Step-By-Step: Setting Up DirectAccess

  • Article

DirectAccess, introduced by Microsoft during the release of Windows 7 and Windows 2008 R2 acts as an always-on connection from remote location to local network. This enables remote clients to automatically connect to the local network and ensure the connection will reestablish itself should the connection drop. This feature is works based on IPsec and IPv6. So if your network is not yet move in to IPv6 you need to use transition mechanism such as Trendo, 6to4 etc to use it along with IPv4. This post will take you through the steps of enabling DirectAccess.

Prerequisites

  1. An Active Directory domain environment at a Windows Server 2008 R2 domain functional level at minimum
     
  2. The server enabling the DirectAccess server role must be added to the domain
     
  3. DirectAccess clients must be running Windows 7 Enterprise, Ultimate versions or higher
     
  4. The DirectAccess server must be accessible via a public IP address
     
  5. If network is not running with IPv6, transitioning technologies such as 6to4, Teredo, ISATAP will be required
     
  6. PKI (public key infrastructure) is required to issue certificates for devices authentication. The DirectAccess enabled server must have SSL installed and must contain valid FQDN which can be access from internet

Step 1: Adding the DirectAccess role to the designated server

  1. Log on to the designated server as member of domain administrator or enterprise administrator security group
     
  2. Navigate to Server Manager > Add Roles and Features
     
    Windows_Server_DirectAccess_001
     
  3. Once the wizard opens, click next to continue
     
    Windows_Server_DirectAccess_002
     
  4. Select option “role-based or feature-based installation” and click next
     
    Windows_Server_DirectAccess_001
     
  5. From the server selection I keep the default and click next
     
    Windows_Server_DirectAccess_003
     
  6. From the server roles list, put tick box on “Remote Access” option and click next
     
    Windows_Server_DirectAccess_005
     
  7. From the features list keep default and click next
     
    Windows_Server_DirectAccess_007
     
  8. In next window it gives explanation about  remote access role and click next to continue
     
    Windows_Server_DirectAccess_008
     
  9. On role service list click on “DirectAccess and VPN (RAS) ” option to select. Then it will prompt to add related features. Click add feature to add them
     
    Windows_Server_DirectAccess_009
     
  10. If the deployment also need routing services make sure to add “Routing” option too. Then click next to continue
     
    Windows_Server_DirectAccess_010
     
  11. Click next to continue when the process displays a description about web server role
     
  12. For IIS role services keep default and click next to continue
     
  13. At the confirmation about roles and features screen, click install to continue
     
    Windows_Server_DirectAccess_013
     
  14. Wait for the installation to complete
     
    Windows_Server_DirectAccess_014
     
  15. After it is completed close the console to exit from the wizard
     

Step 2: Configuring the DirectAccess service

  1. Navigate to Server Manager > Tools > Remote Access Management
     
    Windows_Server_DirectAccess_101
     
  2. Then it will load the mmc and from there select DirectAccess and VPN and configuration section in left hand panel
     
  3. To run the wizard click on the option from Remote access mmc
     
    Windows_Server_DirectAccess_103
     
  4. From the console select option Deploy DirectAccess Only
     
    Windows_Server_DirectAccess_104
     
  5. Then in next window it shows 4 main steps to complete the configuration. In some setups all 4 options will not apply. For example some time remote access server role will holds by the infrastructure or the application server
     
    Windows_Server_DirectAccess_105

Further details regarding this will be made available in a future post.