Direct Access and RSA

Similar Messages

• XI--- R/3 scenario: directly access and query a Y-table in R/3

  Hi forum,
  I need to make a XI--->R/3 scenario, i want to access and query a table in R/3 (a Y transparent table),
  i have been suggested to use a Sysnchronous call to BAPI/Function module, but i want to know whether there's a way i can access/query a Y-Table in the R/3 directly without using a function module in it,

  hi sudeep,
  to access a table in r/3 u can either go for an rfc or a server proxy.
  >>whether there's a way i can access/query a Y-Table in the R/3 directly without using a function module in it,
  do u mean querying the database directly? u "can" ofcourse do it  but <b>shud never</b> access r/3 database directly.
  [reward if helpful]
  regards,
  latika.

• Direct Access and WIndows Phone 8.1?

  Hi all –
  I am reaching out to the community here because I haven’t been able to find anything concrete. 
  The scenario is that we wish to have links which are sent through an on-prem SharePoint farm resolve on a user’s Windows Phone whilst roaming. 
  The root of the issue is that the client does not have split DNS in place. 
  Therefore when they send a link from the SharePoint site it’s URL is mysite.acme.int, for example, which is not resolvable from outside of the corporate network;
  Acme.com is however.
  We have Direct Access (2012 R2) in place and use Windows Phone 8.1. 
  What I am trying to determine is whether or not we can leverage a DA connection with the Windows Phones in order to attain URL resolution.
  Barring that does anyone have any bright ideas on how to conquer the problem?
  Kind regards and thanks in advance!
  Wren

  Hi Wren,
  Agree with Rmknight. Windows Phone doesn't support DirectAccess at present.
  For detailed information, please refer to the link below:
  https://businessmobilitycenter.microsoft.com/en/webinars/Pages/Webinar-Managing-Enterprise-Content-and-Information-on-Lumia-Windows-Phone-8-1.aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Direct Access and WIndows Phone 8.1 for MySIte Resolution?

  Hi all –
  I am reaching out to the community here because I haven’t been able to find anything concrete. 
  The scenario is that we wish to have links which are sent through an on-prem SharePoint farm resolve on a user’s Windows Phone whilst roaming. 
  The root of the issue is that the client does not have split DNS in place. 
  Therefore when they send a link from the SharePoint site it’s URL is mysite.acme.int, for example, which is not resolvable from outside of the corporate network;
  Acme.com is however.
  We have Direct Access (2012 R2) in place and use Windows Phone 8.1. 
  What I am trying to determine is whether or not we can leverage a DA connection with the Windows Phones in order to attain URL resolution.
  Barring that does anyone have any bright ideas on how to conquer the problem?
  Kind regards and thanks in advance!
  Wren

  Hi Wren,
  For your issue, you can try to configure alternate access mappings with IP address for your MySite Web Application and then you can access your site with IP address.
  As I am not familiar with Windows Phone, you can connect with the Windows Phone support or post threads in Widnwos Phone forums to ask for more information:
  http://answers.microsoft.com/en-us/winphone/forum/wp8?tab=Threads
  Best Regards,
  Eric
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Direct Access and Proxy server...

  I've followed the step-by-step instructions for demonstrating UAG DA in a test lab. It all works fine.
  Now I've configured TMG on the UAG server to act as a web access proxy and created a group policy to apply the proxy settings. It seems that the DA Client applies this policy and tries to use the proxy server for internet access when outside of the Intranet. How do I configure group policy to force the client to use the web proxy when connected to the Intranet, but not when outside the Intranet and connected using DA?
  Thanks all,
  Neil

  Hi Neil,
  I don't think you'll be able to bounce back through the UAG server that the DA client is connected to, since the TMG configuration required isn't with support boundaries.
  However, you can configure the DA clients to use another TMG firewall on your network to connect to the Internet through the Web proxy. You will need to take advantage of the DNS64/NAT64 on the UAG server to connect to the FQDN of the outbound web proxy listener on the TMG firewall. That will translate the IPv6 request to a IPv4 request, and since the TMG firewall's web proxy will perform name resolution on behalf of the client, then client doesn't need to worry about that.
  That's how it's supposed to work. I'll try to stand this up in the lab and see what it works in practice.
  Thanks!
  Tom
  MS ISDUA/UAG DA
  Anywhere Access Team

• Direct Access Migration of Root CA

  We have a Domain Controller "DC01" which has the Enterprise Certificate Services role installed and the CA on this Domain Controller is named "DC01"
  The CDP location on the CA "DC01" is <servername> so effectively it's LDAP://DC01 (only LDAP is published on the certificates, no http etc.)
  The CA "DC01" issues the version1 "Computer" certificates with AutoEnrollment to all clients and all our internal clients and external clients have a "Computer" certificate from CA "DC01"
  Now we have an UAG SP3 server with Direct Access and all our clients connect successfull with Direct Access as it's setup now
  In the UAG configuration (wizard) on the IPsec Certificate Authentication screen on the option "Use a certificate from a trusted root CA" the "DC01" Root CA certificate is selected
  As Microsoft best-practises we want to move the Enterprise Certificate Services to a new member server "CS01" and effectively create a new Root CA "CS01"
  As we use the version1 "Computer" certificate template we cannot select "reenroll all certificate holders"
  so idea is to duplicate the "Computer" certificate template as a v2 template that supersedes the version1 computer template, this effectively replaces all current Computer certificates based on the old v1 computer template on clients.
  Then all clients get a new "Computer" certificate from the new Root CA but in the UAG Direct Access configuration the "IPsec Certificate Authentication" "Use a certificate from a trusted root CA" the old "DC01" Root CA
  certificate is still selected
  Question1; will this lock out clients that have a new Computer certificate from the new Root CA but the UAG Direct Access configuration still use the Root CA certificate from the old DC01 CA?
  Another idea is NOT to supersede the the version1 Computer certificate but AutoEnroll the new v2 duplicated Computer template.
  This means that clients will have a Computer certificate from the old CA "DC01" but also a Computer certificate from the new CA "CS1"
  Question2; can a client have 2 computer certificates (1 from old DC01 ca and 1 from new CS01 ca) and connect Direct Access and will this still work?

  Yes, the clients will still connect with two different certificates. I haven't had your exact situation before, but I have had to deal with a CA server that died, and we had to replace it with a new one. We stood up a new CA, issued "Computer"
  certificates again from the new CA (the old certs still existed on all the client computers) - and then switched the UAG settings over to the new root CA. This worked.
  I do recommend deleting the old certificates from the client computers if possible, so that there is no potential for conflict down the road, but the above scenario worked fine for us and I have also worked with numerous companies that have multiple machine-type
  certificates on their client computers and as long as they have one which meets the DA criteria and chains up to the CA that is active in the UAG config, it'll build tunnels.

• Data source could not able select NOT ALLOWED DTP Direct Access

  He Experts,
  I have a Problem, I have searched in Fourms and Blogs also but I did get any solution .
  I am developing HCM reports, as per my requirement extracting data through customized Function Module.ZGET_REQUI_DETAILS_NEW1.
  I can find data in RSA3 and it is loaded sucessful in BI, this I was comformation with the monitor screen
  all indicators are in Green Trafic signals.
  then I came to PSA but I cann't see data here one pop up is comming Error & in help message no D0313
  I found one thing the request which is in PSA come with GREEN (request updated to Target)
  rest of all standard are in Red untill transfer to targets.
  I found secound thing in the DATA SOURCE in Extraction Tab option Direct Access is selected with
  Allowed, but I want to sent data to standard DSO.
  that options are in disable mode even in edit selection.
  Queires:
  1. How to change the option NOT ALLOWED DTP Direct Access insted of Allowed in Data Source(ZREQUI_FM)
  2. what is will do to see data in PSA.
  Regards
  Vijay

  Dear Vijay,
  Iu2019m going to try helping you,
  In the ECC DataSource setting tcode: SBIW. You should check in your ZREQUI_FM DataSource the following setting of value in the DataSource: Costumer Version Edit field u201CExtractionu201D the following field ExtractStruct, Direct Access and Delta Update:
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fb69a990-0201-0010-64ab-cbbfc6f0f75b
  I hope this guideline can help you to find the answeru2026.
  Luis

• Windows 2012 Direct Access ISATAP not working

  I just installed Windows 2012 Direct Access and it's working fine for my company's Windows 7 Ent clients. The only issue I can't around with is that ISATAP is not working on this box.
  We want to be able to manage-out in our native IPv4 environment, the isatap A record has already been created and is resolvable to all client machines including the Direct Access server. Unfortunately, ISATAP still appears to be Disabled. Do we need to manually
  set this to enabled apart from what I've already done?
  PS C:\Windows\system32> Get-RemoteAccessHealth
  Component            RemoteAccessServer   HealthState     TimeStamp            Id
  Server               localhost            OK              1/31/2013
  3:26:43 PM
  6to4                 localhost            Disabled        1/31/2013 3:21:44 PM
  Vpn Addressing       localhost            Disabled        1/31/2013 3:21:44 PM
  Network Security     localhost            OK              1/31/2013 3:21:44 PM
  Dns                  localhost            OK             
  1/31/2013 3:26:43 PM
  IP-Https             localhost            OK              1/31/2013 3:21:44 PM
  Nat64                localhost            OK              1/31/2013
  3:21:44 PM
  Dns64                localhost            OK              1/31/2013
  3:21:44 PM
  IPsec                localhost            OK              1/31/2013
  3:21:44 PM
  Kerberos             localhost            Disabled        1/31/2013 3:21:44 PM
  Domain Controller    localhost            OK              1/31/2013 3:21:44 PM
  Management Servers   localhost            Disabled        1/31/2013 3:21:44 PM
  Network Location ... localhost            OK              1/31/2013 3:26:43 PM
  Otp                  localhost            Disabled        1/31/2013 3:21:44 PM
  High Availability    localhost            Disabled        1/31/2013 3:21:44 PM
  Isatap               localhost            Disabled        1/31/2013 3:21:44 PM
  Vpn Connectivity     localhost            Dis┌───────────────────────────┐4 PM
  Teredo               localhost            Dis│Enter command number:      │4 PM
  Network Adapters     localhost            OK └───────────────────────────┘4 PM
  Services             localhost            OK              1/31/2013 3:26:43 PM
  PS C:\Windows\system32> ping isatap
  Pinging isatap.isat.com [192.168.1.214] with 32 bytes of data:
  Reply from 192.168.1.214: bytes=32 time=1ms TTL=128
  Reply from 192.168.1.214: bytes=32 time<1ms TTL=128
  Reply from 192.168.1.214: bytes=32 time<1ms TTL=128
  Reply from 192.168.1.214: bytes=32 time<1ms TTL=128

  Hi,
  Thank you for the post.
  As far as I understand, ISATAP is not recommended for use as the IPv6 to IPv4 transition technology in DirectAccess in Windows Server 2012. With ISATAP disabled DirectAccess clients can initiate connections to computers
  on the internal network, and the computers on the internal network are able to respond. However, computers on the internal network will not be able to initiate connections to DirectAccess for purposes of remote client management. If you want to be able to
  remote client management, consider deploying native IPv6 for management servers that will connect to DirectAccess client computers.
  Regards,
  Nick Gu - MSFT

• Direct Access on Windows Server 2012 R2 and IPV6

  I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Hi,
  DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
  However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
  Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
  For detailed information, please view the link below,
  Plan the DirectAccess Infrastructure
  http://technet.microsoft.com/en-us/library/jj574101.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Direct Access 2012 R2 - Problems with Force Tunneling and other questions

  I have just setup a Direct Access 2012 R2 server in my network, 2012 domain and all Windows 8 clients. 
  Internal CA environment (no external CRL) using a public issued cert for IPHTTPS tunnel, 2 interfaces for the DA server, 1 internal and 1 in the DMZ behind a NAT firewall (1 public IPv4 address) and my test clients are connecting fine to internal resources.
  1.  When I enable Force Tunneling the clients no longer are able to access the external internet.  Is there anything I need to add to make this work?
  2.  I am having trouble with our Remote Desktop Session Hosts.  I can only assume it has something to do with the DNS  as we have our AD domain performing internal DNS of the int.contoso.com domain and public DNS performing for the external
  Contoso.com domain (RDWA etc).  DA has only int.contoso.com set as a DNS Name Suffix in the Infrastructure Setup.  Should I add the external contoso.com Name Suffix in there too?
  3.  I have a Kaspersky Security Center server for centralized AV admin, can I still push out AV updates to the clients that connect with DA.  Do I add my KSC server to the Management Servers list in the Infrastructure Server Setup page on the DA
  setup.   Does that list allow those servers to access the DA clients?

  Hi,
  Let's solve problems one by one. Force tunneling. When enabled, all network trafic from DirectAccess clients goes throught IPSEC tunnels. Just configure a proxy on your DirectAccess clients (with a FQDN of course) and your clients should be able to surf
  internet again.
  RDS : Depend. Where are your RDS servers registred internal zone DNS or external DNS zone. If a DirectAccess client cannot resolve a name it does not know if it has to go throught the tunnel. At last can you ping your RDS Server?
  Remote Management : Right. Adding servers in this list allow them to use the IPSEC infrastructure tunnel (computer established tunnel) without users being logged.
  BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

• Windows server 2012 and windows 7 direct access

  I am looking for some decent documentation on how to get direct access in windows 2012 to work with windows 7
  Can anyone point me the right direction?

  Hi, I got success through this
  http://syscomlab.blog.com/2012/09/how-to-get-windows-7-to-work-with-directaccess-server-2012/ and this one
  http://syscomlab.blog.com/2012/09/directaccess-for-windows-server-2012-guide/ but I'm using NLS in a dedicated server (what is fine for me) but the Win7 client doesn't connect to DA (EDGE server) through internet. I'm using a LAB where WS2012 host acts
  as a GATEWAY (using NAT) and for Windows 8 client is working fine but when I try using win7 clients it just doesn't work :(
  Server WS 2012 RTM full patched + Win8 Enterprise RTM full patched + Win7 Enterprise RTM ful patched (including the recommended KBs for DA solution)
  regards,
  Thiago
  Thiago Beier Se foi útil marca como resposta! Don´t forget to mark as answer!

• Purchased Direct Access from iTunes.  I cannot locate the download and I cannot download it a second time.  Any ideas as to where the original download might reside?

  Purchased Direct Access from iTunes. I cannot locate the download and I cannot download it a second time. Any ideas as to where the original download might reside?

  Hi rogerfrommilwaukee, 
  Welcome to the Apple Support Community!
  Previous purchases can be located in the Purchased section of either your iOS device or in iTunes on a computer. The purchases will be available to re-download as long as they are still available in the App Store and you are using the same Apple ID. Please use the attached article as a reference. 
  Download past purchases
  Cheers,
  Joe

• NIC teaming and direct access in windows 2012 server core

  Hello All,
  I have installed windows 2012 r2 server core and i want to implement direct access with nic teaming enabled.
  Has anyone tried this kind of setup? Were they successful in it? Moreover can we configure Direct access when we have NIC teaming configured?
  -Ashish

  Hi There - NIC teaming in both core and gui is a standard feature and there is no reason (and I have used it successfully) why you cannot do so. As always make sure you look at TCP Offload as per UAG / TMG Days to ensure best performance and also Network
  Card Binding Order.
  The link for details is here -
  http://technet.microsoft.com/en-us/library/hh831648.aspx
  Kr
  John Davies

• Direct Access: No Security Associations under Main mode and Quick Mode: No SA

  Could someone please help me with the issue here :'(
  Windows Firewall advanced security--> Monitoring --> Main mode (Empty)
    --> quick Mode (Empty)
  Its been days I am trying to trouble shoot this issue. All the setup seems good. I am not able to figure out this certificate issue.

  Hi Sijin,
  What is the status of this issue ? If you still have issue please confirm the following.
  1) What is the Network Topology?
  2) What is the client OS?
  3) If you have it configured for Windows 7 and 8 both then do you have Client Authentication Certificate in Personal store and Root Certificate from Internal CA present on client machine?
  4) What is the Status of IPHTTPS Interface?
  5) Are you able to Ping Direct Access (DNS Server) IP Address (2002:836b:33:3333::1 from client?
  6) What is the status of below services on the client machine?
  IKE and AuthIP IPsec Keying Modules
  IPSec Policy Agent
  7) Which Windows Firewall profile is enable on DA Server and Client?
  Regards
  Kapil

• Difference between standard dtp and direct access dtp

  Hi,
  Can anybody tell me the difference between standard DTP and Direct access DTP other than Help.sap.com.
  Regards,
  Devi

  simple words.. Standard DTP needs to use for Physical data targets loading.
  Direct Access DTP needs to use for virtual providers. you won't pull data into BI. it will directly retrive from DS while reporting .
  Nagesh Ganisetti.
  Assign points if it helps.