskbar I see my mouse point showing busy icon, it means my explorer trying to connect to the remote resource. After a minute or so, after resolving the server name here my output.
Resource Output 3: Remote Desktop Protocol - RDP (mstsc) Status: SUCCESS
When Connected to Remote Desktop over DirectAccess
This is solution working with Dialer because many users are willing to use TATA/RELIANCE DIALER because it helps giving the signal strength by showing HSIA/CDMA Status. Secondly, it helps keeping track of usage by providing detailed stastics and real time speed in KB/s.
I hope this will surely help you experience DirectAccess over this high speed connection.
JUST REMEMBER, EVERY TIME YOU GET CONNECTED TO INTERNET USING TATA/RELIANCE DIALER, YOU NEED TO REMOVE *Session ENTRY FROM CREDENTIALS MANAGER TO GET YOUR DirectAccess WORKING.
Get DirectAccess Working – SOLUTION # 2: Using Windows Dialer instead of TATA/RELIANCE DIALER
Let’s start by showing the same image…
As I said the red box indicates this is basically Windows Dial Up connection that get’s dialed at the backend. Instead of using TATA/RELIANCE Dialer you can directly connect to the pre-configure Dial Up Entry from your network.
Step 1: open the HUAWEI DIALER and read the Profile Name: TATA Indicom (in this example) close the dialer.
Step 2: Click on the Network and Sharing Center Icon in system tray. You will see your profile. Click on this Profile name. In this example it is TATA Indicom. Click on Connect and click on Dial
Step 3: Once connected Go to Control Panel , double click on Credentials Manager. You will not find the Windows Credentials containing any *Session entry.
Try to access internal resource, within a minute you will be prompted for Windows Smart Card Credentials.
THAT’S IT. YOUR ARE CONNECTED TO YOUR CORPNET WITHOUT USING TATA/RELIANCE DIALER. NO MORE STEPS.
***** SOLUTION 2 ENDS HERE *****
After then try using the same steps performed in DirectAccess Attempt #2.
I hope that this post has given you sufficient number of ideas about connecting to CorpNet. Many of customers would be benefitted by this and they can now leverage the same over high speed CDMA networks or similar types of connections. Meanwhile, I will try working finding the any other alternate solution that can help us avoid deleting the credential manager data manually.
I will be publishing a quick Screencast and will share it on http://edge.technet.com/people/aviraj
Quick Reminder: We are undergoing Blog migration to newer platform this week. User comments are disabled. Feel free to ask any questions to me over an E-Mail: email@example.com
Enjoy DirectAccess !!!
Maintaining that competitive edge in a fast changing business landscape is not an option now. These goals require a new approach to IT and data center management emphasizing automation and optimization. Windows Server 2008 R2 was designed and built with these goals in mind.
Windows Server 2008 R2 addresses cost savings across a number of areas, including streamlined management, less reliance on expensive third-party software, more scalable application serving and lowered WAN bandwidth costs. Customers have seen server consolidation rates up to 3-to-1 as well as up to an 80% decrease in IT man-hours spent on rote administrative tasks like file system management. Power efficiency is also improved over Windows Server 2008 and again over Windows Server 2003 R2. Early adopters of Windows Server 2008 R2 have documented significant savings in this regard, up to 18% over Windows Server 2003 R2.
These documents provide important information you should know prior to deploying and using the Windows Server 2008 operating system, including known issues that you may need to avoid or work around. The documents are continuously updated, so you should check this location for updated versions periodically. You will find four documents for Windows Server 2008 R2:
This software is an optional supplement to the Windows Server 2008 R2 operating system. In Windows Server 2008 R2, the Streaming Media Services role (which includes the latest version of Windows Media Services) is not included in Server Manager.
To obtain Windows Media Services for Windows Server 2008 R2, you must run the Streaming Media Services role installer file on the platform.
If you are interested in the Streaming Media then download the latest version of Windows Media Service for Windows Server 2008 R2.
The Windows 7 Application Compatibility List for IT Professionals is a Microsoft Office Excel-based spreadsheet listing software applications which have met Windows 7 Logo Program testing requirements for compatibility with 32-bit and 64-bit Windows 7, and have thereby earned the right to display the Windows 7 Logo Program logo with the application. These products are identified with the compatibility status “Compatible – Windows 7 Logo.” Additionally, this list includes applications with the following compatibility statuses: “Compatible,” “Free Update Required,” “Paid Update Required,” “Future Compatibility,” and “Not Compatible.” These statuses are based upon the software publishers’ statements of compatibility. These products have not met the Windows 7 Logo Program testing requirements. For an explanation of the various compatibility statuses, please see the Release Notes for the Windows 7 Application Compatibility List. For the latest collection of compatible applications and hardware devices, please visit the Windows 7 Compatibility Center. You can also leave feedback on compatibility and suggest new products to get added in future reports.
Windows Internet Explorer 8 is Microsoft’s latest web browser. Unlike previous versions, Internet Explorer 8 renders content in the most standards-compliant way possible. This means that web pages will be displayed in Internet Explorer 8’s standards mode by default. Through product feedback channels, our users have indicated that, during the beta period, some websites may not have been compatible with Internet Explorer 8 in its default, standards-based mode. As a result, these domains have been added to a list of sites that, for the short-term, are most likely to be displayed better in Compatibility View. All Internet Explorer 8 users are given the choice to use this list, and the subset that chooses to do so will see each listed domain automatically displayed in Compatibility View, without additional user interaction or notice. The sites on this list have high traffic volume (in their regions), and having a compatible website ensures a significant number of Internet Explorer 8 users will have a great experience. This list will be periodically updated and automatically downloaded to Internet Explorer 8 users who have opted-in to use Compatibility View updates from Microsoft. For more information on Compatibility View list updates, please see - http://support.microsoft.com/kb/960321.
AppLocker is a new feature of Windows7 that allows administrators to define policies that can allow or deny a user’s ability to run or install executable, MSI, or script files. Microsoft Application Virtualization (App-V) separates the application from the operating system preventing application conflicts and enabling the ability to run multiple versions of an application of the same desktop. Virtual applications can be delivered in many ways – streaming by assigning applications to user, delivering to machines via Configuration Manager or by using file streaming from removable media. Using App-V and Applocker together ensures that no matter how the application is delivered or what format is takes, physical or virtual, it will respect the policies defined by IT. Watch these demonstrations to learn how to configure App-V; create, update, and publish virtual applications; and create and manage policies for virtual applications.
The Microsoft Touch Pack for Windows 7 is a collection of games and applications that are made available to computers with multi-touch enabled displays running Windows 7.
The Touch Pack includes: Microsoft Blackboard, an intricate game of physics in which you solve a puzzle by creating a fanciful machine on a blackboard. Microsoft Garden Pond, a tranquil game that takes place in serene Japanese water gardens. Microsoft Rebound, a game in which you use your fingertips to control Tesla spheres with an electrical field between them to catapult a metal game ball into your opponent's goal. Microsoft Surface Globe, a program that you can use to explore the earth as a flat 2-D map or as an immersive 3-D experience. Microsoft Surface Collage, a program that you can use to explore and interact with your photos and arrange them as a desktop background. Microsoft Surface Lagoon, a screen saver and interactive water simulation, complete with a meditative rock arrangement and playful, shy fish.
The PoC Jumpstart provides resources to deploy a desktop PoC with Windows 7, Office 2010, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology.
This self-contained, self-service kit will help you complete a Proof-of -Concept (PoC) at your organization, allowing you to quickly evaluate the new Microsoft desktop technologies, including Windows 7, Office 2010 Pro Plus, Internet Explorer 8, and Application Virtualization with Microsoft Desktop Optimization Pack technology App-V. It will also familiarize you with some of the important deployment tools provided by Microsoft to assist with your broader deployment efforts. This PoC is not meant to be comprehensive training mechanism but rather an introductory set of modules to familiarize you with tools and technologies. • Microsoft Windows Server 2008 Enterprise Edition – A platform that helps IT Professionals increase the flexibility and reliability of their server infrastructure. • Microsoft Assessment and Planning Toolkit (MAP) – A tool to assess your hardware readiness for Windows 7 and Office 2010. • Microsoft Application Compatibility Toolkit (ACT) – A tool to assess your software readiness for Windows 7 and Office 2010. • Microsoft Office Migration and Planning Manager (OMPM) – A tool to assess and upgrade Office versions and files. • Microsoft Deployment Toolkit – A tool to create, configure, and deploy custom images, applications, and components. • Windows 7 Enterprise 90-day Trial image – This evaluation edition forms the base image for deployment on client computers. • Microsoft Office Professional Plus 2010 – This system is the best productivity experience across the PC, Phone, and Web. • Office 2010 with Application Virtualization – This system is deployed virtually to streamline and centralize operations. • Microsoft SQL Server 2005 Express Edition – This database system is used to store application compatibility and Microsoft Office assessment data for the ACT and OMPM tools. • Microsoft SQL Server 2008 Express Edition – This database system is used to store image and task sequence data for MDT Deployment Workbench. • Microsoft SQL Server 2008 Evaluation Edition – This database system is used to store hardware assessment data for the MAP tool. The PoC Jumpstart is intended to show you that an upgrade to new Microsoft Optimize Desktop technologies can be seamless, feasible, easy and cost-effective. The PoC Jumpstart will also shed light on the deployment process (tools and technologies) and give your organization confidence for undertaking a broader deployment motion. After completion of the PoC, you should have a test environment setup that will allow you to evaluate the various features of the Microsoft Optimized Desktop and help you make informed decisions to meet your business needs.