Sharing of thoughts and information is what blogging is all about. This way we can learn from each other. Post A Comment!These postings are provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.
Anthony Bartolo Twitter | LinkedIn
Pierre Roman Twitter | LinkedIn
Last week Pierre and I completed the last Windows Server 2012 #CANITPRO Camp in St. John's, Newfoundland. The camp was a great showcase of virtualization capabilities for Windows Server 2012 and was well received by audiences across Canada. So much so that Pierre, Mitch and I will be putting together a version 2 of Windows Server 2012 #CANITPRO Camp next week. Agenda and dates of the camps will be posted soon but I wanted to incorporate one of the upcoming labs into a Step-By-Step post to allow everyone a preview of what to expect.
Direct access was introduced in Windows Server 2008 R2 as a new remote access feature allowing connectivity to corporate network resources without the requirement of Virtual Private Network (VPN) connections. DirectAccess at the time only supported domain-joined Windows 7 Enterprise and Windows 7 Ultimate edition clients. Windows Routing and Remote Access Server (RRAS) will continue to provide traditional VPN connectivity for legacy clients, non-domain joined clients, third party VPN clients and site-to-site server connections. RRAS in Windows Server 2008 R2 must be deployed and managed separately from DirectAccess as it cannot coexist on the same edge server.
In 2012, DirectAccess offered with Windows Server 2012 combines the feature and the RRAS role service into a new unified server role. This new Remote Access role allows for centralized configuration, administration, and monitoring of both VPN-based remote access services and DirectAccess. Windows Server 2012 DirectAccess also provides multiple updates and improvements to address deployment blockers and provide simplified management.
These features include:
Windows 8 and Windows Server 2012, DirectAccess deployment is also now simplified with a working configuration deployed in a few clicks. However, options are also available to allow for DirectAccess accessibility through a multitude of deployment options should the standard configuration not meet your organizations requirements. These deployment options include:
Download and install Windows Server 2012 in your lab to complete this exercise. Alternatively you can complete this lab in a virtual lab setup by downloading and installing Hyper-V Server 2012.
Direct Access Deployment Steps
Once completed successfully, the ability to look through all the configuration steps and edit as needed/necessary is made available.
To explore the new DirectAccess feature for yourself download the Windows Server 2012 installation kit.
Nice write up but I would have highlighed how important the NLS server is here and that it's internal cert cannot and must not use a CN that is accessible or resolvable from the internet. This server is absolutely criticical so it should ideally be highly available.
Also the cert it uses must have a matching entry in DNS - I recommend using the internal name of the server as I found if you try to replicate the name one it generates in DNS, the entry was being deleted by the wizard (bug?).
Personally I also prefer to create a VPN too - but that's a matter of personal preference.
And perhaps some reference on how to enable for Windows 7
And the following command is extremely useful for the clients to check it's configured:
netsh dns show state
I agree and will be noted on the next blog post in regards to this subject. I have also found this great resource that will provide further information on enabling DirectAccess in Windows 7(technet.microsoft.com/.../dd420463.aspx). Thank you for your input and sharing your knowledge on the subject.
You're more than welcome - I wish I'd had this over the last week and bit where I was struggling to work out where I was going wrong. It's a great write-up and useful resources are all too scarce at the moment.
Well there's seemingly a lot of information out there but a lot is of questionable use as it misses key information/glosses over critical areas unfortunately.
And actually your linked article is exactly what I mean - lots and lots of useful info from MS there, but I could only see one entry relating to 2012.
Having done it with both 2008 R2 and 2012 I wouldn't want to go back to 2008 - the enhanced setup and configuration (and the dashboard) in 2012 knock 2008 into touch in a huge way.
Yes, this is a great write up about DirectAccess in Server 2012. If you ever had to set it up in Windows 2008 R2 (especially in a cluster), you'll love Server 2012.
Thank you Todd.