DirectAccess – Installation – Configuration in Windows Server 2016/2019


Windows Server 2019

Configuring and Administering the DirectAccess Service

Configuration

From the server manager, click the notification icon 1 and then click Open Startup Assistant 2 to launch the wizard.

Lauch configuration Wizard

Click Deploy DirectAccess only 1 .

Select DirectAccess only

Wait while checking the configuration …

Check configuration for DirectAccess

The deployment topology is normally detected automatically based on the network adapters configured on the server, indicate the FQDN 1 name through which the DirectAccess service will be accessible and click Next 2 .

Configure FQDN

On the capture above, I use a private FQDN name (url), because infrastructure has been mounted in LAB and the WAN (public) part simulated.

Click here 1 to change the default configuration, we will indicate the group of computers that can use the service.

Edit configuration

In the Remote Clients section, click Change 1 .

Edit Remote computer

Select the Computer group of domain 1 and click on Delete 2 . If desktop computers need to connect through DirectAccess, uncheck box 3 Enable DirectAccess for laptops only.

Remove Domain computers group

When the Enable DirectAccess for Laptops Only check box is selected, a WMI filter is added to the Configuration Group Policy for DirectAccess.

Add the Active Directory Group 1 that contains the computers that are allowed to connect to the service and click Next 2 .

Configure group

Click on Finish 1 to validate the configuration.

Valid DirectAccess config

Close the parameter access window by clicking OK 1 ….

Quit config

Apply the configuration by clicking Finish 1 .

Confirm config DirectAccess

Wait while configuring DirectAccess …

Wait during configuration

When the configuration is complete, click Close 1 . When closing the configuration wizard the remote access management console will open.

Configuration completed

An alert may be displayed if the fqdn name for DirectAccess is part of the same domain as the ActiveDirectory. This will add an exception entry in the NRPT table for DNS resolution of clients.

Management

Administration and changes to DirectAccess service settings are done through the Remote Access Management console.

DirectAccess Management

In the menu on the left, by clicking on DirectAccess and VPN 1 , you can access the service deployment view with the possibility to modify the configuration.

Overview DirectAccess configuration

In the box of Step 3, click Edit 1 .

Edit step3

The first Server Network Location setting is used to configure the probe that lets the computer know where it is in the network.

Server probe

The DNS settings show the resolution strategies for the NRPT table, we can see that an exception has been added for the fqdn name to access the DirectAccess service.

Param DNS NRPT for DirectAccess

Back on the Remote Access Management console in the Dashboard section, verify that all services are green.

Services DirectAccess ok



Leave a Comment