none
Direct Access Windows 8 Client, can’t access internal network RRS feed

  • Question

  • I am not sure if this is the correct forum to post this, however I hope someone can help me.

    We have 1 Windows 8 Enterprise client, 1 windows 2012 remote access server (configured for Direct Access), and we have our other normal infrastructure servers on a mix of 2008 R2 and 2012 (DNS, DHCP, AD etc).

    The windows 8 Enterprise and Windows 2012 remote access are test systems to evaluate the technology. Direct Access works perfectly and the windows 8 system can access internal resources whether inside the office or out.

    If, however the remote access server is shutdown, the windows 8 client is no longer able to access resources even if it is connected to our internal network, it can’t ping any of the internal servers by host name but it can ping them by IP address, yet the windows 8 system is assigned an IP from our internal DHCP server (2008 R2) and can access websites on the internet fine (it can also ping google.com and other external names) – surely accessing internal resources when the machine is internal should not be having anything to do with the remote access server? What’s going on here? What I would like to happen is if the RA server is shutdown, the client is unaffected when it is internal to our network like all the other machines, I fully understand remote access won’t be possible which is fine but internally it should be ok…it’s almost behaving like the machine is infact trying to connect from an external location and behaving as a remote system – as if windows 8 DA bits are not realising it is in fact internally connected.

    DA was setup using the quick start wizard.

    Many thanks

    Steve

    Friday, September 28, 2012 2:29 PM

All replies

  • Do you have the NLS server on the 2012 da server as well?

    if so then the client cannot make a connection to the NLS and so is then thinking it is outside of the corp network and so trying to start DA?

    The NLS should be well connected and always on. From the old UAG DA days :-) 


    Regards, Rmknight

    Friday, September 28, 2012 2:53 PM
  • Ahh, that will probably be it then. I have NLS on this test server, is it at all possible to install NLS on an additional server without having all the rest of the DA stuff? what about installing it on 2008 R2? I don't see if listed on 2012 or 2008 R2 as an individual role service or feature to install so im not sure how I can make it highly available without installing the entire remote access role... unless that is how it is done?

    if you have any links to some articles about this that would be great also.

    many thanks

    Steve

    Friday, September 28, 2012 5:28 PM
  • The NLS is basically a HTTPS website that the client can validate the certificate on.

    Ie, a standard WS2008R2 with IIS and a certificate from your internal PKI matching the NLS hostname that your client has configured will work perfectly.

    For some detailed information regarding the NLS and different ways to set it up you could read the following article: http://blog.concurrency.com/infrastructure/uag-directaccess-network-location-server-nls/


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    Friday, September 28, 2012 6:28 PM