How to Install and Configure KB2862152 for a DirectAccess Scenario

Microsoft recently released a security advisory titled Vulnerability in DirectAccess could allow security feature bypass which can be found here. As part of the associated security update KB2862152 which can be found here, a DirectAccess client enforces more checks in IPsec negotiation when using either certificate-based or Kerberos Proxy authentication methods. During IPsec negotiation, the…

9

The Evolution of Collecting DirectAccess Client Diagnostic Log Information

A common administrator question when learning to troubleshoot DirectAccess client connectivity problems is: “How can you create a client-side diagnostic log which provides specific detail about the DirectAccess configuration, connectivity state and other relevant system information which can be used to isolate the exact problem/issue?”  Depending on how far along the Windows evolutionary journey you…

7

Limiting ISATAP Services to DirectAccess Manage Out Clients

Please Note: This blog post was adapted from a previous UAG DirectAccess blog post and was originally written when the use of ISATAP for the Manage Out scenario was fully supported by Microsoft. However, with the advent of Windows Server 2012 supportability for the use of ISATAP was specifically limited to a single server topology due…

29

Useful Guide: Troubleshooting DirectAccess Manage Out Connections

I’ve discussed the concept of ‘Manage Out’ for Forefront UAG DirectAccess and also more recently for Windows Server 2012 DirectAccess; both of which can be a cause of pain when implementing and supporting a DirectAccess solution using either platform. One of my MCS colleagues in NYC, Colin Brown has written an excellent troubleshooting guide which…

1

Windows Server 2012 DirectAccess Manage Out using Native IPv6

Please Note: The approach provided within this blog post is not suitable when using an External Load Balancer (ELB) or a multisite DirectAccess topology and you will need to use a more traditional native IPv6 deployment where you define your own IPv6 prefixes which are entered as part of the DirectAccess wizard configuration process. I…

3

DirectAccess Hotfix Summary

I thought it might be useful to provide a summary list of DirectAccess related hotfixes from the past and present that may be of use to those embarking on a DirectAccess deployment for the first time, or those experiencing problems that have been solved already! PLEASE NOTE: Microsoft have now provided an official dynamic knowledgebase…

3

Windows Server 2012 DirectAccess: Microsoft DirectAccess Comparison Table

With the impending release of Windows Server 2012 we will have our third iteration of the Microsoft DirectAccess solution. Life began with the DirectAccess feature coming to Windows in the first release of Windows Server 2008 R2 a few years ago now; it was then supercharged using Forefront UAG to offer a truly more achievable…

6