Windows Direct Access to UAG RRS feed

  • Question

  • Hello,

    I have implemented Windows server 2008 R2 direct access and it is working fine

    I want now to move to UAG Direct Access because I need the NAT64/DNS64

    will installing the UAG effect any application running in my structure, exchange , websites ..??

    and is there step by step to do this ?

    I ahve read this but no much details


    and during the moving , I want to remove the current Direct Access client as I have now only 3 , as we are not in production yet

    If i remove them from the group then the policy will still applied and it will make problems when they are outside of the corporate right? how can i completely remove driect access client

    Thanks in advanced

    Tuesday, November 1, 2011 9:58 AM

All replies

  • and if I moved to UAG , i can access share and remote desktop for windows server 2003 ipv4 ?

    Tuesday, November 1, 2011 10:02 AM
  • No any help i can get ?
    Wednesday, November 2, 2011 8:18 AM
  • I would suggest you remove your DA clients from your group and make sure they loose their DA config, and then disable the old GPO's for DirectAccess.


    Then go ahead and install the UAG. Make sure you include all Windows and UAG Servicepacks and updates the first thing you do, BEFORE enabling DirectAccess.

    RDP and file&print to ipv4 only servers on your corporate network will be accessible via DirectAccess and UAG.

    Please be aware that you should really be careful using ISATAP in your entire corp network. IPv6 support on your servers is only required for servers initiating traffic to DirectAccess clients (for instance, Remote Assistance). If not needed, do not add the ISATAP record in your DNS server and you'll be safe. ;-)




    Wednesday, November 2, 2011 10:11 AM
  • Hi


    You can enable ISATAP on demand. By default, each operating system is looking for an ISATAP DNS record. You can use the follwoing commanl line to configure the ISATAP router to use : NETSH.EXE INTERFACE ISATAP SET ROUTER <IP Address> ENABLED.



    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Wednesday, November 2, 2011 6:00 PM
  • You can also use hosts files to manually decide what internal resources get ISATAP connectivity and which ones do not. Though I don't think that ramos will be using ISATAP at all as it sounds like he has some native IPv6 already (he must if native DA was working).

    For your migration you can delete the GPOs that you have for regular DirectAccess now. UAG will create its own GPOs and even if your client computers still have some settings "left over" from the old GPOs those settings should be overwritten when the new GPOs get filtered to the machines.

    Friday, November 4, 2011 7:04 PM