Microsoft recently released a Monitoring Pack for System Center Operations Manager 2012 specifically targets the Remote Access role in Windows Server 2012. With this new monitoring pack, a systems management engineer can monitor a Windows Server 2012 server with the remote access role installed for the following conditions:
DirectAccess
- Network interface connection and settings issues
- IPv6 transition protocol configuration
- DoS, spoof, and replay attack heuristics
- IPsec state
- DNS and management server configuration
- Underlying service status
- OTP-related heuristics
Remote Access and Site-to-Site VPN
- Connection failures
- Improper configuration
- Hardware device and IPsec related failures
- Monitoring of performance counters and instrumentation
This management pack leverages PowerShell cmdlets such as Get-RemoteAccess, Get-DAMultisite, and Get-RemoteAccessHealth. As such, only Windows Server 2012 is supported by this management pack. You can download the System Center Operations Manager 2012 Monitoring Pack for the Windows Server 2102 Remote Access role here.
Kevin Accawi
/ March 18, 2013Hello,
I’ve installed the Remote Access 2012 MP on SCOM 2012 SP1 and made configuration changes as outlined in the Microsoft guide. The Run As account is in the Local Admin group on both my RRAS and DA servers. I’ve also added the Run As account to the DA Servers GPO with Read permissions.
I am not seeing these servers show up in the Monitoring console for SCOM. Nor am I finding any other guides to configure this MP. Any assistance would be greatly appreciated. Thanks.
Richard Hicks
/ March 20, 2013I apologize I don’t have much experience with System Center unfortunately, so I’m not sure what the problem could be. I’d suggest checking out the TechNet DirectAccess forum here – http://social.technet.microsoft.com/Forums/en-us/forefrontedgeiag/.
Rimvel
/ September 19, 2013Hello,
I’m desperate and looking for help with DA.
I’ve set DNS 192.168.3.4 and .192.168.3.56 as in all company servers (in Remote Access Setup, Infrastructure server setup) and in Operation status i get DNS error – “none of enterprice DNS servers used by DA clients for name resolution are responding”. When I try to verify these DNS entries – it says ok…
DA is up and running and my win8 client is able to connect to DA and reach servers using their hostnames, but not IP’s…
Also, I get the problem in your DA logs.
In DTE list PING says FAIL.
DTE List
PING: fd59:a31c:2f03:1000::1 (Fail)
PING: fd59:a31c:2f03:1000::2 (Fail)
I believe this means the same DNS problems. What could i check to resolve these issues?
Richard Hicks
/ September 20, 2013If you’re trying to access intranet resources using IPv4, that will always fail from a DirectAccess client because it uses IPv6 exclusively for transport. You should always access resources by names or IPv6 addresses.
Chris
/ June 18, 2019Hi,
Had some trouble setting this up myself and eventually got it working with the following configs:
1) Use a RunAs account – We were using the local system account, won’t work for DA.
2) RunAs account needs DA Server GPO access – Specifically using the Security Filtering section not via delegation (as I tried).
3) Agent Proxy – The servers need to act as an agent proxy so if you’re not setting this by default then that is something needing turning on. (This last one was fun to find as I had to go searching for GUIDs in the SCOM system to find out what was giving the error!)
After those little gotchas were straightened out the service started appearing with the relevant health bits.
Good times.
Hope this helps any other poor souls still trying to set this up.
Richard M. Hicks
/ June 19, 2019Thanks!
Nazir
/ March 31, 2020Hello Richard,
one of our clients is using DA 2010 and with COVID19 outbreak, the entire estate of 5000 users is working over DA. We continually get alerts from DA about BAD SPI Spoofing attacks which is a false positive as nodes are accepting connections and these alerts are more frequent due to the high volume of connections. I would like to change this threshold but we do not have ops manager. Is there a ways to do this withing the DA management console/registry/GPO?
thanks
Nazir
Richard M. Hicks
/ March 31, 2020Not to my knowledge… :/