locked
UAG Direct access and one domain and multiple sites RRS feed

  • Question

  • Hi all,

     i want to implement UAG Direct access in my site, and there is already UAG Direct access configured in my domain and they use their UAG DA as ISATAP router and it's there in the DNS.

    how can i install my separate UAG DA and configure it.

    Thanks


    Tarek Khairy

    Wednesday, August 8, 2012 11:37 AM

All replies

  • Hi

    Having multiple DirectAccess implementation in the same domain is not a problem. Concerning ISATAP, because ISATAP A record is in the DNS, this will cause problem. You must configure your internal clients to use your ISATAP router by configuring the ISATAP Router Name parameter in the GPO.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, August 8, 2012 11:44 AM
  • thanks for the reply, is there any problem if my DNS servers is windows server 2008 SP2 not R2?

    and how can i troubleshoot the clients if they don't have IPv6 when i run the IPconfig /all cmd?

    thanks


    Tarek Khairy

    Wednesday, August 8, 2012 11:54 AM
  • No, it's not a problem. UAG DirectAccess even work with a simple Windows 2003 DNS server.

    By default, your clients will try to locate the ISATAP DNS record to get the ISATAP router and get the ISATAP prefix. I you suspect you have a problem with an ISATAP interface, let start with :

    NETSH INTERFACE ISATAP SHOW STATE to check if ISATAP is not disabled

    NETSH INTERFACE ISATAP SHOW ROUTER to check if you use a specific router name

    Restart the IPHLPSVC service to refresh ISATAP configuration.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, August 8, 2012 12:01 PM
  • what about the UAG DA GPO's it will be there from the beginning for the other site.


    Tarek Khairy

    Wednesday, August 8, 2012 12:30 PM
  • Client UAG DA GPO are filtered by security groups. Just create new security groups for your new UAG DirectAccess infrastructure. Server-Side GPO is filtered with the UAG DA Computer account by default. So there is no problem with GPOS.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Wednesday, August 8, 2012 12:32 PM
  • thanks for the reply, i have another question regarding the Windows Direct Access in my case if some one deleted the GPO's that created in the Active Directory GPO's by the direct access how can i restore it or fix this problem.

    Tarek Khairy

    Thursday, August 9, 2012 1:31 PM
  • Hi

    You can backup you GPO with GPMC or regenerate them with a new UAG activation.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, August 9, 2012 1:32 PM