All posts tagged Windows Server 2012

DirectAccess Clients and TPM

I’ve been frustrated recently with a number of articles and blog posts I’ve seen indicating Windows 8 DirectAccess clients connecting to a Windows Server 2012 DirectAccess server require a Trusted Platform Module (TPM) and the use of smart cards for authentication. This is a myth, and nothing could be further from the truth. TPM and smart cards are indeed supported (TPM with Windows 8, smart cards with Windows 7 and Windows 8 DirectAccess clients) but they are not explicitly required. For the posts I’ve seen I have asked the authors to correct their statements, and to their credit some of them have. Others, unfortunately, have not. I’m not sure if they are simply misinformed or if they are deliberately misleading their readers to downplay DirectAccess in an effort to sell another VPN solution. Regardless, I am compelled to set the record straight here. So, to be perfectly clear:

TPM is NOT a requirement for DirectAccess clients.

There you have it. Now go out and deploy DirectAccess today!

7 Comments
by Richard M. Hicks on March 8, 2013  •  Permalink
Posted in Important Links, Remote Access, Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
Tagged , , , , , , , , , ,

Posted by Richard M. Hicks on March 8, 2013

https://directaccess.richardhicks.com/2013/03/08/directaccess-clients-and-tpm/

Features Deprecated in Forefront UAG Service Pack 3

With the recent release of Service Pack 3 (SP3) for Microsoft Forefront Unified Access Gateway (UAG) 2010, Microsoft has published a list of features in UAG SP3 that have been deprecated. To be clear, this does not mean these features cease to function after you install SP3 on UAG! It is simply meant to give network engineers and security administrators an idea about what features are likely to be removed from future releases of Forefront UAG. Some of the deprecated features should come as no surprise. For example, DirectAccess support in Forefront UAG is now deprecated in favor of DirectAccess in Windows Server 2012. Also, features such as Secure Sockets Tunneling Protocol (SSTP) for client-based remote access are better handled using the remote access role in Windows Server 2012. Other deprecated features may present more of a challenge if you’ve been relying on them to provide secure remote access to applications, such as the deprecation of support for some authentication repositories (e.g. Novell Directory, Notes Directory, TACACS) or the Java-based Session Cleanup tool. For a complete list of deprecated features in Forefront UAG SP3, click here.

4 Comments
by Richard M. Hicks on February 26, 2013  •  Permalink
Posted in Forefront UAG 2010, Important Links, NAP, Remote Access, Windows Server 2012
Tagged , , , , , , , , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 26, 2013

https://directaccess.richardhicks.com/2013/02/26/features-deprecated-in-forefront-uag-service-pack-3/

Hotfix for Windows 7 DirectAccess Clients

This month Microsoft released an important hotfix to address a DirectAccess connectivity issue for Windows 7 clients connecting to a Windows Server 2012 DirectAccess Server. The hotfix specifically resolves an issue where Windows 7 clients face a very long delay reestablishing a DirectAccess session using the IP-HTTPS IPv6 transition protocol after recently disconnecting from a VPN session. In this scenario, Windows 7 DirectAccess clients may take as long as 15 minutes to automatically reestablish a DirectAccess session using IP-HTTPS. During this time the IP-HTTPS adapter state is displayed as disconnected. Refer to Microsoft KB 2796313 more information and to download the hotfix.

1 Comment
by Richard M. Hicks on February 17, 2013  •  Permalink
Posted in Important Links, Remote Access, VPN, Windows 7, Windows Server 2012
Tagged , , , , , , , , , , , ,

Posted by Richard M. Hicks on February 17, 2013

https://directaccess.richardhicks.com/2013/02/17/hotfix-for-windows-7-directaccess-clients/

« Older Posts
Newer Posts »