Scroll To Top

Installing and Configuring Direct Access Server 2016

Posted in Article, Networking, Windows Server11 months ago • Written by Nyaz4 Comments

In This article we will show you how to install direct access and configuring direct access server 2016, in windows server 2016 and windows server 2012 and 2012 r2. Direct Access, also known as Unified Remote Access, is a VPN-like technology that provides intranet connectivity to client computers when they are connected to the Internet. Unlike many traditional VPN connections, which must be initiated and terminated by explicit user action, Direct Access connections are designed to connect automatically as soon as the computer connects to the Internet.

While Direct Access is based on Microsoft technology, third-party solutions exist for accessing internal UNIX and Linux servers through Direct Access. With Windows Server 2016, Direct Access is fully integrated into the operating system, providing a user interface to configure and native IPv6 and IPv4 support.

Installing Direct Access Server 2016

Before beginning, you need to install direct access, to install follow the steps in the section titledInstalling Remote Access server 2016”. To install remote access role on the direct access server. The getting started wizard or the remote access setup wizard from the remote access management console can be used to initially configure the remote access role. Each enables you want to install both direct access and vpn on the same server. The getting started wizard is a very useful tool for configuring direct access with only a very few mouse clicks.

Configuring Direct Access Server 2016

Back in Server Manager, click on Tools -> Remote Access Management (You can ignore the warning icon, the Open the Getting Started Wizard will only do a quick setup of Direct Access.  We want to do a full deployment).

Step 1: On the Remote Access Management Console, click on DirectAccess and VPN on the top left and then click on the Run the Remote Access Setup Wizard.

Step 2: Click Run the Remote Access Wizard to open the welcome to Remote Access page of the configure Remote Access wizard. On the Configure Remote Access window, select Deploy DirectAccess only.

Deploy DirectAccess Only

Deploy DirectAccess Only

Step 3: when click on Deploy Direct Access only it will automatically open Enable DirectAccess Wizard on introduction page, click next.

Enable Direct Access server 2016

Enable Direct Access server 2016

Step 4: After the Pre-Requisite check you will be prompted to add a specific group for computers that will be enabled for DA.

Direct Access

Direct Access

Step 5: On the Select Group page, select one or more security groups containing client computers that will be enabled for direct access. You can decide if you want to enable DA for mobile computers only, I am not doing that as I have some VMs that will be using DA for testing.

DirectAccess Client Setup

DirectAccess Client Setup

You can decide if you want to enable DA for mobile computers only, I am not doing that as I have some VMs that will be using DA for testing. And then click Next.

Step 6: Network Topology, on the Remote Access server setup page, select the network topology of the server, in this case I have selected Behind an Edge device (with a single network adapter). and then type the publish name or IP address used by clients to connect to the Remote Access Server.

Remote Access server setup

Remote Access server setup

Step 7: DNS Suffix Search List. On the Infrastructure Server Setup page, Click Next.

Infrastructure Server Setup

Infrastructure Server Setup

Step 8: Review the GPOs that will be applied to the client computer security group and the direct access server setting. Modify GPO setting if required. And then click next.

GPO Configuration

GPO Configuration

Step 9: You have successfully completed the direct access wizard. Direct access is configured with default setting. Then click on “Click here to edit the wizard setting” blue type.

Configuration Settings

Configuration Settings

Step 10: On the Remote Access Review page, you can change DirectAccess Server GPO name and client GPO name and also you can change Remote Client. So, click OK to open Direct Access Wizard. On this page, click finish to become Enable DirectAccess Wizard Apply page, when configuration is applied successfully close to close enable directaccess wizard page, as shown in figure.

Enable DirectAccess

Enable DirectAccess

Step 11: when you finish Enable DirectAccess wizard it will open the Configure Remote Access Management Console, including the DirectAccess and VPN page, as shown in figure.

Configuring Remote Client

Configuring Remote Client

Step 1 Implement Client Configuration

Step 1: Click Configure in the in the first step 1 Remote clients box to open the DirectAccess client setup wizard shown in figure. Choose whether DirectAccess clients will have remote access management, or only remote management.

Deploy full Direct Access

Deploy full Direct Access

Step 2: Click Next to open the Select Groups page of the DirectAccess Client Setup Wizard, as shown in figure. If you add more group, Click Add to open the standard Select groups dialog box to add security groups that will have DirectAccess enabled.

Add Groups

Add Groups

Step 3: Click Next to open the Network Connectivity Assistant page of the Direct Access Client Setup Wizard, as shown in figure.

Network Connectivity Assistant

Network Connectivity Assistant

Step 4: Double-click in the first line in the Resources that Validate Connectivity to internal Network box to open the Configure Corporate Resources for NCA dialog box. You can enter an HTTP address or a PING address that the Network Connectivity Assistant (NCA) can use to verify connectivity. You can add multiple resources if desired.

Step 5: Select PING or HTTP for the resource type and enter the URL or FQDN of the resource. Click validate to insource that the resource is reachable. Click Add to add the resource and return to the NCA page.

Step 6: Click Finish; the DirectAccess Client Setup Wizard closes, and you’re back at the main Configure Remote Access page. Step 1 now shows Edit instead of Configure.

Configuring Direct Access Server 2016

Configuring Direct Access Server 2016

Note: if you want to Edit or configure all of these, Click the Configure or Edit button in Step 2 or the Remote Access Setup pane of the Remote Access Management Console. In step 2 you can edit Remote Access Server. And also you can edit infrastructure Server in step 3.

After the configuration has been sucessfully created it is possible to monitor the DirectAccess configuration from the Remote Access Dashboard

NOTES:

Here is a pretty good resource from Microsoft on helping plan your DirectAccess deployment.  Once you click on the link, in the bottom left corner, you will find two steps to some good KB articles: http://technet.microsoft.com/en-us/library/jj134262.aspx

Here is another article from Microsoft with a more indepth explanation about where to place the Network Location Server: http://technet.microsoft.com/en-us/library/ee382275(v=ws.10).aspx

Conclusion:

In this first article we covered the prerequisites before implementing and Configuring Direct Access, Server 2016 and how to configure basic DirectAccess settings using the Windows Server 2016 DirectAccess assistant. In the second article, I will show you how to create Firewall policy rules on the Forefront TMG Server and how to configure Windows 10 clients as DirectAccess clients.

TAGS: , ,

4 Comments so far. Feel free to join this conversation.

  1. Rosaline August 30, 2016 at 7:11 pm - Reply

    I see interesting posts here. Your blog can go viral easily, you need some initial traffic only.
    You should read about bucksflooder , this might interest you.

    • Nyaz September 1, 2016 at 8:26 pm - Reply

      Thanks for appreciate dear Rosaline….

  2. Simon James January 8, 2017 at 6:54 pm - Reply

    Thank you very much for sharing this knowledge with us all. I followed ras, vpn, directaccess. from your blogs. Each subject came to fruition and I now have a very flexible stable server datacentre, thanks again ;–]]

    • Nyaz January 9, 2017 at 7:17 pm - Reply

      Dear Simon James! thanks for comment, give us your suggestions, opinion about what articles we have to write.

Leave A Response