Ben Ari posted an answer to the Forwarding on the 6to4 Interface cannot be enabled error that you might see when you try to activate the DirectAccess configuration on the UAG DirectAccess server. When you activate the configuration, it will look something like this:   Check Ben’s blog post at http...

The question on how to handle DirectAccess clients and Internet security for those clients is always a popular topic. As I’ve mentioned many times in this blog, the overall threat and management profile of the DirectAccess client should be little different than a client that is on the intranet. However...

If you choose to deploy ISATAP to support your DirectAccess deployment, one of the things you need to do is remove the name ISATAP from the DNS block list if you’re using a Windows DNS server running Windows Server 2003 SP2 or above. By default, these DNS servers will not resolve queries for the names...

What would you be willing to pay for a really cool IPv6 and DirectAccess troubleshooting cheat sheet? $5? $10? $100? ONE HUNDRED BILLION DOLLARS? Would you pay one hundred billion dollars for these cheat sheets? Since these cheat sheets are priceless we’re going to give them away. Thanks to DirectAccess...

From what I hear, this year is going to be the year where we see the wave of enterprise Windows 7 rollouts take place. While I’m not sure how these assessments are made, it makes sense from where I sit. Windows 7 Service Pack 1 has been released and end users, admins and the media have all been complimentary...

In the continuing saga of the “No Usable Certificate(s) 0x103” error, which has been discussed in two previous blog posts: http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https-client-error.aspx and http://blogs.technet.com/b/tomshinder/archive...

We’ve received a number of questions recently about UAG DirectAccess support for the IPv6 Internet. When thinking about the IPv6 Internet, you need to think about when the DirectAccess client is on an IPv6 Internet (or on an IPv6 only intranet) and when the UAG DirectAccess server has its external interface...

Got a long drive between home and work? Tired of listening to 80s hits on the radio? Then how about a change of pace and connect with The Edge Man Tom Shinder and Security guru Yuri Diogenes for a couple hours of TechNet Talk Radio? Yuri talks about TMG and how TMG can be used in a number of new scenarios...

One of the most mysterious errors you’ll see when working with DirectAccess are related to failures in IP-HTTPS connectivity. I did a blog post on this problem last year and you can find it at http://blogs.technet.com/b/tomshinder/archive/2010/03/30/troubleshooting-the-no-usable-certificate-s-ip-https...

For companies thinking about deploying DirectAccess, the question of whether or not you need to deploy ISATAP will invariably come up. The answer to this question is “no” and the reasons for why you don’t need ISATAP in a DirectAccess deployment are covered in my article over at http://blogs.technet...

Event Overview Talk TechNet enables you to get your questions about hot technologies answered in real time. In this session, Dr. Tom Shinder will be here to discuss DirectAccess and what Unified Access Gateway 2010 brings to the DirectAccess table. Tom is a Principal Writer in the Anywhere Access Group...

A few people have mentioned on the web forums and in email discussions that they’d like an easy way to disable the IP-HTTPS interface on the DirectAccess client for testing purposes. They don’t want to disable it completely for all clients (which you can do through Group Policy), they just want to disable...

An interesting question came up a few weeks ago regarding DirectAccess and expiring computer accounts. I thought it was an topical question that brought up some issues worth exploring, so I’m sharing with you some thoughts on the problem here. First a little background. UAG DirectAccess (and Windows...

ISATAP is an optional configuration option you can take advantage of when working with UAG DirectAccess. What ISATAP allows you to do is automatically assign IPv6 addresses to computers on the network that already have IPv4 addresses (which is going to be all of them). The advantage conferred when using...

Came across a very handy tip on the TechNet forums over at http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/8965b7de-8814-40ed-b189-37b53bb1b88b In this thread, UAG DirectAccess Pro Ken Carvel provides a nice tip on what to do when you see the DirectAccess Monitor report that...

This is the big day! The results are in for the last quiz in Contest 1. First, I’ll go over the questions and answers and explain some interesting things that came up when I reviewed the answers I received, which had the effect of leading to two correct answers for one of the questions. At the end I...

Wow! This is it – the last quiz in Contest 1. That’s right – this is quiz 4 of the second round. To celebrate this occasion and to make things more interesting, we’re going to have FIVE questions. This will give those who are behind a better chance of catching up and put some pressure on the leaders...

A couple of good questions were asked on a recent blog post and I figured it was worthwhile to answer them in more detail in a separate post. ==================================== “Can you clarify a couple points related to Certificate Authorities and CRLs?  I plan on getting a commercial certificate...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 2 and Contest 2 Round 1/Quiz 2! Last week’s quiz was a bit different with some practical problem solving scenarios based on screenshots. Let’s see how you did: ================================...

It’s time for your weekly UAG DirectAccess quiz! We’re getting close to the end of contest 1, so make sure you don’t miss a step for the next two weeks. Last week’s quiz was definitely tricky and introduced some obscure or difficult to find information. This week I’m going to try something a little different...

This question comes up frequently when introducing admins to UAG DirectAccess. It makes sense, since public IPv4 addresses are getting more difficult to come by and in fact it’s predicted that there will be an exhaustion of the entire IPv4 address space by next month. So, why do you need two public IP...

DirectAccess is about being “always-on”. When I start my laptop in the morning, I’m ready to get to work. Even though I don’t work on the Microsoft campus, I’m able to connect to anything I want (that I have permissions to connect to) on the Microsoft intranet without thinking about connecting to an...

Now for the moment you’ve all been waiting for – the answers to UAG SP1 DirectAccess Contest 1–Round 2/Quiz 2 and Contest 2 Round 1/Quiz 2! Here you go: =========================================== Question 1: ISATAP is an IPv6 transition technology that enables computers to tunnel IPv6 packets inside...

(If you didn’t participate in Quiz 1 – you can read the rules of the game over at http://blogs.technet.com/b/tomshinder/archive/2010/12/02/uag-sp1-directaccess-contest-quiz-one-round-one.aspx ) It’s time for Contest 1-Round 2/Quiz 2 and Contest 2-Round 1/Quiz 2 Send your entries until 11AM Central Standard...

Take a look at the figures below and see if you can guess what device is in the request/response path that you don’t typically see a UAG DirectAccess deployment. First, the ipconfig output on a DirectAccess client located behind a NAT device: Figure 1 Now let’s ping DC1: Figure 2 Now let’s do a tracert...