StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
JustarandomMicrosoftServer/ClientTechinfo..
FeedingYourTrainingandTechnologyObsessions
StepbyStep:ImplementingBasicDirectAccess
inWindowsServer2012R2
November20,2014
Aspromisedpreviously,thistimeiwillshowyouabasicstephowyoucan
implementDirectAccessinWindowsServer2012R2.
But,asusualletsgothroughabitinformationaboutDirectAccess.
TheDirectAccessfeatureinWindowsServer2012R2enablesseamlessremoteaccesstointranet
resourceswithoutrstestablishingauserinitiatedVPNconnection.TheDirectAccessfeaturealso
ensuresseamlessconnectivitytotheapplicationinfrastructure,forbothinternalusersandremote
users.
UnliketraditionalVPNsthatrequireuserinterventiontoinitiateaconnectiontoanintranet,
DirectAccessenablesanyapplicationontheclientcomputertohavecompleteaccesstointranet
resources.DirectAccessalsoenablesyoutospecifyresourcesandclientsideapplicationsthatare
restrictedforremoteaccess.
TodeployandcongureDirectAccess,yourorganizationmustsupportthe
followinginfrastructurecomponents:
DirectAccessserver.
DirectAccessclients.
Networklocationserver.
Internalresources,suchascorporateapplications.
AnADDSdomain.
GroupPolicy.
PKI(optionalfortheinternalnetwork).
DomainNameSystem(DNS)server.
NetworkAccessProtection(NAP)server.
Tobehonest,implementingDirectAccessnotaseasyasyoureadthemanual,therearemany
thingsyouneedtounderstandandfamiliarwith.But,illtrymybesttopresentthesimplestepso
thatyoucantryinyourIsolatedTestingEnvironment.
Formoreinformation,pleasebrowseto:hp://technet.microsoft.com/en
us/library/dn636118.aspx(hp://technet.microsoft.com/enus/library/dn636118.aspx)
So,ladies&gentlemen..startyourengine..letdrivetotheworldofDirectAccess
1st,beforewebegin,therearefewrequirementthatyouneed,ofcoursenumbersofVMand
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
1/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
1st,beforewebegin,therearefewrequirementthatyouneed,ofcoursenumbersofVMand
seingsneedtobedonebeforeimplementingtheDirectAccess.
Forthisdemopurposes,iwillbeusing5VM,consistsof4WindowsServer2012R2VMand1
Windows8.1clientVMwhichisallrunninginHyperV.
InfrastructureRequirement(thisisbasedontheIsolatedEnvironment)itmightdierentinthe
RealProductionimplementation.
1DomainControllerServer(LONDC01)
1Routing&RemoteAccessServer(LONRTR)
1MemberServer(LONSVR1)
1InternetDNSserver(INET1)**PleasetakenotethatINET1serverisusetosimulatethe
InternetDNSserver.
1ClientPCrunningWindows8.1(LONCL1)
2nd,letsverifythenetworkcongurationforallourVMs(pleaserefertothepictures)
LONDC01
(hps://mizitechinfo.les.wordpress.com/2014/11/1dc01.png)
LONRTR
Require3NIC
Ethernet
Ethernet2
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
2/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
Ethernet2
Internet
(hps://mizitechinfo.les.wordpress.com/2014/11/2rtr1.png)
Ethernet:
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
3/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/3rtr2.png)
Ethernet2:
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
4/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/4rtr3.png)
Internet:
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
5/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/5rtr4.png)
LONSVR1
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
6/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/8svr1.png)
INET1
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
7/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/9inet.png)
LONCL1
Require3NIC(onlyforsimulation)
Ethernet
Ethernet2
Ethernet:
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
8/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/6cl11.png)
Ethernet2:
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
9/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/7cl12.png)
Wedoneonthenetworkconguration,pleasebecarefulonthenetworksetup&understand
morewhatipsgotowhichconnection.
3rd,CreatingDirectAccessOU&GroupinActiveDirectory.
**YouneedtocreatetheOU&GroupbecausewegoingtoaddLONCL1intothisgroupsothat
theclientcanhaveDirectAccessconnection.
1CreateanewOUIntheNewObjectOrganizationalUnitdialogbox,intheNamebox,type
DirectAccess_Clients,and
thenclickOK
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
10/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/19.png)
2IntheActiveDirectoryUsersandComputersconsole,expandAdatum.com,right
clickDirectAccess_ClientsOU,clickNew,andthenclickGroup
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
11/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/24.png)
3IntheNewObjectGroupdialogbox,intheGroupnamebox,typeAdatumDA_Clients
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
12/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/34.png)
4Next,rightclickAdatumDA_Clients,andthenclickProperties
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
13/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/44.png)
5IntheAdatumDA_ClientsPropertiesdialogbox,clicktheMemberstab,andthenclickAdd
andthenclickObjectTypes
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
14/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/54.png)
6Next,clickComputerscheckbox,andthenclickOK
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
15/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/64.png)
7IntheEntertheobjectnamestoselect(examples)box,typeLONCL1,andthenclickOK
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
16/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/74.png)
8VerifythatLONCL1isdisplayedunderMembers,andthenclickOK
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
17/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/84.png)
WedoneontheDomainServer,nowletsswitchtoLONRTRservertocongureour
DirectAccess
1OntheLONRTRServer,openServerManager,clickToolsandthenclickRemoteAccess
Management(forthisdemoiexpectthatyoushouldknowhowtoinstallRemoteAccessRole)
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
18/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/110.png)
2IntheRemoteAccessManagementconsole,underConguration,clickDirectAccessandVPN
andthenclickRuntheGeingStartedWizard
(hps://mizitechinfo.les.wordpress.com/2014/11/25.png)
3OntheCongureRemoteAccessinterface,clickDeployDirectAccessonly
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
19/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/35.png)
4OntheCongureRemoteAccessinterface,verifythatEdgeisselected,andinTypethepublic
nameorIPv4addressusedbyclientstoconnecttotheRemoteAccessserverbox,type
131.107.0.10,andthenclickNext
(hps://mizitechinfo.les.wordpress.com/2014/11/45.png)
5IntheCongureRemoteAccessinterface,clicktheherelink
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
20/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/55.png)
6OntheRemoteAccessReviewinterface,verifythattwoGPOsarecreated,DirectAccess
ServerSeingsandDirectAccessClientseings,andthennexttoRemoteClients,clickthe
Change
(hps://mizitechinfo.les.wordpress.com/2014/11/67.png)
7Next,selectDomainComputers(Adatum\DomainComputers),andthenclickRemove
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
21/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/75.png)
8Next,onthesameinterface,clickAdd,andthentypeAdatumDA_Clients,andthenclick
OK
(hps://mizitechinfo.les.wordpress.com/2014/11/85.png)
9MakesureyoucleartheEnableDirectAccessformobilecomputersonlycheckbox,andthen
clickNext
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
22/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/92.png)
10OntheDirectAccessClientSetupinterface,clickFinish.
(hps://mizitechinfo.les.wordpress.com/2014/11/102.png)
11OntheRemoteAccessReviewinterface,verifythatADATUM\AdatumDA_Clientslisted
underRemoteClientsandthenclickOK
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
23/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/113.png)
12waitforfewminutesfortheseingstocomplete
(hps://mizitechinfo.les.wordpress.com/2014/11/123.png)
13Oncethecongurationcomplete,clickClose
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
24/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/131.png)
14ConrmthatyourDirectAccesssetupiscompletewiththisinterface
(hps://mizitechinfo.les.wordpress.com/2014/11/141.png)
4th,afterallthecongurationdone,nowitstimeforustotest/validateourDirectAccess
deployment.
1SwitchtoyourclientPC,loginasadministratorandthenopenCMD,attheCMDtype
gpupdate/boot/force
**WedoingthisbecausewhenyouconguringDirectAccessserver,thewizardcreated2Group
Policiesandlinkedthem
tothedomain,sothatyouneedtoapplythepolicytoourclientPC
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
25/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/114.png)
2Next,letsverifythattheDirectAccessClientSeingsGPOisappliedtoourclientPC,inthe
CMDtypegpresult/r
**UndertheComputerSeingssection,verifythattheDirectAccessClientSeingsGPOis
applied.
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
26/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/26.png)
3Next,ontheCMDtypenetshnameshoweectivepolicy
**Verifythatfollowingmessageisdisplayed:DNSEectiveNameResolutionPolicyTable
Seings
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
27/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/36.png)
4Nowletmoveourclientfromtheintranettothepublicnetwork,onLONCL1pleasedisable
Ethernetconnection
(hps://mizitechinfo.les.wordpress.com/2014/11/46.png)
5Then,enabletheEthernet2
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
28/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/56.png)
6OpentheEthernet2IPv4toverifytheIPseings
(hps://mizitechinfo.les.wordpress.com/2014/11/68.png)
7Now,itstimeforustotesttheDirectAccessconnectivity(ngercrossed)
**InLONCL1,openIEandthentypehp://lonsvr1.adatum.com(hp://lonsvr1.adatum.com)
**verifythatthedefaultInternetInformationServices(IIS)8.0webpageforLONSVR1appears.
**RestartLONCL1ifIfthedefaultIIS8.0webpageforLONSVR1doesntappear
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
29/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
**RestartLONCL1ifIfthedefaultIIS8.0webpageforLONSVR1doesntappear
(hps://mizitechinfo.les.wordpress.com/2014/11/76.png)
8Next,tryaccessLONSVR1serverles(justtoconrmthatalltheaccessisavailable)
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
30/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/86.png)
9Next,letsverifyConnectivitytotheDirectAccessServer,stillontheLONCl1,openCMDand
typenetshnameshoweectivepolicy
**VerifythatDNSEectiveNameResolutionPolicyTableSeingspresents2entriesfor
adatum.comandDirectaccessNLS.Adatum.com.
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
31/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/93.png)
10Next,intheLONCL1,openPowerShellandtypeGetDAClientExperienceConguration
**thiscommandjusttogettheDirectAccessclientseings
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
32/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/103.png)
11Finally,toverifyLONCL1connectivityonDirectAccessServer,switchtoLONRTRserver,
ontheRemoteAccessManagementconsole,clickRemoteClientStatusandnoticethattheclientis
connectedviaIPHps
**wevesuccessfullyveriedthatLONCL1canaccesstheinternalnetworkbyusing
DirectAccess.
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
33/34
5/24/2016
StepbyStep:ImplementingBasicDirectAccessinWindowsServer2012R2|Justarandom"MicrosoftServer/ClientTech"info..
(hps://mizitechinfo.les.wordpress.com/2014/11/115.png)
Imdonefornow,thankyouforreadingandwaitformynextpost
Abouttheseads(https://wordpress.com/abouttheseads/)
FromWindowsServer2012R2
LeaveaComment
BlogatWordPress.com.|TheTitanTheme.
https://mizitechinfo.wordpress.com/2014/11/20/stepbystepimplementingbasicdirectaccessinwindowsserver2012r2/
34/34