O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Microsoft DirectAccess Best Practices and Troubleshooting

Book Description

Secure and efficient functioning of your DirectAccess environment

  • Learn how to make Manage Out work for your DirectAccess clients without compromising your network
  • Learn how to understand enormous logfiles along with common troubleshooting criteria
  • Explore some unique troubleshooting scenarios and learn the solutions
  • Includes illustrations and screenshots with clear, step-by-step instructions and examples from the field

In Detail

DirectAccess is an amazing Microsoft technology that is truly the evolution of VPN; any Microsoft-centric shop needs this technology. DirectAccess is an automatic remote access solution that takes care of everything from planning to deployment.

Microsoft DirectAccess Best Practices and Troubleshooting will provide you with the precise steps you need to take for the very best possible implementation of DirectAccess in your network. You will find answers to some of the most frequently asked questions from administrators and explore unique troubleshooting scenarios that you will want to understand in case they happen to you.

Microsoft DirectAccess Best Practices and Troubleshooting outlines best practices for configuring DirectAccess in any network. You will learn how to configure Manage Out capabilities to plan, administer, and deploy DirectAccess client computers from inside the corporate network. You will also learn about a couple of the lesser-known capabilities within a DirectAccess environment and the log information that is available on the client machines.

This book also focuses on some specific cases that portray unique or interesting troubleshooting scenarios that DirectAccess administrators may encounter. By describing the problem, the symptoms, and the fixes to these problems, the reader will be able to gain a deeper understanding of the way DirectAccess works and why these external influences are important to the overall solution.

Table of Contents

  1. Microsoft DirectAccess Best Practices and Troubleshooting
    1. Table of Contents
    2. Microsoft DirectAccess Best Practices and Troubleshooting
    3. Credits
    4. Foreword
    5. About the Author
    6. About the Reviewers
    7. www.PacktPub.com
      1. Support files, eBooks, discount offers and more
        1. Why Subscribe?
        2. Free Access for Packt account holders
        3. Instant Updates on New Packt Books
    8. Preface
      1. DirectAccess rocks
      2. So many options
      3. Take it from me
      4. Which flavor of DirectAccess are you talking about?
      5. Let's get rolling
      6. What this book covers
      7. What you need for this book
      8. Who this book is for
      9. Conventions
      10. Reader feedback
      11. Customer support
        1. Errata
        2. Piracy
        3. Questions
    9. 1. DirectAccess Server Best Practices
      1. Preparing your Remote Access servers for DirectAccess
      2. NIC configuration
        1. Configuring internal NIC
        2. Configuring external NIC
      3. NIC binding
      4. MAC address spoofing for virtual machines
      5. Adding static routes
      6. Hostname and domain membership
        1. Prestage the computer account
      7. Time for certificates
        1. Installing the IP-HTTPS SSL certificate
        2. Installing the IPsec machine certificate
      8. Adding the roles
      9. Don't use the Getting Started Wizard!
        1. Running the full Remote Access Setup Wizard
        2. Reasons not to use the Getting Started Wizard
          1. Self-signed certificates
          2. Self-hosted NLS
          3. Disables Teredo
          4. Applies client policy to the domain computers group
          5. No advanced choices
      10. Security hardening the server
      11. Summary
    10. 2. DirectAccess Environmental Best Practices
      1. To NAT or not to NAT?
        1. Three is better than one
        2. Efficiency of Teredo over IP-HTTPS
          1. 6to4
          2. Teredo
          3. IP-HTTPS
      2. Planning for Certificates (PKI)
        1. SSL certificate for NLS
        2. SSL certificate for IP-HTTPS
        3. Machine certificates for IPsec
          1. Requirements for the machine certificate
          2. Choosing the CA in the wizards
        4. Marking your calendars for certificate expirations
      3. Defining your GPOs and security groups
        1. Let the wizards take care of it
        2. Creating your own GPOs
      4. Setting up the Network Location Server (NLS)
      5. Do I need IPv6 or ISATAP?
      6. Teredo and 6to4 tips and tricks
        1. Set Teredo to EnterpriseClient
          1. Using Group Policy for this change
        2. Disabling the 6to4 adapter on your clients
          1. Using Group Policy for this change
      7. Summary
    11. 3. Configuring Manage Out to DirectAccess Clients
      1. Pulls versus pushes
      2. What does Manage Out have to do with IPv6?
      3. Creating a selective ISATAP environment
        1. Creating a security group and DNS record
        2. Creating the GPO
        3. Configuring the GPO
        4. Adding machines to the group
      4. Setting up client-side firewall rules
      5. RDP to a DirectAccess client
      6. No ISATAP with multisite DirectAccess
      7. Summary
    12. 4. General DirectAccess Troubleshooting
      1. Remote Access Management Console
      2. Windows Firewall with Advanced Security
      3. Reading the client logfiles
      4. What happened to Teredo?
      5. Clients with native IPv6
      6. Summary
    13. 5. Unique DirectAccess Troubleshooting Scenarios
      1. What happens when NLS is offline?
        1. The resolution
      2. I enabled NLB and DA broke!
        1. The resolution
      3. IPv4 applications don't connect over DA
        1. App46 by IVO Networks
      4. Cannot contact some servers
        1. Routing
        2. Name resolution
        3. Checking DNS for strange AAAA records
        4. Does it work over IP-HTTPS and not Teredo?
      5. Summary
    14. Index