locked
Can DirectAccess and Exchange 2013 work on the SAME machine ? RRS feed

  • Question

  • After 2 unsuccessful attempts to deploy DirectAccess-Feature on an existing Exchange 2013-Server, let me ask the question if this is possible.

    What I already have ...

    - Exchange 2013 on

    - a Windows 2012 (NOT R2!)

    -1 NIC

    - local Domain behind a NAT

    - 1 public IP-Adress (IPv4)

    - Successful working VPN-Access via PPTP and SSTP via the Exchange-Server

    - I do not have L2TP and IPSEC-VPN

    I read a lot about DirectAcces, but in fact, nothing about the combination Exchange and DirectACcess on 1 machine.

    The only information was that it is not recommended to have Web-Applications and DirectAccess on one machine, but it works.

    Any ideas ?

    Friday, January 15, 2016 9:41 AM

Answers

  • Hi NicoNi,

    Thanks for posting on the TechNet forum.

    >>I read a lot about DirectAcces, but in fact, nothing about the combination Exchange and DirectACcess on 1 machine.

    Yes, I searched a lot and didn't find out an official article about the combination Exchange and DA.

    >>After 2 unsuccessful attempts to deploy DirectAccess-Feature on an existing Exchange 2013-Server, let me ask the question if this is possible.

    For stability, security reason, I suggest you deploy Direct Access on a separate dedicated server .

    Besides, may I know what happened when you deployed the Direct Access on this exchange server?

    Any prompt information?

    In addition,You could try to deploy this feature by using powershell command: get-windowsfeatrue | where_object{$_.name -like '*direct access*'} | install-windowsfeature -whatif

    This is just a workaround.

    Best regards,


    Andy_Pan

    • Proposed as answer by Hello_2018 Tuesday, February 2, 2016 8:36 AM
    • Marked as answer by Leo Han Wednesday, February 3, 2016 12:52 AM
    Monday, January 18, 2016 7:03 AM

All replies

  • Hi NicoNi,

    Thanks for posting on the TechNet forum.

    >>I read a lot about DirectAcces, but in fact, nothing about the combination Exchange and DirectACcess on 1 machine.

    Yes, I searched a lot and didn't find out an official article about the combination Exchange and DA.

    >>After 2 unsuccessful attempts to deploy DirectAccess-Feature on an existing Exchange 2013-Server, let me ask the question if this is possible.

    For stability, security reason, I suggest you deploy Direct Access on a separate dedicated server .

    Besides, may I know what happened when you deployed the Direct Access on this exchange server?

    Any prompt information?

    In addition,You could try to deploy this feature by using powershell command: get-windowsfeatrue | where_object{$_.name -like '*direct access*'} | install-windowsfeature -whatif

    This is just a workaround.

    Best regards,


    Andy_Pan

    • Proposed as answer by Hello_2018 Tuesday, February 2, 2016 8:36 AM
    • Marked as answer by Leo Han Wednesday, February 3, 2016 12:52 AM
    Monday, January 18, 2016 7:03 AM
  • Thank you for your answer.

    I think, the main Problem is still having only ONE public IP-adress.

    At the Moment, I have Exchange with all the HTTPS-stuff running and working together with SSTP/VPN.

    I think that was the reason for the ambitiuous next step.

    The deploymentof DirectAccess as a role/Feature itself was not the Problem.

    The first Problem is/was that the wizard did not succeed at all. it always crashed ith or after the step "deplyoing behind NAT" (I don't have the exact message at the Moment)All I figured out by googling the Problem is. that something is wrong with a certificate.

    I have seen that the "install-remoteaccess"-command included a  part with "-NLScertficate" and then a lots of binary numbers.

    With some handwork, a hand-modified install-remoteaccess succeded but after a reboot nothing worked anymore.

    - the machine booted slowly

    -many Exchange Services remined in "starting"-Phase for hours

    -some of the management-console-snapins failed because the Domain was not accessible

    - Outlook Clients wer no more able to reach the Exchange server

    the only help was manually removing DirectAccess, deleteing the GPOs as well as Registry-values.

    Monday, January 18, 2016 9:13 AM
  • Hi NicoNi,

    Thanks for your feedback.

    Since deployed Direct Access on an existing Exchange Server have so many adverse effects.

    I would suggest you just deploy a separate server for Direct Access.

    Besides, I have tried a lot for deploying the two services on same server with one IP address in my lab, but not succeed.

    Thanks again for posting here.

    Best regards,


    Andy_Pan



    • Edited by Hello_2018 Tuesday, January 19, 2016 7:40 AM
    Tuesday, January 19, 2016 7:38 AM
  • Thank you.

    In fact, I have no idea how to deal with the Problem of having only ONE public IP-adress.

    The DSL-router now routes ports such as 443, 80 to the Exchange-Server.

    As I understand, DirectAccess also uses 443 and 80 as key Features.

    Your Suggestion is okax but how to do this in life world ? the separate Direct acces-Server is also not the Problem.

    Do I Need another technique to "route" anything which is not neeede for Exchange to the separate Server ?

    Tuesday, January 19, 2016 9:51 AM