Jump to content
RESET Forums (homeservershow.com)

DirectAccess


Jason
 Share

Recommended Posts

  • Replies 21
  • Created
  • Last Reply

Top Posters In This Topic

  • ImTheTypeOfGuy

    4

  • jmwills

    4

  • Jason

    9

  • marky9074

    3

I ran a test w/ a single laptop.  The only catch (by design) is that I had to update group policy on the laptop while it was connected to the LAN in order for the client to receive the DirectAccess configuration.  Once that occurred, I could disconnect the client and take it offsite and it could seamlessly connect to the domain remotely.  Incredible.

 

I've tried several scenarios to install the WS2012e connector to a remote PC via the internet, join it to the WS2012e domain and update group policy remotely.  It works.  Group policy is updated, the client receives the DA config.  However the client machine doesn't register in the WS2012e dashboard as being connected AND the DirectAccess connection isn't successful (hangs on 'connecting').

Link to comment
Share on other sites

I don't know how to do it but Microsoft says the client machine does not have to be on the network. I believe they said a certificate would be sent to the client machine via email and once that's installed direct access would work without the computer ever being on the network.

Link to comment
Share on other sites

I don't know how to do it but Microsoft says the client machine does not have to be on the network. I believe they said a certificate would be sent to the client machine via email and once that's installed direct access would work without the computer ever being on the network.

Link to comment
Share on other sites

I don't know how to do it but Microsoft says the client machine does not have to be on the network. I believe they said a certificate would be sent to the client machine via email and once that's installed direct access would work without the computer ever being on the network.

 

Wow.  I didn't realize this.  I do know that the group policy update (GPUPDATE) on the client PC results in the machine being authorized for DirectAccess AND retrieves the certificate at the same time.    However, in my experience, unless the GPUPDATE is performed when the client is on the LAN, it doesn't work.  In fact, I've managed to get the group policy updated on a client via the internet, DA configuration updated on the client PC, yet it hangs on "Connecting".

 

The same steps done to the client machine on the LAN work successfully.

Link to comment
Share on other sites

Based on my testing, the client has to be added to the domain locally to receive the group policy update. After that, it can be anywhere with Internet access and it will be a remote member if the domain with a persistent VPN connection.

Link to comment
Share on other sites

As long as you have a copy of the policy, you can mimic that on just about any machine.

Link to comment
Share on other sites

Didn't know this. How? Never saw instructions on how to do this. Am sure others would benefit from this. Thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...