Name resolution and proper DNS server configuration is vital to the functionality of DirectAccess. When performing initial configuration of DirectAccess, or making changes to the DNS server configuration after initial configuration, you may notice the operations status for DNS indicates Critical, and that the operations state shows Server responsiveness.
Highlighting the DNS server on the Operations Status page and viewing the details shows that DNS is not working properly with the following error message:
None of the enterprise DNS servers <IPv6_address> used by DirectAccess
clients for name resolution are responding. This might affect DirectAccess
client connectivity to corporate resources.
There are a number of things that can contribute to this problem, but a common cause is an error made when assigning a DNS server to a specific DNS suffix. An inexperienced DirectAccess administrator might specify the IPv4 address of an internal corporate DNS server, which is incorrect. The DNS server IPv4 address should be the address assigned to the DirectAccess server’s internal network interface.
The best way to ensure that the DNS server is configured correctly for DirectAccess is to delete the existing entry and then click Detect.
An IPv6 address will be added automatically. This is the IPv6 address of the DNS64 service running on the DirectAccess server, which is how the DNS server should be configured for proper DirectAccess operation.
Once the changes have been saved and applied, the DNS server should once again respond and the status should return to Working.
Posted by Richard M. Hicks on September 22, 2015
Recently I had the opportunity to once again join Richard Campbell on his popular RunAs Radio podcast to chat about all things remote access in Windows Server 2012 R2. The conversation starts out with DirectAccess, but we also touch upon important topics like client-based VPN and BYOD access. We also talk a little bit about DirectAccess in Windows Server 2016 and what the future might look like for DirectAccess in Windows.RunAs Radio
You can listen to the podcast here.
Posted by Richard M. Hicks on September 14, 2015
Today Microsoft announced a new partnership with Dell to deliver the Surface Pro and Windows 10 to enterprise customers around the world. This new initiative addressees the specific needs of large enterprises, whose increasingly mobile workforce places unique demands on IT to provide high levels of security and consistent platform management. This partnership will ensure that Dell’s enterprise customers have access to the Microsoft Surface Pro along with Dell’s enterprise-class service and support offerings.
Of course DirectAccess on Windows Server 2012 R2 complements this initiative quite nicely. Using DirectAccess with it’s always on functionality ensures that remote Windows devices like the Surface Pro are always managed and consistently updated, providing IT administrators greater control and visibility for their field-based assets than traditional VPN is capable of providing. In addition, DirectAccess connectivity is bi-directional, allowing administrators to “manage out” to their connected DirectAccess devices. This opens up compelling use cases such as initiating remote desktop sessions for the purposes of troubleshooting or conducting vulnerability scans to determine the client’s security posture.
In addition, Windows 10 now supports the full enterprise feature set of DirectAccess on Windows Server 2012 R2, including geographic redundancy and transparent site failover, along with significant performance improvements over Windows 7 for perimeter/DMZ deployments. DirectAccess with Windows 10 is also easier to manage and support.
For more information about the Microsoft/Dell partnership, watch Microsoft CEO Satya Nadella’s message here. For assistance with the planning, design, and implementation of a DirectAccess solution, click here.
Posted by Richard M. Hicks on September 8, 2015