Installing and Configuring Direct Access Server 2016
In This article we will show you how to install direct access and configuring direct access server 2016, in windows server 2016 and windows server 2012 and 2012 r2. Direct Access, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, Direct Access connections are designed to connect automatically as soon as the computer connects to the Internet.
While Direct Access is based on Microsoft technology, third-party solutions exist for accessing internal UNIX and Linux servers through Direct Access. With Windows Server 2016, Direct Access is fully integrated into the operating system, providing a user interface to configure and native IPv6 and IPv4 support.
Installing Direct Access Server 2016
Before beginning, you need to install direct access, to install follow the steps in the section titled “Installing Remote Access server 2016”. To install remote access role on the direct access server. The getting started wizard or the remote access setup wizard from the remote access management console can be used to initially configure the remote access role. Each enables you want to install both direct access and vpn on the same server. The getting started wizard is a very useful tool for configuring direct access with only a very few mouse clicks.
Configuring Direct Access Server 2016
Back in Server Manager, click on Tools -> Remote Access Management (You can ignore the warning icon, the Open the Getting Started Wizard will only do a quick setup of Direct Access. We want to do a full deployment).
Step 1: On the Remote Access Management Console, click on DirectAccess and VPN on the top left and then click on the Run the Remote Access Setup Wizard.
Step 2: Click Run the Remote Access Wizard to open the welcome to Remote Access page of the configure Remote Access wizard. On the Configure Remote Access window, select Deploy DirectAccess only.
Step 3: when click on Deploy Direct Access only it will automatically open Enable DirectAccess Wizard on introduction page, click next.
Step 4: After the Pre-Requisite check you will be prompted to add a specific group for computers that will be enabled for DA.
Step 5: On the Select Group page, select one or more security groups containing client computers that will be enabled for direct access. You can decide if you want to enable DA for mobile computers only, I am not doing that as I have some VMs that will be using DA for testing.
You can decide if you want to enable DA for mobile computers only, I am not doing that as I have some VMs that will be using DA for testing. And then click Next.
Step 6: Network Topology, on the Remote Access server setup page, select the network topology of the server, in this case I have selected Behind an Edge device (with a single network adapter). and then type the publish name or IP address used by clients to connect to the Remote Access Server.
Step 7: DNS Suffix Search List. On the Infrastructure Server Setup page, Click Next.
Step 8: Review the GPOs that will be applied to the client computer security group and the direct access server setting. Modify GPO setting if required. And then click next.
Step 9: You have successfully completed the direct access wizard. Direct access is configured with default setting. Then click on “Click here to edit the wizard setting” blue type.
Step 10: On the Remote Access Review page, you can change DirectAccess Server GPO name and client GPO name and also you can change Remote Client. So, click OK to open Direct Access Wizard. On this page, click finish to become Enable DirectAccess Wizard Apply page, when configuration is applied successfully close to close enable directaccess wizard page, as shown in figure.
Step 11: when you finish Enable DirectAccess wizard it will open the Configure Remote Access Management Console, including the DirectAccess and VPN page, as shown in figure.
Step 1 Implement Client Configuration
Step 1: Click Configure in the in the first step 1 Remote clients box to open the DirectAccess client setup wizard shown in figure. Choose whether DirectAccess clients will have remote access management, or only remote management.
Step 2: Click Next to open the Select Groups page of the DirectAccess Client Setup Wizard, as shown in figure. If you add more group, Click Add to open the standard Select groups dialog box to add security groups that will have DirectAccess enabled.
Step 3: Click Next to open the Network Connectivity Assistant page of the Direct Access Client Setup Wizard, as shown in figure.
Step 4: Double-click in the first line in the Resources that Validate Connectivity to internal Network box to open the Configure Corporate Resources for NCA dialog box. You can enter an HTTP address or a PING address that the Network Connectivity Assistant (NCA) can use to verify connectivity. You can add multiple resources if desired.
Step 5: Select PING or HTTP for the resource type and enter the URL or FQDN of the resource. Click validate to insource that the resource is reachable. Click Add to add the resource and return to the NCA page.
Step 6: Click Finish; the DirectAccess Client Setup Wizard closes, and you’re back at the main Configure Remote Access page. Step 1 now shows Edit instead of Configure.
Note: if you want to Edit or configure all of these, Click the Configure or Edit button in Step 2 or the Remote Access Setup pane of the Remote Access Management Console. In step 2 you can edit Remote Access Server. And also you can edit infrastructure Server in step 3.
After the configuration has been sucessfully created it is possible to monitor the DirectAccess configuration from the Remote Access Dashboard
Here is a pretty good resource from Microsoft on helping plan your DirectAccess deployment. Once you click on the link, in the bottom left corner, you will find two steps to some good KB articles: http://technet.microsoft.com/en-us/library/jj134262.aspx
Here is another article from Microsoft with a more indepth explanation about where to place the Network Location Server: http://technet.microsoft.com/en-us/library/ee382275(v=ws.10).aspx
In this first article we covered the prerequisites before implementing and Configuring Direct Access, Server 2016 and how to configure basic DirectAccess settings using the Windows Server 2016 DirectAccess assistant. In the second article, I will show you how to create Firewall policy rules on the Forefront TMG Server and how to configure Windows 10 clients as DirectAccess clients.