Microsoft DirectAccess Best Practices and Troubleshooting电子书

Microsoft DirectAccess Best Practices and Troubleshooting

Table of Contents

Microsoft DirectAccess Best Practices and Troubleshooting

Credits

Foreword

About the Author

About the Reviewers

www.PacktPub.com

Support files, eBooks, discount offers and more

Why Subscribe?

Free Access for Packt account holders

Instant Updates on New Packt Books

Preface

DirectAccess rocks

So many options

Take it from me

Which flavor of DirectAccess are you talking about?

Let's get rolling

What this book covers

What you need for this book

Who this book is for

Conventions

Reader feedback

Customer support

Errata

Piracy

Questions

1. DirectAccess Server Best Practices

Preparing your Remote Access servers for DirectAccess

NIC configuration

Configuring internal NIC

Configuring external NIC

NIC binding

MAC address spoofing for virtual machines

Adding static routes

Hostname and domain membership

Prestage the computer account

Time for certificates

Installing the IP-HTTPS SSL certificate

Installing the IPsec machine certificate

Adding the roles

Don't use the Getting Started Wizard!

Running the full Remote Access Setup Wizard

Reasons not to use the Getting Started Wizard

Self-signed certificates

Self-hosted NLS

Disables Teredo

Applies client policy to the domain computers group

No advanced choices

Security hardening the server

Summary

2. DirectAccess Environmental Best Practices

To NAT or not to NAT?

Three is better than one

Efficiency of Teredo over IP-HTTPS

6to4

Teredo

IP-HTTPS

Planning for Certificates (PKI)

SSL certificate for NLS

SSL certificate for IP-HTTPS

Machine certificates for IPsec

Requirements for the machine certificate

Choosing the CA in the wizards

Marking your calendars for certificate expirations

Defining your GPOs and security groups

Let the wizards take care of it

Creating your own GPOs

Setting up the Network Location Server (NLS)

Do I need IPv6 or ISATAP?

Teredo and 6to4 tips and tricks

Set Teredo to EnterpriseClient

Using Group Policy for this change

Disabling the 6to4 adapter on your clients

Using Group Policy for this change

Summary

3. Configuring Manage Out to DirectAccess Clients

Pulls versus pushes

What does Manage Out have to do with IPv6?

Creating a selective ISATAP environment

Creating a security group and DNS record

Creating the GPO

Configuring the GPO

Adding machines to the group

Setting up client-side firewall rules

RDP to a DirectAccess client

No ISATAP with multisite DirectAccess

Summary

4. General DirectAccess Troubleshooting

Remote Access Management Console

Windows Firewall with Advanced Security

Reading the client logfiles

What happened to Teredo?

Clients with native IPv6

Summary

5. Unique DirectAccess Troubleshooting Scenarios

What happens when NLS is offline?

The resolution

I enabled NLB and DA broke!

The resolution

IPv4 applications don't connect over DA

App46 by IVO Networks

Cannot contact some servers

Routing

Name resolution

Checking DNS for strange AAAA records

Does it work over IP-HTTPS and not Teredo?

Summary

Index