DirectAccess Load Balancing Video

DirectAccess Load Balancing VideoConfiguring load balancing in DirectAccess is essential for eliminating single points of failure and ensuring the highest level of availability for the solution. The process of enabling load balancing for DirectAccess can be confusing though, as it involves the reassignment of IP addresses from the first server to the virtual IP address (VIP) for the cluster.

In this video I demonstrate how to enable DirectAccess load balancing and explain in detail how IP address assignment works for both Network Load Balancing (NLB) and external load balancers (ELB).

Leave a comment


  1. Hi
    I appreaciate this very helpfull Information about Direct Access with load balancing (NLB / ELB). The information ist very clear an straight forward. I have one issue I don’t understand from a Technical Point of view. Why we need nlb/elb also on the internal Interface of the DA Servers, what is the reason?
    Best regards bueschu

    • The only reason for enabling load balancing on the internal interface is to support the web probe host and NLS URLs if they are collocated on the DirectAccess server.

  2. Stan Morisse

     /  March 23, 2017

    Hi Richard,

    the video is very clear on how NLB and ELB can be configured in order for the DirectAccess clients to connect to the production network. Thanks for that!

    What I am personally still missing is more information on how to enable manage-out over such an ELB cluster (as ISATAP is not supported on most ELBs).
    There is a document provided by F5 ( But somehow that document indicates multiple directacces configurations and not a DirectAccess load balanced cluster with nodes, sharing the same configuration. This is not what I am really looking for.

    My question is: Is there a way for you to elaborate a bit further on how to configure the DirectAccess external load balancing (which you addressed in your video) setup, so that once it is set up with multiple nodes, corporate machines can reach the DirectAccess clients (for example to enable Remote assistance). I am not referring to changing firewall rules on the client, although that is also a required part of the configuration. I am trying to get non-ambiguous information on how to implement/configure correct routing to and over the cluster nodes for a management computer to be able to reach the DirectAccess client. This is information that is not easily found in the public domain.

    Thanks a lot!

    • The F5 document is rubbish. So is the Citrix NetScaler document if you come across that too. 😉 Restoring manage out functionality for multiserver DirectAccess deployments requires the deployment of IPv6 on the internal network, or implementing a separate ISATAP routing infrastructure. Since deploying IPv6 is non-trivial, many of my customers take the path of least resistance and go the ISATAP route. Reach out to me directly and I’ll provide you with more details. Thanks!


Leave a Reply

Discover more from Richard M. Hicks Consulting, Inc.

Subscribe now to keep reading and get access to the full archive.

Continue reading