locked
Direct Access 2012 RRS feed

  • Question

  • Direct Access Client has internet access limited when Direct Access Server 2012 shut down, is normally?
    Thursday, February 14, 2013 12:40 AM

Answers

  • This doesn't have anything to do with Force Tunneling if it's for users that are inside the office. As Jonas said, it sounds like when you take down the DA server that you are also taking down the NLS website. If you ran through the quick Getting Started Wizard when you setup DirectAccess, that would have placed the NLS website onto the DirectAccess server itself. If you turn off the NLS website, your DirectAccess client computers that are inside the network will not recognize that they are inside the network, and their name resolution will be broken. So to answer your question, in your installation scenario yes, this is expected behavior. You shouldn't be turning off your DA server, but you definitely don't want to be turning off your NLS website.

    • Marked as answer by cvelarde Tuesday, February 26, 2013 10:00 PM
    Tuesday, February 19, 2013 6:18 PM
  • Since you are talking about clients on the corporate network, the problem is most likely that when your DA server goes offline the NLS also goes offline.

    It is very important that your NLS always is online, otherwise your clients will think that they are outside the corporate network and therefore will try to establish the DA tunnels and activate the NRPT rules.

    I would suggest that you move the NLS functionality away from your DA server to a HA-configured webserver.
    (A failover cluster or using HA with a virtual machine)


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by cvelarde Tuesday, February 26, 2013 10:00 PM
    Thursday, February 14, 2013 7:59 PM

All replies

  • hi, if you enforce tunneling this is the expected behavior. do you enforce tunneling? regards, lutz
    Thursday, February 14, 2013 3:18 AM
  • Hi,

    Are you talking about clients on the corporate network or out on the internet?

    If you are talking about clients present on the corporate network, do you have your NLS server located on the DA server?


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    Thursday, February 14, 2013 8:30 AM
  • AS mentioned sounds like you have forced tunnelling on which sends all internet traffic through your DA server to your proxy and back out again.  Check your DA settings to see if the Force Tunnelling checkbox is enabled?

    Thursday, February 14, 2013 10:10 AM
  • corporate network

    cvelarde

    Thursday, February 14, 2013 2:59 PM
  • I need check.

    regards

    cvelarde

    Thursday, February 14, 2013 3:00 PM
  • Since you are talking about clients on the corporate network, the problem is most likely that when your DA server goes offline the NLS also goes offline.

    It is very important that your NLS always is online, otherwise your clients will think that they are outside the corporate network and therefore will try to establish the DA tunnels and activate the NRPT rules.

    I would suggest that you move the NLS functionality away from your DA server to a HA-configured webserver.
    (A failover cluster or using HA with a virtual machine)


    Jonas Blom | Relevo AB | http://blog.nrpt.se

    • Marked as answer by cvelarde Tuesday, February 26, 2013 10:00 PM
    Thursday, February 14, 2013 7:59 PM
  • I´m checking setting DA console and Checkbox is Disabled. another solution?

    regards

    Thursday, February 14, 2013 10:44 PM
  • Clarkkeyi

    I´m checking setting DA console and Checkbox is Disabled. another Option? 

    regards

    Thursday, February 14, 2013 10:44 PM
  • This doesn't have anything to do with Force Tunneling if it's for users that are inside the office. As Jonas said, it sounds like when you take down the DA server that you are also taking down the NLS website. If you ran through the quick Getting Started Wizard when you setup DirectAccess, that would have placed the NLS website onto the DirectAccess server itself. If you turn off the NLS website, your DirectAccess client computers that are inside the network will not recognize that they are inside the network, and their name resolution will be broken. So to answer your question, in your installation scenario yes, this is expected behavior. You shouldn't be turning off your DA server, but you definitely don't want to be turning off your NLS website.

    • Marked as answer by cvelarde Tuesday, February 26, 2013 10:00 PM
    Tuesday, February 19, 2013 6:18 PM