Configuring "Manage Out" Server 2012 DirectAccess IP-HTTPS

Hoping someone with hands on experience configuring Manage Out functionality can answer a few questions for me?
We have built a Server 2012 VM and deployed DirectAccess successfully.  Have tested with both Win7 and Win8 clients successfully.  After some initial issues with DNS were addressed with a Microsoft hotfix, it seems to be running stable.
I want to configure Manage Out capabilities, so that I can remotely help the DA clients with software installs and similar.  I've read up on as many blog entries as I can find, but still finding it a bit mystifying. 
We are using IP-HTTPS connectivity.  As best I can tell, we are not using Teredo or ISATAP.  The DA server is dual-NIC and is configured behind an Edge device (NIC #1 is DMZ and receives NAT'd traffic from external IPv4 address on firewall, NIC
#2 is internal LAN).  Our internal networks are IPv4 only (no IPv6 at all); therefore DNSv4 and DHCPv4 internally).
Am hoping that somewhere there might be a step-by-step configuration guide to match our scenario.  Alternatively, if someone can recommend a Local (i.e. Melbourne, Australia) consultant who knows this stuff backwards, I'd consider paying for that.

OKay, so finally I am in a position to share some information ... it has taken me about 6 months of off-and-on (mostly "off") activity to get things working.
We engaged a third-party company to do the initial installation of Direct Access.  This got us 90% of the way to where we needed to go.
The configuration of Manage Out was eventually achieved, but we did take some further expert advice, because I didn't want to change anything without first understanding What was being changed and Why it needed to be changed.  So I had to be educated
quite a bit about IPv6, IP-HTTPS and ISATAP.
We ended up disabling all IPv6 on the clients EXCEPT for the IP-HTTPS protocol.  This was done via a GPO.
I ran into some problems with IPv6 and ISATAP initially when configuring our IT PCs to be able to "manage out" to the DA clients.  We went with a non-standard name for the ISATAP Router (we called ours ISATAP-DirectAccess) and pointed this in DNS to
the internal IPv4 address of the DA server.  This was enforced via a GPO.  However our PCs did not get IPv6 addresses on their ISATAP adapters.  This was eventually resolved by changing some settings on the ISATAP adapter for the Internal NIC
on the DA server.  The settings were:  Forwarding=Enabled and also Advertising=Enabled
After that the IT PCs were getting ISATAP addresses fine, but some of the DA Clients were not registering themselves with an IPv6 address in our Internal DNS.  This was eventually resolved when we discovered that some of the DA Clients' DNS records
had 'bad' security permissions on them.  Once we fixed those permissions we found the DA Clients would register an IPv6 address when operating in Direct Access mode (and would remove their old IPv4 address) and would register an IPv6 address when connected
internally (and would remove their unwanted IPv6 address).
There was also a hitch with getting Windows Remote Assistance working with the DA clients.  This required a Hotfix from Microsoft to get it working properly.
Setting the Firewall rules for the DA clients with Edge Traversal enabled was the easiest part of the process frankly.  The most difficult part was troubleshooting the problems with DNS registration and the problems with getting selected internal PCs
to get a valid ISATAP adapter address from the DA server.

Similar Messages

  • Workflow Manager Configuration Issue Windows Server 2012 R2 / SQL 2014

    Hello All,
    Environment:  SharePoint 2013 Enterprise with SP1
    Farm consists of
     2 App Server, 2 Web Server and 2 SQL Servers all the server have Windows 2012 R2 
    OS .  The SQL backend is SQL Server 2014
    Installed Workflow manager on the Web server, the configuration ran fine without any errors. Trying to browse the workflow management site via IIS Manager encountered Certificate Error clicked Continue to this website which gives a HTTP 403 Forbidden and
    following detail message
    This error (HTTP 403 Forbidden) means that Internet Explorer was able to connect to the website, but it does not have permission to view the webpage.
    Checked the web site Workflow Management Site in the IIS manager which has only one folder bin . I was not able to submit the Screenshot
    I have installed the latest patch for the Workflow manager and the Service Bus
    Question I have
    Should there be more folder under the Workflow Management Site.
    Why is the Web site not showing the web page
    Is workflow manager supported for Windows Server 2012 R2 and SQL 2014
    Thanks
    Dhanraj

    Hi Dhanraj,
    I captured the screenshot from my IIS Manager on workflow server. There is only bin folder under Workflow Management site
    If I browser workflow host uri from IIS Manager
    https://localhost:12290, I received certification error, and I chose the continue to this website, it returned me as follow:
    From the link: http://support.microsoft.com/kb/2902007/en-us It is supported on Windows Server 2012 r2 if you have install latest update.
    Here is an article which talks about error:
    http://www.sp2013blog.com/Lists/Posts/Post.aspx?ID=36
    In addition, here is the reference for troubleshooting workflow manager 1.0 management:
    http://msdn.microsoft.com/en-us/library/jj193529(v=azure.10).aspx#AnalyzingWorkflowManagementLogs
    You could also open SharePoint Designer 2013 and see if you could create a workflow on platform 2013.
    Regards,
    Rebecca Tu
    TechNet Community Support

  • Configure SSL SQL Server 2012 Cluster Instance

    Hi,
    I am trying to configure a SSL Certificate on a named clustered instance but i can't
    This is the errorlog message
    2014-12-11 14:28:51.49 spid10s Error: 17182, Severity: 16, State: 1.
    2014-12-11 14:28:51.49 spid10s TDSSNIClient initialization failed with error 0xd, status code 0x38. Reason: An error occurred while obtaining or using the certificate for SSL. Check settings in Configuration
    Manager. The data is invalid.
    2014-12-11 14:28:51.49 spid10s Error: 17182, Severity: 16, State: 1.
    2014-12-11 14:28:51.49 spid10s TDSSNIClient initialization failed with error 0xd, status code 0x1. Reason: Initialization failed with an infrastructure error. Check for previous errors. The data is invalid.
    2014-12-11 14:28:51.49 spid10s Error: 17826, Severity: 18, State: 3.
    2014-12-11 14:28:51.49 spid10s Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error
    log.
    2014-12-11 14:28:51.50 spid10s Error: 17120, Severity: 16, State: 1.
    2014-12-11 14:28:51.50 spid10s SQL Server could not spawn FRunCommunicationsManager thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.

    Hi Jame,
    According to your description, you encountered the error when you were trying to configure a named clustered instance to use SSL certificate.
    Based on my research, the error 17182 "TDSSNIClient initialization failed with error 0xd, status code 0x38" occurs specifically because of the fact that the string under Certificate value cannot be properly converted back to a valid thumbprint
    of the certificate.
    A common root cause for these symptoms is an invisible character that may have been inadvertently added to the certificate's Thumbprint value, when it gets copied out of the Certificates snap-in's rich-edit control in MMC. For example, if the thumbprint
    contains the Unicode character, then it may cause this issue, the following similar issue is for your reference:
    http://blogs.msdn.com/b/sqljourney/archive/2013/07/23/when-using-ssl-sql-failover-cluster-instance-fails-to-start-with-error-17182.aspx
    For more details and the resolution about this issue, please refer to the following article:
    https://support.microsoft.com/kb/2023869?wa=wsignin1.0
    If you have any question, please feel free to let me know.
    Regards,
    Jerry Li

  • Windows Server Essentials error occurred while configuring on Windows Server 2012 R2 Standard

     am attempting to install the Windows Server Essentials on a new domain controller in a new domain and forest.   I go to add roles and features and select essentials.  The config wizard says it is Updating and Preparing the Server and
    That is all the information that you need to provide. Your server is being prepared for use and may restart more than once. This may take up to 30 minutes.
    It goes to 3% and the encounters an error saying An error occurred while configuring Windows Server Essentials. Please try again.  I don't seem to find anything in the log to indicate why it fails.

    Hi boe_d,
    Based on your description, did you mean that this error was occurred in process of installing the Windows Server
    Essentials Experience Role on Windows Server 2012 R2 Standard? If I misunderstand, please don’t hesitate to let me know.
    If it is, have you re-tried the role installation? Please check if still go to 3% and then get the same error
    message.
    In addition, please add
    ServerAdmin$ account to the Logon as a service Group Policy, and then monitor the result. For more details, please refer to the following article.
    You may be unable to run post-deployment configuration wizard after you install the Windows Server Essentials
    Experience role
    http://blogs.technet.com/b/sbs/archive/2013/12/04/you-may-be-unable-to-run-post-deployment-configuration-wizard-after-you-install-the-windows-server-essentials-experience-role.aspx
    If this issue still exists, please navigate to: %windir%\Logs\CBS folder and check the CBS log file if you
    can find any error that depend on the Essentials Experience Role setup time.
    Hope this helps.
    Best regards,
    Justin Gu

  • Getting Client Name in Remote Desktop Manager for Server 2012 R2

    Remote Desktop Manager appears to have been replaced or moved in Server 2012 to Server Manager. It doesn't really matter to me where this is located, however I don't seem to have all of the features that were in Remote Desktop Manager (2008 R2). The biggest
    one that I need is to be able to tell what computer each RDS user is logged in from. We use this quite often so we can remote into that users computer for troubleshooting. 
    Does anybody know how to obtain this information in Server 2012 R2? If it's not possible in Server Manager, can it be done with Powershell? A 3rd party application? 
    So far the only way I have been able to do this is if there is still a 2008 R2 server on the network. I can log into it and use Remote Desktop Manager to connect to the 2012 R2 server. Since a 2008 server can still obtain this information for a 2012 server
    there must be a way to achieve this. 
    Thanks in advance! 
    Tom

    Hi Tom,
    In addition, the PSTerminalServices PowerShell Module might help.
    https://psterminalservices.codeplex.com/releases/view/65937
    You can run Get-TSSession in PowerShell.
    Thanks.
    Jeremy Wu
    TechNet Community Support

  • Server 2012 DirectAccess - RDP

    Hi
    Just curious, if someone is running DirectAccess with remote desktop, and the clients do not actually connect via DirectAccess at all. The clients will just connect using standard RDP. But DirectAccess is running on the server. Is there any benefit or use
    for DirectAccess if they are avoiding connecting using it DirectAccess?
    Just seems like to make use of DirectAccess you would need to connect via that first then use the RDP, or am i missing something?

    Hi,
    Would recommend you follow the Windows Server 2012 Test Lab Guides for DA
    http://social.technet.microsoft.com/wiki/contents/articles/7807.windows-server-2012-test-lab-guides.aspx
    This will help you setup the virtual environment correctly. 
    Regards, Rmknight

  • Server 2012 DirectAccess and QOS

    Hi everyone,
    Having read through the forums, I found a couple of threads on the limitations of QOS in relation to DirectAccess and I was wondering if this has been resolved in Server 2012/Server 2012 R2 or whether a work around is now available?
    I'm trying to use DPM 2012 R2 for backup of multiple laptops which works well over DirectAccess; up to the point where it eats all the available bandwidth causing ping times to go over 1000ms and the internet connection to become more or less unusable.
    Thanks
    Chris

    Hi,
    Not sure you can use Windows QOS because your trafic goes throught the IPSEC tunnel witch are encapsulated in HTTPS (common case but Teredo is also possible). QOS only see HTTPS, not your protocol Inside HTTPS+IPSEC. I'm not a DPM expert but for sure there
    might have some ways to control consumed bandwdith at DPM agent level.
    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

  • Server 2012 DirectAccess Issues

    I have DirectAccess configured on Server 2012.  Just a single NIC configuration.  I've got it configured to work with Windows 7 and everything is fine as far as accessing network resources from the DirectAccess client, but not the other way around. 
    I've setup ISATAP for the machines that I want to communicate with the clients and that appears to be working.
    The first problem we are having is the client will not register with our DNS servers. 
    If we manually add a record with it's IPv6 address, we can ping the client, RDP to the client, but Microsoft Remote Assistance or trying to browse to the client doesn't work. 
    I believe I have opened the correct ports and allowed edge traversal on the client.  Do you guys have any other suggestions?  Thank you.

    Hi,
    "To configure ISATAP you have to put ISATAP host (A) record in your DNS and all machines can then resolve this name to configure their ISATAP adapters." (Quoted from below article)
    Windows Server 2012 Direct Access – Part 1 What’s New
    In addition go through beneath articles and thread for more information.
    1.  Direct Access Windows Server
    2012 - ISATAP and Internet connectivity problem
    2.  'Real W2orld' Direct Access installation using Windows Server 2012
    Hope it helps!
    Thanks,
    Dharmesh

  • Introscope Manager on Server 2012

    We are have solution manager 7.1 SP 8, we start to Install Wily Introscope Manager 9.1.5.
    we are download the required files Wily_IS_EM15* for Windows X64.
    we uncar files in folder Drive\usr\sap\CCM\apmintroscope.
    Windows 2012
    CA Wily Introscope OSGI 9.1.5.0
    CA Wily Enterprise Manager 9 SP15
    Extract CA Wily Enterprise Manager
    Copy eula.txt into the extracted folder.
    Accept the agreements in eula.txt and ca-eula.txt
    Update the installer.properties file as necessary
    Copy the CA Wily Introscope OSGI zip file into the extracted folder
    Run the Introscope9.1.5.0windowsAMD64SAP.exe
    We didn't find any run process for introscope.
    Although we are install the same version on Server 2003&2008R2 and it's completely successfully.
    Why this exe file didn't work on server 2012?

    Hi Said,
    Sorry, but can you clarify which server are you referring to as develop ABAP server ?
    Is that a Managed system ?
    Hope you are performing Introscope EM installation on Solution Manager host.
    LM-Service component has to be checked in Solution Manager system (part of Solution Manager Java stack).
    If you want to use Introscope EM 9.1.5.0, then please ensure that the LM-Service component has appropriate patch level as per SAP Note 1565954 - Introscope 9 Release Notes
    Also, have you manually created the folder apmintroscope under E drive ?
    Please check the Wily guide at below link if you want to customize the path for Wily EM installation, other than the default C:\usr\sap\ccms\apmintroscope.
    http://service.sap.com/instguides -> Installation & Upgrade Guides -> SAP Components -> SAP Solution Manager -> Release 7.1 -> Installation -> Wily Introscope Setup Guide 9.*
    Hope this helps.
    Thanks & Regards,
    Nisha

  • Remote Desktop Configuration on Windows Server 2012 R2

    Hi, I wanted to see if anyone knows how to access the console that was known before as Terminal Services Configuration.
    I've been having trouble with some servers that have 2 or more NICs and sometimes the RDP protocol won't listen on the right IP and I can't connect until I disable the other NICs.
    Usually in 2008 R2 I would just go on this console and define the specific IP Address in which the RDP Protocol should be listening to, but know I can't find this console anywhere on 2012 R2.
    Any ideas on how I can get there or change this setting on Windows Server 2012 R2?
    Thanks
    Eduardo Rojas

    Hi,
    Based on my research, please try the following on your Windows Server 2012 R2.
    1. Start Registry Editor.
    2. Navigate to the following registry key (path may wrap):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
    3. Under this key are one or more keys for the globally unique identifiers (GUIDs) corresponding to the installed LAN connections. Each of these GUID keys has a Connection subkey. Open each
    of the GUID\Connection keys and look for the Name value. Choose the connection you want Terminal Services to use.
    4. When you have found the GUID\Connection key that contains the Name setting that matches the name of your LAN connection, write down or otherwise note the GUID value.
    5. Then navigate to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\lanatable. Using the GUID you noted in step 5 select subkey. Note it's LanaId.
    6. Navigate to the following value:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\LanAdapter. Change it's data to the value you noted in step 6. If you want RDP to listen on all LAN
    adapters enter value of 0.
    Note: Serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you
    modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, please refer to
    How to back up and restore the registry in Windows.
    Hope this helps.
    Jeremy Wu
    TechNet Community Support

  • Windows Could Not Update the Computer's Boot Configuration. Windows Server 2012

    I am trying to install Windows Server 2012. When installing, I get the message Windows Could Not Update the Computer's Boot Configuration. Installation
    cannot proceed. It cancel the installation. Can anyone help me with my problem?

    Hi,
    Any update about the issue?
    Please post more detail information about the issue?
    How did your do the installation? clean install or override install?
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Service Manager, Configuration Manager and Orchestrator 2012 Database

    Hi,
        I have installed Configuration Manger 2012 R2(CM) on a system and i want to install Service Manager 2012 R2(SM), and was wondering if it would be possible to point to the database of CM while installing the SM 2012 R2 or do i need to install
    a separate database.
        And similarly if i want to install the Orchestrator would it be possible to point to the database of CM while installing the Orchestrator 2012 R2 or do i need to install a separate database.
    Thanks

    Firstly, each System Center component (SCOM, SCCM, etc.) has their own database(s). I believe that you are asking about using the same SQL server, or possibly the same SQL server instance.
    The answer to your question would depend on a few things, like if you are trying to do this in a lab/POC, or in Production. Here is an article about coexistence of System Center components: http://technet.microsoft.com/en-us/library/jj851033.aspx.
    Although it applies to System Center 2012 SP1, I would believe the same can be applied to the R2 version.
    Hopefully that gets you started in the right direction. 
    Also, note what it says in this article (http://www.derekseaman.com/2013/06/teched-2013-system-center-config-mgr-2012-sp1.html), in the SQL Guidelines,
    specifically "Do NOT combine databases from other system center products. Don’t build a giant SQL cluster for all system center products."

  • File Server Configuration on Windows Server 2012 R2

    Dear All,
    I need your support in my scenario.
    Work Environment: 
    I work in a company where we have multiple departments.
    My Department is elearning.
    All Departments get Internet and Network Access from IT Department.
    My Department Requirement:
    I Need to Install and Configure File Server and assign storage space for 25 users for storing their respective work files.
    Availability:
    I have installed windows 2012 R2 on my physical server which is connected to my local network
    My Question:
    Do I have to make my server a DC to Install and configure File Server for my requirement?
    If No, then How can I fulfill my requirement ?
    Kindly revert.
    Best Regards,
    Ahmed

    Do you already have an AD domain in your environment? If yes then simply add your File Server as member server and use your AD user accounts to grant the required accesses.
    If no then you can:
    Create local user accounts and provide access using them
    or make your server a DC, create AD accounts and then grant the required accesses
    Before proceeding, it would be better to see with your IT department what is already available and their recommendations to manage your needs.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • IIS Manager for Server 2012 Core

    Is there a command that I can run to access the gui for IIS Manager. I need to access the certification request, but keep reading it is impossible to do from core. If so, how are you to create a certificate request from a core version?

    You have accidentally posted your question in Microsoft Project Server specific forum , consider re-posting your question using appropriate 
    forum for faster and expert response, I think following forum might be appropriate
    http://social.technet.microsoft.com/Forums/en-US/home?forum=winservercore
    Hrishi Deshpande Senior Consultant

  • Error message when accessing Cluster Manager (Windows Server 2012-based) console from a Windows 8 system

    Hi all;
    Please look at the following figures:
    Any ideas?
    Thanks
    Please VOTE as HELPFUL if the post helps you and remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

    Hi,
    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
    Thanks for your understanding and support.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

Maybe you are looking for