locked
Direct Access 2012 R2 - RDP to Direct Acces Clients RRS feed

  • Question

  • Hi folk,

    I have Direct Access working in a 2012 R2 Environment as Single Site (IPHTTPS). Now I have the requirement for connect the Direct Access Clients through RDP from the LAN.

    I can connect with direct access clients through temporary IPv6 IPHTTPS, but I need to do this using DNS of the Clients. Is that possible?

    I really appreciate your help.

    Regards,

    Daniel 

    Tuesday, January 19, 2016 2:23 AM

Answers

  • Hi,

    You have 3 choices to be able to RDP to the DA clients.

    1. Enable IPv6 on your internal network and make sure IPv6 DNS is also enabled.
    2. Follow a great article by Jason Jones for a targeted ISATAP deployment. http://blogs.technet.com/b/jasonjones/archive/2013/04/19/limiting-isatap-services-to-directaccess-manage-out-clients.aspx
    3. Create a Jump Host server. Normal windows server but it has an static IPv6 address and its default gateway is the IPv6 Address of the DA server noramlly ends with 3333:1. The jump host will have to be placed in the same VLAN as the internal nic of the DA server so no firewalls block the IPv6 traffic. Support people will have to RDP to the Jump Host and then RDP to the DA cleint using the client FQDN that will resolve to a IPv6 address.

    I have used Option 2 & 3 many time but never option 1 :-)

    Regards


    Regards, Rmknight

    • Marked as answer by Daniel_Avila_R Wednesday, January 27, 2016 2:01 AM
    Tuesday, January 19, 2016 9:27 AM

All replies

  • Hi,

    You have 3 choices to be able to RDP to the DA clients.

    1. Enable IPv6 on your internal network and make sure IPv6 DNS is also enabled.
    2. Follow a great article by Jason Jones for a targeted ISATAP deployment. http://blogs.technet.com/b/jasonjones/archive/2013/04/19/limiting-isatap-services-to-directaccess-manage-out-clients.aspx
    3. Create a Jump Host server. Normal windows server but it has an static IPv6 address and its default gateway is the IPv6 Address of the DA server noramlly ends with 3333:1. The jump host will have to be placed in the same VLAN as the internal nic of the DA server so no firewalls block the IPv6 traffic. Support people will have to RDP to the Jump Host and then RDP to the DA cleint using the client FQDN that will resolve to a IPv6 address.

    I have used Option 2 & 3 many time but never option 1 :-)

    Regards


    Regards, Rmknight

    • Marked as answer by Daniel_Avila_R Wednesday, January 27, 2016 2:01 AM
    Tuesday, January 19, 2016 9:27 AM
  • Hi Rmknight,<o:p></o:p>

    Thanks for your answer.<o:p></o:p>

    I have a relative question… in the option 2, does the Direct access clients register its own DNS?, I Mean, could I access with the DNS of each workstations or need IPv6 in the RDP console?

    Best regards,

    Daniel

    Tuesday, January 19, 2016 2:42 PM
  • Hi,

    If your DNS is able to use AAAA records, your client will register themselves and from a Manage-Out computer, you will be able to connect to the client using their hostname.

    Just check in your DNS Server if you have IPv6 records like this:

    Gerald

    Thursday, January 21, 2016 10:45 AM