DirectAccess deployment in a LAB on 2012 R2
i´ve deployed da edge server on 2012 r2 in lab enviroment. don´t have plublic domain name , pki infra. did quick deploy using public ip name, distributed pre-build policies test laptop, changed connetion ad lan public internet connection , started testing out. problem is, laptop has status "connecting" on da connetion ages. nothing happends. on event viewer see dns errors, because cannot register public dns server.
on da server, did quick deploy. has direct nic internet , corporate lan (ad). status green. checked 2 article, not apply me, good:
https://support.microsoft.com/en-us/kb/2980635
any tips? possible da public ip , not public domain?
i got working! experience, there no way without certificates. setup pki lab , vola!
just short memolist this:
- make sure gpos inheritated correctly. consider exclude existing windows firewall policies not interfer. includes clients , da server.
- disable 6to4 client machines
- computers use workstation authorization cert.
- da server need workstation aithorization cert ipsec , web servers sert http-ip. use public da fqdn adress cert´s subject name.
- update da server ms patches -> https://support.microsoft.com/en-us/kb/2883952
Windows Server > Network Infrastructure Servers
Comments
Post a Comment