Windows 2012 Direct Access – Verify Installation
Posted by Brajesh Panda on February 13, 2013
In last post I have shown you how to install and configure a dual homed direct access server behind the edge. If you have not read that, read it here. Before we move forward in our exercise let’s check out what configurations has been changed in our server. This will help during troubleshooting.
IPConfig in DA Server; Few things has been changed
- In Automatically Private IPv6 Address has been provisioned
- ISATAP Address has been configured
- IP-HTTPS Interface and Tunnel End Points has been configured
- Local IPv6 route table & persistent routes for IPv6 prefix has been updated
- In remote access management console Step 1, Network Connectivity Assistant has been updated with a new out of box web probe URL i.e. http://direct-access-WebProbeHost.Contoso.Local
- In IIS IP-HTTPS SSL is not configured in binding section of default website with 443.
To check SSL certificate binding lets run “netsh http show sslcert”.
- In Remote Access management console Operation Status Page check everything is working fine
- In Direct Access server open “Windows Firewall with Advanced Security” Console. You can use “wf.msc to open the same. Make sure “DirectAccess Policy-DaServerToCorpSimplified” Connection Security Rules is created.
- Make sure DirectAccess Policy-DaServerToCorpSimplified rule is set for both inbound and outbound connection & Authentication is set to Custom.
- To check Authencation, Open properties for the rule – click authentication tab – click customize
- First Authentication Method is selected for Computer & 2nd Authentication is selected for User.
- Active Directory DNS has been updated with few Host Records
- Open Group Policy Management console and verify two newly created GPOs and to whom they are applied to
In next post we will test Direct Access Infrastructure with Windows 8 clients.