Rating: 5 out of 5 stars
5/5
Ebook221 pages2 hours
Microsoft DirectAccess Best Practices and Troubleshooting
Rating: 5 out of 5 stars
5/5
()
About this ebook
This book covers best practices and acts as a complete guide to DirectAccess and automatic remote access.Microsoft DirectAccess Best Practices and Troubleshooting is an ideal guide for any existing or future DirectAccess administrator and system administrators who are working on Windows Server 2012. This book will also be beneficial for someone with a basic knowledge of networking and deployment of Microsoft operating systems and software who wants to learn the intricacies of DirectAccess and its interfaces.
Read more from Jordan Krause
Windows Server 2012 R2 Administrator Cookbook Mastering Windows Server 2016 Rating: 5 out of 5 stars5/5Windows Server 2016 Cookbook Rating: 0 out of 5 stars0 ratings
Related to Microsoft DirectAccess Best Practices and Troubleshooting
Related ebooks
Microsoft Azure Security Rating: 0 out of 5 stars0 ratingsInstant Citrix XenApp Rating: 5 out of 5 stars5/5Microsoft Azure IaaS Essentials Rating: 4 out of 5 stars4/5Learning AirWatch Rating: 5 out of 5 stars5/5Windows 2012 Server Network Security: Securing Your Windows Network Systems and Infrastructure Rating: 4 out of 5 stars4/5Instant Migration from Windows Server 2008 and 2008 R2 to 2012 How-to Rating: 0 out of 5 stars0 ratingsHyper-V Network Virtualization Cookbook Rating: 0 out of 5 stars0 ratingsLearning Windows Server Containers Rating: 0 out of 5 stars0 ratingsDisaster Recovery Using VMware vSphere Replication and vCenter Site Recovery Manager Rating: 0 out of 5 stars0 ratingsManaging Virtual Infrastructure with Veeam® ONE™ Rating: 0 out of 5 stars0 ratingsComptia Network+ V6 Study Guide - Indie Copy Rating: 0 out of 5 stars0 ratingsLearning PowerShell DSC Rating: 0 out of 5 stars0 ratingsGetting Started with Red Hat Enterprise Virtualization Rating: 0 out of 5 stars0 ratingsMicrosoft Log Parser Toolkit: A Complete Toolkit for Microsoft's Undocumented Log Analysis Tool Rating: 5 out of 5 stars5/5Getting Started with Windows Server Security Rating: 0 out of 5 stars0 ratingsCisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity Rating: 3 out of 5 stars3/5Getting Started with VMware Virtual SAN Rating: 0 out of 5 stars0 ratingsMastering Zabbix - Second Edition Rating: 0 out of 5 stars0 ratingsSolarWinds Server & Application Monitor : Deployment and Administration Rating: 0 out of 5 stars0 ratingsDevOps with Windows Server 2016 Rating: 0 out of 5 stars0 ratingsLeast Privilege Security for Windows 7, Vista and XP Rating: 0 out of 5 stars0 ratingsThe Real MCTS/MCITP Exam 70-640 Prep Kit: Independent and Complete Self-Paced Solutions Rating: 1 out of 5 stars1/5Microsoft Windows Intune 2.0: Quickstart Administration Rating: 0 out of 5 stars0 ratingsSecurity+ Study Guide Rating: 0 out of 5 stars0 ratingsMastering Windows Server 2016 Hyper-V Rating: 5 out of 5 stars5/5Mastering Active Directory Rating: 0 out of 5 stars0 ratings
Networking For You
Unlock Any Roku Device: Watch Shows, TV, & Download Apps Rating: 0 out of 5 stars0 ratingsThe Compete Ccna 200-301 Study Guide: Network Engineering Edition Rating: 5 out of 5 stars5/5Networking All-in-One For Dummies Rating: 5 out of 5 stars5/5Hacking Android Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Linux Bible Rating: 0 out of 5 stars0 ratingsTCP/IP Clearly Explained Rating: 4 out of 5 stars4/5Quantum Computing For Dummies Rating: 0 out of 5 stars0 ratingsAWS Certified Solutions Architect Study Guide: Associate SAA-C02 Exam Rating: 0 out of 5 stars0 ratingsNetworking For Dummies Rating: 5 out of 5 stars5/5A Beginner's Guide to Ham Radio Rating: 0 out of 5 stars0 ratingsNetworking Fundamentals: Develop the networking skills required to pass the Microsoft MTA Networking Fundamentals Exam 98-366 Rating: 0 out of 5 stars0 ratingsAWS Certified Cloud Practitioner Study Guide: CLF-C01 Exam Rating: 5 out of 5 stars5/5SharePoint For Dummies Rating: 0 out of 5 stars0 ratingsThe Windows Command Line Beginner's Guide: Second Edition Rating: 4 out of 5 stars4/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsRaspberry Pi Electronics Projects for the Evil Genius Rating: 3 out of 5 stars3/5CCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsMCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104 Rating: 0 out of 5 stars0 ratingsCisco Networking All-in-One For Dummies Rating: 4 out of 5 stars4/5Windows Command Line Administration Instant Reference Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Cisco CCNA Command Guide: An Introductory Guide for CCNA & Computer Networking Beginners: Computer Networking, #3 Rating: 0 out of 5 stars0 ratingsComputer Networking: An introductory guide for complete beginners: Computer Networking, #1 Rating: 5 out of 5 stars5/5Architecture of Network Systems Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsNetwork+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5
Related podcast episodes
Cybersecurity and Hacking with Kevin Mitnick 0% found this document usefulEpisode 233: Manual unit testing and WFH demotivation 100% found this document usefulBonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document usefulScale Out Cloud Storage 0% found this document usefulNate Lee: Building a GenAI Security App for Fun (and No Profit) 0% found this document useful1877: Dynatrace Perform - Multi-Cloud With Serverless Monitoring 0% found this document usefulNetwork Reliability Engineering 0% found this document usefulBackstage & Internal Developer Portals 0% found this document usefulEpisode 279: JSJ BONUS: Web Apps on Linux with Jeremy Likness and Michael Crump 0% found this document useful
Related articles
Hacker Distributions Linux FormatArticle
Hacker Distributions
Nov 17, 2020
1 min readSet Up Your Own Nas Server Maximum PCArticle
Set Up Your Own Nas Server
Mar 30, 2021
11 min readLinux: The All-in-one Option Maximum PCArticle
Linux: The All-in-one Option
Oct 15, 2019
1 min readRun Windows 11 on a Raspberry Pi 4 Maximum PCArticle
Run Windows 11 on a Raspberry Pi 4
Feb 1, 2022
5 min read“Wi-Fi Congestion In Suburban Areas Has Never Been So Bad, And Sorting Out The Mess Needs Tools” PC Pro MagazineArticle
“Wi-Fi Congestion In Suburban Areas Has Never Been So Bad, And Sorting Out The Mess Needs Tools”
Apr 8, 2021
10 min readSet Up A Production-ready Web Server Linux FormatArticle
Set Up A Production-ready Web Server
Sep 24, 2019
8 min readEnterprise-grade Monitoring Made Easy Linux FormatArticle
Enterprise-grade Monitoring Made Easy
Mar 10, 2020
9 min readBootstrap Your LINUX Career Linux FormatArticle
Bootstrap Your LINUX Career
Jul 25, 2023
9 min readAll about Ethernet TechLifeArticle
All about Ethernet
Jan 11, 2021
4 min readInstalling Apache for Linux… on Windows TechLifeArticle
Installing Apache for Linux… on Windows
Jul 27, 2020
5 min readGrafana, Telegraf And Influxdb Linux FormatArticle
Grafana, Telegraf And Influxdb
Jun 30, 2020
If you don’t like Netdata or if you want to try something else, you can give Grafana (https://grafana.com), Telegraf (www.influxdata.com/time-series-platform/telegraf) and InfluxDB (www.influxdata.com/products/influxdb-overview) a try. Grafana can’t
1 min readPeople Are Secretly Buying Handguns On The Dark Web FuturityArticle
People Are Secretly Buying Handguns On The Dark Web
Apr 24, 2019
2 min readImprove Your Typing Linux FormatArticle
Improve Your Typing
Dec 13, 2022
GNU T YPIST Credit: www.gnu.org/software/gtypist OUR EXPERT Shashank Sharma is a trial lawyer in New Delhi and an avid Arch user. He’s quite happy with his typing speed, errors and all. Touch-typing is the ability to type without looking at the keybo
5 min readSeed Your Own Cloud Linux FormatArticle
Seed Your Own Cloud
Oct 22, 2019
10 min readMonitor Your TCP/IP Networks With EBPF Linux FormatArticle
Monitor Your TCP/IP Networks With EBPF
Jan 10, 2023
8 min readThe 5 Worst Home Networking Mistakes and How to Avoid Them Residential Tech TodayArticle
The 5 Worst Home Networking Mistakes and How to Avoid Them
Oct 15, 2020
4 min readRemote Support Software 2023 PC Pro MagazineArticle
Remote Support Software 2023
Sep 7, 2023
3 min readRemote Support Software 2022 PC Pro MagazineArticle
Remote Support Software 2022
Sep 11, 2022
4 min readRemote Support Software 2020 PC Pro MagazineArticle
Remote Support Software 2020
Aug 13, 2020
3 min read“The Biggest Problem I See When People Are Working From Home Is A Poorly Designed Network” PC Pro MagazineArticle
“The Biggest Problem I See When People Are Working From Home Is A Poorly Designed Network”
Jun 8, 2023
6 min readPassword Managers APCArticle
Password Managers
Nov 6, 2023
11 min readRemote-support software 2021 PC Pro MagazineArticle
Remote-support software 2021
Sep 9, 2021
3 min readIDrive RemotePC Enterprise PC Pro MagazineArticle
IDrive RemotePC Enterprise
Nov 10, 2022
2 min readExpressVPN Linux FormatArticle
ExpressVPN
Sep 19, 2023
3 min readAntivirus Go Free Or Buy A Suite? APCArticle
Antivirus Go Free Or Buy A Suite?
Apr 20, 2023
32 min readBest Password Managers For Your Android Device Android AdvisorArticle
Best Password Managers For Your Android Device
Jul 5, 2023
7 min readNetwork monitoring 2022 PC Pro MagazineArticle
Network monitoring 2022
Feb 10, 2022
4 min readSophos Intercept X Advanced PC Pro MagazineArticle
Sophos Intercept X Advanced
Nov 11, 2021
2 min readSkilling Up Your Router TechLifeArticle
Skilling Up Your Router
Jun 1, 2020
4 min readAll-in-one Business Protection 2023 PC Pro MagazineArticle
All-in-one Business Protection 2023
Aug 10, 2023
4 min read
Reviews for Microsoft DirectAccess Best Practices and Troubleshooting
Rating: 5 out of 5 stars
5/5
1 rating0 reviews
Book preview
Microsoft DirectAccess Best Practices and Troubleshooting - Jordan Krause
Table of Contents
Microsoft DirectAccess Best Practices and Troubleshooting
Credits
Foreword
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers and more
Why Subscribe?
Free Access for Packt account holders
Instant Updates on New Packt Books
Preface
DirectAccess rocks
So many options
Take it from me
Which flavor of DirectAccess are you talking about?
Let's get rolling
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Errata
Piracy
Questions
1. DirectAccess Server Best Practices
Preparing your Remote Access servers for DirectAccess
NIC configuration
Configuring internal NIC
Configuring external NIC
NIC binding
MAC address spoofing for virtual machines
Adding static routes
Hostname and domain membership
Prestage the computer account
Time for certificates
Installing the IP-HTTPS SSL certificate
Installing the IPsec machine certificate
Adding the roles
Don't use the Getting Started Wizard!
Running the full Remote Access Setup Wizard
Reasons not to use the Getting Started Wizard
Self-signed certificates
Self-hosted NLS
Disables Teredo
Applies client policy to the domain computers group
No advanced choices
Security hardening the server
Summary
2. DirectAccess Environmental Best Practices
To NAT or not to NAT?
Three is better than one
Efficiency of Teredo over IP-HTTPS
6to4
Teredo
IP-HTTPS
Planning for Certificates (PKI)
SSL certificate for NLS
SSL certificate for IP-HTTPS
Machine certificates for IPsec
Requirements for the machine certificate
Choosing the CA in the wizards
Marking your calendars for certificate expirations
Defining your GPOs and security groups
Let the wizards take care of it
Creating your own GPOs
Setting up the Network Location Server (NLS)
Do I need IPv6 or ISATAP?
Teredo and 6to4 tips and tricks
Set Teredo to EnterpriseClient
Using Group Policy for this change
Disabling the 6to4 adapter on your clients
Using Group Policy for this change
Summary
3. Configuring Manage Out to DirectAccess Clients
Pulls versus pushes
What does Manage Out have to do with IPv6?
Creating a selective ISATAP environment
Creating a security group and DNS record
Creating the GPO
Configuring the GPO
Adding machines to the group
Setting up client-side firewall rules
RDP to a DirectAccess client
No ISATAP with multisite DirectAccess
Summary
4. General DirectAccess Troubleshooting
Remote Access Management Console
Windows Firewall with Advanced Security
Reading the client logfiles
What happened to Teredo?
Clients with native IPv6
Summary
5. Unique DirectAccess Troubleshooting Scenarios
What happens when NLS is offline?
The resolution
I enabled NLB and DA broke!
The resolution
IPv4 applications don't connect over DA
App46 by IVO Networks
Cannot contact some servers
Routing
Name resolution
Checking DNS for strange AAAA records
Does it work over IP-HTTPS and not Teredo?
Summary
Index
Microsoft DirectAccess Best Practices and Troubleshooting
Microsoft DirectAccess Best Practices and Troubleshooting
Copyright © 2013 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: October 2013
Production Reference: 1071013
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-106-5
www.packtpub.com
Cover Image by Fereze Babu (<mail@feroze.me>)
Credits
Author
Jordan Krause
Reviewers
Shannon Fritz
Richard Hicks
Acquisition Editor
Vinay Argekar
Commissioning Editor
Neha Nagwekar
Technical Editors
Novina Kewalramani
Rohit Kumar Singh
Project Coordinator
Sherin Padayatty
Proofreader
Clyde Jenkins
Indexer
Mariammal Chettiyar
Graphics
Yuvraj Mannari
Production Coordinator
Aparna Bhagat
Cover Work
Aparna Bhagat
Foreword
Microsoft DirectAccess is a revolutionary remote access solution for managed (domain-joined) Windows clients. DirectAccess provides always-on corporate network connectivity, enabling remote users to securely access on-premises data and applications anywhere they have a connection to the public Internet. Many mistakenly believe that DirectAccess is itself a protocol. It is not. DirectAccess leverages multiple Microsoft technologies to deliver this service, such as Active Directory, IPsec, IPv6, digital certificates, and more. Harnessing the power of Windows Server 2012 and Windows 8 Enterprise edition, DirectAccess represents a paradigm shift in the way we think about providing remote access. Traditional Virtual Private Networking (VPN) solutions require the user to proactively initiate a connection back to the corporate network when they need to access corporate resources. By contrast, DirectAccess is seamless and transparent, and does not require any input from the user to establish remote network connectivity. Through the use of Connection Security Rules in the Windows Firewall with Advanced Security (WFAS), IPsec tunnels are established automatically in the background any time the user has an active Internet connection. A distinct advantage that DirectAccess has over VPN is that DirectAccess is bidirectional, allowing hosts on the corporate intranet to initiate connections outbound to connected DirectAccess clients. This allows system administrators to manage out
and enables help desk administrators to initiate remote desktop sessions or security administrators to conduct vulnerability scans, among other things. DirectAccess fundamentally extends the corporate network to the remote user, wherever they may be located.
DirectAccess has been around for a few years, originally appearing as a feature of the Windows Server 2008 R2 operating system. Windows Server 2008 R2 DirectAccess wasn't widely deployed, as it carried with it very steep infrastructure requirements in order to support DirectAccess, including the requirement for a Public Key Infrastructure (PKI) for management of digital certificates and IPv6 for network layer transport. My first experience with DirectAccess came when Forefront Unified Access Gateway (UAG) 2010 was released. UAG included support for the DirectAccess role, and also included new features that eliminated the need to deploy IPv6 internally to take advantage of the solution.
As a Microsoft Most Valuable Professional (MVP) in the Forefront discipline, I began to deploy Forefront UAG for DirectAccess on a regular basis. With the release of Windows Server 2012, DirectAccess is now fully integrated into the operating system, and the adoption rate is accelerating faster. Today, I spend most of my time deploying Windows Server 2012 DirectAccess solutions for some of the largest organizations in the world.
I met Jordan Krause a few years ago when he was first awarded the MVP from Microsoft. Our MVP group is small and tight-knit, and from the beginning Jordan fit right in. He had a wealth of knowledge and experience with DirectAccess and freely shared this with the rest of us in the group. All of us in the DirectAccess community have gained important knowledge from Jordan. With this book, Jordan is now able to share his valuable experience with the rest of the world. This book is focused on sharing real-world, practical advice for deploying DirectAccess in the best possible way for your given deployment model. Jordan pulls no punches, and isn't afraid to tell you when you shouldn't do something, even if it is possible! He provides valuable context to help you with your implementation, and makes sure that you avoid the common pitfalls and mistakes that many engineers who are new to DirectAccess invariably make. If you're going to deploy Windows Sever 2012 DirectAccess now or in the future, you'll definitely want to read this book first.
Enjoy!
Richard Hicks
Director of Sales Engineering at Iron Networks, Inc.
About the Author
Jordan Krause is a Microsoft MVP in Enterprise Security, and specializes in DirectAccess, which is a part of Forefront Unified Access Gateway (UAG) 2010 and Unified Remote Access (URA) in Windows Server 2012. As a Senior Engineer and Security Specialist for IVO Networks, he spends the majority of each workday planning, designing, and implementing DirectAccess for companies all over the world.
Committed to continuous learning, Jordan holds Microsoft certifications as an MCP, MCTS, MCSA, and MCITP Enterprise Administrator. He regularly writes tech notes and articles about some of the fun and exciting ways that DirectAccess can be used, which can be found at http://www.ivonetworks.com/news/.
He also strives to spend time helping the DirectAccess community, mostly by way of the Microsoft TechNet forums. Jordan is always open to direct contact for answering questions or helping out in any way that he can, so don't hesitate to head over to the forums and find him personally.
Huge thanks to my family for taking more on their plates while I worked on this. Laura, Grace, and Jackson—you are my motivation for doing what I do! Another big thank you to my family at IVO; without the opportunities you have provided, I may never have heard the word DirectAccess.
About the Reviewers
Shannon Fritz is an Infrastructure Architect and regional leader in Remote Connectivity solutions, including DirectAccess, Remote Desktop Services, and supporting technologies such as Hyper-V and Active Directory. Shannon is the Datacenter and Azure Team Lead for Concurrency's Infrastructure Practice, a systems integrator who is solely focused on Microsoft solutions.
Richard Hicks (MCP, MCSE, MCTS, and MCITP Enterprise Administrator) is a network and information security expert specializing in Microsoft technologies. As a four-time Microsoft Most Valuable Professional (MVP), he has traveled around the world speaking to network
Enjoying the preview?
Page 1 of 1