none
DirectAccess Server migration RRS feed

  • Question

  • Hi,

    I have migrated DirectAccess Server to MS Azure. My DirectAccess Server were running on Edge with two NIC. 

    For this I have Created a VM on azure with dual NIC also attached the Public IP to one of the primary NIC. After attaching the Public IP on azure the NIC also have Internal IP's on that. Both the NIC were Facing to domain so i created a Outbound Polcy to block NLA from Public NIC.

    I am able to take remote using that Public IP. but in the remote access Server set up getting the error that external Adapter is not configured Properly. Below is the Screenshot of the error. Any help on this.?

    Thanks,

    roshan

    • Edited by roshan kr Wednesday, December 20, 2017 4:16 AM
    Wednesday, December 20, 2017 4:15 AM

Answers

  • The first problem I see here is that your network interfaces are on the same IPv4 subnet. You'll need to put your external-facing NIC on a separate subnet. You will also need to ensure that the external facing subnet cannot communicate with your internal subnets by using network security groups or user defined routes.
    • Marked as answer by roshan kr Thursday, January 11, 2018 9:47 AM
    Wednesday, December 20, 2017 6:12 PM
  • Rich is correct that your two NICs on a DA server cannot be part of the same subnet. As much as I try to talk anyone OUT of using single-NIC mode with DirectAccess, when you're doing it inside Azure it is certainly easier to set it up with a single internal NIC and just NAT into it. So perhaps going single-NIC would get you better results if you don't want to have to figure out building a "DMZ" inside Azure.

    You should also be aware that doing DirectAccess on an AzureVM is officially not supported by Microsoft. Or at least the last time I checked, the decision on that has flopped back and forth a number of times. Even though it is "not supported" it seems to work fine and I have set it up numerous times, so it's your call on how you want to proceed with that information. :)

    • Marked as answer by roshan kr Thursday, January 11, 2018 9:47 AM
    Tuesday, January 2, 2018 6:49 PM

All replies

  • The first problem I see here is that your network interfaces are on the same IPv4 subnet. You'll need to put your external-facing NIC on a separate subnet. You will also need to ensure that the external facing subnet cannot communicate with your internal subnets by using network security groups or user defined routes.
    • Marked as answer by roshan kr Thursday, January 11, 2018 9:47 AM
    Wednesday, December 20, 2017 6:12 PM
  • Rich is correct that your two NICs on a DA server cannot be part of the same subnet. As much as I try to talk anyone OUT of using single-NIC mode with DirectAccess, when you're doing it inside Azure it is certainly easier to set it up with a single internal NIC and just NAT into it. So perhaps going single-NIC would get you better results if you don't want to have to figure out building a "DMZ" inside Azure.

    You should also be aware that doing DirectAccess on an AzureVM is officially not supported by Microsoft. Or at least the last time I checked, the decision on that has flopped back and forth a number of times. Even though it is "not supported" it seems to work fine and I have set it up numerous times, so it's your call on how you want to proceed with that information. :)

    • Marked as answer by roshan kr Thursday, January 11, 2018 9:47 AM
    Tuesday, January 2, 2018 6:49 PM