Direct Access 2016, force tunneling and OTP RRS feed

  • Question

  • Hi,

    would like to know whether Direct Access in Windows 2016 supports force tunneling with OTP?



    Sanka Perera

    Friday, March 10, 2017 3:54 PM

All replies

  • Hi Sanka

    Still the same applies to 2016.

    Do not deploy a DirectAccess server with two-factor authentication with OTP and Force Tunneling, or OTP authentication will fail. An out-of-band Secure Sockets Layer (SSL) connection is required between the DirectAccess server and the DirectAccess client. This connection requires an exemption to send the traffic outside of the DirectAccess tunnel. In a Force Tunnel configuration, all traffic must flow through a DirectAccess tunnel, and no exemption is allowed after the tunnel is established. Because of this, it is not supported to have OTP authentication in a Forced Tunnel configuration.

    Ref -

    Kindest Regards


    • Proposed as answer by John - ITC Wednesday, April 26, 2017 11:19 AM
    Monday, April 24, 2017 1:41 PM