locked
UAG activated takes network down. DNS registration goes to ISATAP address only. RRS feed

  • Question

  • GPO's are created in seperate OU, not at top of AD.  Filters look correct, but servers and desktops are dropping thier IPv4 address and registering with IPv6 ISATAP address.  This takes network down.

    Need help....

    Friday, October 5, 2012 1:35 AM

All replies

  • Hi

    Once you setup an ISATAP router on your LAN and register the ISATAP host in your internal DNS, Clients like Windows Vista and above will use IPv6 rather than IPv4. ISATAP is only required for remote management scenarios and some advanced DirectAccess Deployment. Your UAG box is your ISATAP router. Just delete your ISATAP record in your DNS host and your internal clients will no longer be able to use IPv6 internally.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Friday, October 5, 2012 9:06 AM
  • Exactly. Microsoft does not recommend ISATAP in large Enterprise environement. ISATAP is not required, it is optionally. It is only required for DirectAccess Manage-Out functionality. The UAG DirectAccess wizard says you should, but that is misleading.

    If you need Manage-Out capability use a custom GPO instead, which points that particalar Manage-Out Client to your ISATAP router (read DirectAccess Server).


    Boudewijn Plomp, BPMi Infrastructure & Security

    Wednesday, October 10, 2012 12:23 PM