Direct Access on windows 2012 with OTP

Similar Messages

• NIC teaming and direct access in windows 2012 server core

  Hello All,
  I have installed windows 2012 r2 server core and i want to implement direct access with nic teaming enabled.
  Has anyone tried this kind of setup? Were they successful in it? Moreover can we configure Direct access when we have NIC teaming configured?
  -Ashish

  Hi There - NIC teaming in both core and gui is a standard feature and there is no reason (and I have used it successfully) why you cannot do so. As always make sure you look at TCP Offload as per UAG / TMG Days to ensure best performance and also Network
  Card Binding Order.
  The link for details is here -
  http://technet.microsoft.com/en-us/library/hh831648.aspx
  Kr
  John Davies

• Direct Access on Windows Server 2012 R2 and IPV6

  I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Hi,
  DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
  However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
  Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
  For detailed information, please view the link below,
  Plan the DirectAccess Infrastructure
  http://technet.microsoft.com/en-us/library/jj574101.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Direct Access and WIndows Phone 8.1?

  Hi all –
  I am reaching out to the community here because I haven’t been able to find anything concrete. 
  The scenario is that we wish to have links which are sent through an on-prem SharePoint farm resolve on a user’s Windows Phone whilst roaming. 
  The root of the issue is that the client does not have split DNS in place. 
  Therefore when they send a link from the SharePoint site it’s URL is mysite.acme.int, for example, which is not resolvable from outside of the corporate network;
  Acme.com is however.
  We have Direct Access (2012 R2) in place and use Windows Phone 8.1. 
  What I am trying to determine is whether or not we can leverage a DA connection with the Windows Phones in order to attain URL resolution.
  Barring that does anyone have any bright ideas on how to conquer the problem?
  Kind regards and thanks in advance!
  Wren

  Hi Wren,
  Agree with Rmknight. Windows Phone doesn't support DirectAccess at present.
  For detailed information, please refer to the link below:
  https://businessmobilitycenter.microsoft.com/en/webinars/Pages/Webinar-Managing-Enterprise-Content-and-Information-on-Lumia-Windows-Phone-8-1.aspx
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Direct Access and WIndows Phone 8.1 for MySIte Resolution?

  Hi all –
  I am reaching out to the community here because I haven’t been able to find anything concrete. 
  The scenario is that we wish to have links which are sent through an on-prem SharePoint farm resolve on a user’s Windows Phone whilst roaming. 
  The root of the issue is that the client does not have split DNS in place. 
  Therefore when they send a link from the SharePoint site it’s URL is mysite.acme.int, for example, which is not resolvable from outside of the corporate network;
  Acme.com is however.
  We have Direct Access (2012 R2) in place and use Windows Phone 8.1. 
  What I am trying to determine is whether or not we can leverage a DA connection with the Windows Phones in order to attain URL resolution.
  Barring that does anyone have any bright ideas on how to conquer the problem?
  Kind regards and thanks in advance!
  Wren

  Hi Wren,
  For your issue, you can try to configure alternate access mappings with IP address for your MySite Web Application and then you can access your site with IP address.
  As I am not familiar with Windows Phone, you can connect with the Windows Phone support or post threads in Widnwos Phone forums to ask for more information:
  http://answers.microsoft.com/en-us/winphone/forum/wp8?tab=Threads
  Best Regards,
  Eric
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• When using Get Others to Sign i get an access denied window associated with my Adobe ID

  Can someone please help i get an access denied window when trying to send out a form to have signatures added. It seems to be associated to Adobe ID, can someone please point in a direction to fix this.

  Did you create a NEW Apple ID or did you change the email address for your OLD Apple ID? This will affect how you update apps in the future.
  Anyway, go to Settings/iTunes&App Stores, log out, then log in with the new ID.

• CR10 viewer : Error ODBC Access on Windows Vista with multi-JOIN

  Post Author: Stephane
  CA Forum: Data Connectivity and SQL
  Hi all,
  I've got an error using a report in CR10 viewer on Windows Vista + Access 2000 :
  "Echec de l'ouverture d'un jeu de lignes. Détails : 4200:[Microsoft][Pilote ODBC Microsoft Access] Erreur de syntaxe dans la clause FROM."
  wich can be translate :
  "4200:[Microsoft][ODBC Microsoft Access Driver] Syntax error in FROM clause."
  This error only appear on Vista + Access, not on Vista + SQL and not on XP + Access.
  The SQL query of my report (see details below) contains lots of INNER JOIN and 2 LEFT OUTER JOIN. If I replace those 2 LEFT OUTER JOIN by 2 INNER JOIN, the reports displays (but is wrong).
  Somebody knows this problem?
  Thanks in advance for your help.
  Stephane.
  The SQL query below :
  SELECT    TblDataCurrentValue.`ValDtaId`, TblDataCurrentValue.`ValIdShape`, TblDataCurrentValue.`ValOk`, TblDataCurrentValue.`ValMain`, TblDataCurrentValue.`ValIndex`, TblDataCurrentValue.`ValValue`, TblDataCurrentValue.`ValValueId`,    TblDataLinks.`LnkDtaIdPrimary`,    TblDataValues.`ItmValue`, TblDataValues.`ItmColor`,    TblData.`DtaLabel`,    tblGraphs.`GId`, tblGraphs.`GName`, tblGraphs.`GRef`,    TblShapesGraph.`ShTextShape`FROM    ((((`TblDataCurrentValue` TblDataCurrentValue LEFT OUTER JOIN `TblDataValues` TblDataValues ON        TblDataCurrentValue.`ValValueId` = TblDataValues.`ItmId` AND    TblDataCurrentValue.`ValDtaId` = TblDataValues.`ItmDtaId`)     INNER JOIN `TblData` TblData ON        TblDataCurrentValue.`ValDtaId` = TblData.`DtaId`)     INNER JOIN `tblGraphs` tblGraphs ON        TblDataCurrentValue.`ValIdGraph` = tblGraphs.`GId`)     INNER JOIN `TblShapesGraph` TblShapesGraph ON        TblDataCurrentValue.`ValIdShape` = TblShapesGraph.`ShIdShape`)     LEFT OUTER JOIN `TblDataLinks` TblDataLinks ON        TblDataCurrentValue.`ValDtaId` = TblDataLinks.`LnkDtaId`WHERE    TblDataCurrentValue.`ValOk` <> 0ORDER BY    tblGraphs.`GId` ASC,    TblDataCurrentValue.`ValIdShape` ASC

  Moving back to the 10_2 instant client works. Not certain why there is an issue with the 11_2 client.

• SAP HA Installation - Windows 2012 with Sybase

  Dear All,
  I have just started the SAP HA Installation with Sybase Database on Sybase, but I am facing an issue in the First Cluster node installation.
  First Cluster Node( Last error reported by the step: Windows system error message: 5942. Message: 'The resource failed to come online due to the failure of one or more provider resources. '.). You can now:
  Cluster Even Logs -
  Cluster network name resource 'SAP SBP NetName' failed to create its associated computer object in domain '***-co.com' during: Resource online.
  The text for the associated error code is: Access is denied.
  Please work with your domain administrator to ensure that:
  - The cluster identity '***-PRD$' has Create Computer Objects permissions. By default all computer objects are created in the same container as the cluster identity '***-PRD$'.
  - The quota for computer objects has not been reached.
  - If there is an existing computer object, verify the Cluster Identity '***-PRD$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

  Dear All,
  I have just started the SAP HA Installation with Sybase Database on Sybase, but I am facing an issue in the First Cluster node installation.
  First Cluster Node( Last error reported by the step: Windows system error message: 5942. Message: 'The resource failed to come online due to the failure of one or more provider resources. '.). You can now:
  Cluster Even Logs -
  Cluster network name resource 'SAP SBP NetName' failed to create its associated computer object in domain '***-co.com' during: Resource online.
  The text for the associated error code is: Access is denied.
  Please work with your domain administrator to ensure that:
  - The cluster identity '***-PRD$' has Create Computer Objects permissions. By default all computer objects are created in the same container as the cluster identity '***-PRD$'.
  - The quota for computer objects has not been reached.
  - If there is an existing computer object, verify the Cluster Identity '***-PRD$' has 'Full Control' permission to that computer object using the Active Directory Users and Computers tool.

• Windows server 2012 and windows 7 direct access

  I am looking for some decent documentation on how to get direct access in windows 2012 to work with windows 7
  Can anyone point me the right direction?

  Hi, I got success through this
  http://syscomlab.blog.com/2012/09/how-to-get-windows-7-to-work-with-directaccess-server-2012/ and this one
  http://syscomlab.blog.com/2012/09/directaccess-for-windows-server-2012-guide/ but I'm using NLS in a dedicated server (what is fine for me) but the Win7 client doesn't connect to DA (EDGE server) through internet. I'm using a LAB where WS2012 host acts
  as a GATEWAY (using NAT) and for Windows 8 client is working fine but when I try using win7 clients it just doesn't work :(
  Server WS 2012 RTM full patched + Win8 Enterprise RTM full patched + Win7 Enterprise RTM ful patched (including the recommended KBs for DA solution)
  regards,
  Thiago
  Thiago Beier Se foi útil marca como resposta! Don´t forget to mark as answer!

• Possible to convert a Direct Access server?

  Is it possible to convert a Direct Access server ( Windows 2012 server) residing in ESX 5.1 to a Hyper V version ( Windows 2012 R2 Datacenter) by a "normal" conversion process?  The optimal result is that all the configuration of the Direct
  access part is transferred correctly.
  Thanks.

  hey .. funny how expert opinions vary ... i have a handfull of IT and software RAID experts who disagree with you ... in my case, i'd rather get rid of it ... ( however i still have to find a solution to clone my boot drive that works flawlessly with all my software ... )
  anyways ... how exactly do i go about splitting the RAID, to make sure i don't mess it up ....
  1. restart from CD
  2. Delete the mirrored RAID set
  3. remove one of the HDs with the raid slice on it (i'll keep it as a backup 4 the moment just in case)
  4. restart from the remaining slice disc
  5. ... ?
  do i need to do anything specific ... ? what about the name of the Volume .. for the moment my startup disk (the RAID) is called 'BootRAID' ... the slices are called 'RAID Slice (disk0s2)' and 'RAID Slice (disk1s2)' .. in order for everything to work properly, don't i have to rename the new startup disk ?
  i'm scared ...
  here's a screenshot of my setup: http://kinkajou.net/diskUtility_RAID.jpg
  <Edited by Moderator>

• Direct Access: DNS error on Operations Status (DNS server not responding)

  Hi!
  I am testing Direct Access on Windows 2012 R2 Standard. So far I have deployed the Remote Access role to our server "ABC-DA1". I have completed the configuration wizard for a Single NIC deployment and defined a FQDN as the "public name"
  (da.domain.com).
  After completing the wizard I go to the the Operations Status page and find the an error telling me one of the DNS servers is unavailable. The mentioned server is no longer operational as it was running on an old Win2k8R2 DC server that was demoted. 
  Is there a way to remove the reference to the old server? I have 3 new DNS servers running on the new Domain Controllers but it seems like the old DC did not completely remove itself.
  Below is a screenshot of the operations status.
  Thank you for your help :)

  Hi,
  Please go to the Name Resolution Policy and check if you can change the DNS server there.
  Computer Configuration -> Policies -> Windows Settings -> Name Resolution Policy
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• LAN side firewall settings for Direct Access (Windows Server 2012 R2) in DMZ?

  I am currently planning to set up our first Direct Access server (Windows Server 2012 R2). I will be in our firewall DMZ and we will be using the IP-HTTPS listener.
  For the Internet facing rule only TCP 443 inbound/outbound is sufficient but for the LAN facing rules (not talking about the Windows server firewall) what would be the recommended firewall rules for a Direct Access server? Is there a best practice guideline
  to follow for this? Appreciate any advice or comments. Thank you.

  Hi Barkley
  Please see this Technet Link which will backup your requirements - https://technet.microsoft.com/en-gb/library/jj574101.aspx
  Section Reads - 
  When using additional firewalls, apply the following internal network firewall exceptions for Remote Access traffic:
  ISATAP—Protocol 41 inbound and outbound
  TCP/UDP for all IPv4/IPv6 traffic
  Also another link from http://www.ironnetworks.com/blog/directaccess-network-deployment-scenarios#.VO3tfvmsVrU
  "I have had a number of conversations with security administrators and network architects who have expressed a desire to place the DirectAccess server between two firewalls (firewall sandwich) in order to explicitly control access from the DirectAccess
  server to the internal corporate network. While at first this may sound like a sensible solution, it is often quite problematic and, in my opinion, does little to improve the overall security of the solution. Restricting network access from the DirectAccess
  server to the internal LAN requires so many ports to be opened on the inside firewall that the benefit of having the firewall is greatly diminished. Placing the DirectAccess server’s internal network interface on the LAN unrestricted is the best configuration
  in terms of supportability and provides the best user experience."
  Kindest Regards
  John Davies
  Thank for your reply and information John. I find it somewhat disappointing that Microsoft does not provide much more in the way of documentation and information regarding this topic. I required more information to show to our security team so they will allow
  us to have the internal facing NIC not have more restrictive rules in place as it is a security concern.

• Windows Server Direct Access Deployment

  Dear Sir,
  Trying to deploy Direct Access on windows server 2008r2 please can some one give me direction on how to make perfect deployment or a webcast Thanks..

  Hi,
  You also can following the following KB and TechNet Video.
  TechNet Video:
  Configuring and Implementing DirectAccess with Windows Server 2012
  http://technet.microsoft.com/en-us/video/tdbe13-configuring-and-implementing-directaccess-with-windows-server-2012.aspx
  Deploy KB:
  Implementing Your DirectAccess Design Plan
  http://technet.microsoft.com/en-us/library/ee649219(v=ws.10).aspx
  DirectAccess for Windows Server 2008 R2
  http://technet.microsoft.com/en-us/library/dd758757(v=ws.10).aspx
  DirectAccess Deployment Guide
  http://technet.microsoft.com/en-us/library/ee649163(v=ws.10).aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Direct Access has no internet access

  Hi all,
  Hopefully some can help me with this issue that I have been struggling with for about a week now.
  I'm new to Direct Access so please bear with me
  I've setup a Server 2012 box and installed the Direct Access role.  The server is behind en edge device with 1 NIC.
  I've configured it and can connect up Windows 8.1 tablets successfully, both on the internal network and when connected externally.
  The problem I have is with internet access when they are connected externally and I've tried with Force Tunneling enabled and disabled (ideally for security reasons I'd like it enabled).
  We use a proxy server configured with a wpad file hosted on Server 2003.  This is published via DNS.
  Internet Explorer is configured to Auto Detect Internet Settings
  I can connect to any of our internally hosted websites, and also strangely enough, our main publically accessible web site.
  If I don't have Force Tunneling enabled then I get the following behavior
  I can't use Internet Explorer to connect to any public websites though (google.com, yellowpages.com, etc).
  I can connect to any website that has the same domain suffix as our domain
  I can use Firefox and connect to external websites if I say 'Direct Connection to Internet' or 'Use System Settings'
  If I use Force Tunneling then I get the following behavior:
  The network connection says it is 'limited' and the Direct Access connection says it has 'No Internet Access'
  I can't use Internet Explorer to connect to any public websites though (google.com, yellowpages.com, etc).
  I can connect to any website that has the same domain suffix as our domain
  I can't use Firefox and connect to external websites
  Does anyone know why this would be the case?
  Thanks

  Thanks for the responses, I managed to get this working by unticking the 'Auto Detect Settings' and manually entering the proxy server and port under the 'Proxy Settings' option
  It means that it doesn't read my wpad file but I can manage this way still through GP.
  Another problem that I've just encountered for no reason that I can see is this.
  I'm connected to my Domain, I pull the LAN cable and then it auto connects me to my wireless network.  It used to auto connect me to my Direct Access server but it doesn't anymore, it just says connecting.  If I reboot the tablet while on the wireless
  LAN and then log on with my Domain Credentials it'll connect me through to the Direct Access server.
  Why would it need a reboot?  Why has it stopped connecting straight away after detecting I'm no longer on the domain?

• Multiple owa sites on a single server 2012 with exchange 2013 (mailbox, cas)

  hi,
  I'm trying to
  set up an exchange server 2013 on windows 2012 with all roles installed for 2 owa virtual directory, one for integrated windows authentication and the other for forms-based authentication.
  I followed a tutorial for exchange 2010.
  http://technicaljeditrials.info/2011/02/28/exchange-2010-multiple-owaecp-directories-part-1/
  Step 1: IP Address
  Obtain a second IP address and add it to the NIC of your server.
  Step 2: DNS
  Add a DNS entry for That secondary IP address for the name we will want to use in the new FBA OWA Web site.
  I have chosen "testwebmail."
  Be sure there is a valid SSL certificate (recommended to have UC or SAN
  SSL certs) on the server Which has the new name "testwebmail" that will be used in the certificate.
  Step 3: New Web Site
  Create a new web site in IIS on the Client Access Server and bind it to the new IP address used in step 1.
  Step 4: Adding Exchange Virtual Directories
  The web site has been created and bound to the secondary IP address of our server.
  Also the DNS record That will be used to access the OWA FBA new page was added to DNS.
  The next step is to go into EMS and begin adding our virtual directories for OWA and ECP.
  Login to the Exchange server and open the Exchange Management Shell.
  Then run Get-Get-OWAVirtualDirectory and ECPVirtualDirectory to see the default OWA and ECP directories.
  New-OWAVirtualDirectory -WebSiteName FBA -InternalUrl https://testwebmail.mylab.ad/owa
  New-ECPVirtualDirectory -WebSiteName FBA -InternalUrl https://testwebmail.mylab.ad/ecp
  Step 5: Configure the Virtual Directories
  To configure the virtual directories we will disable FBA on the Default Web Site OWA and ECP virtual directories
  Set-OWAVirtualDirectory -Identity "OWA (Default Web Site)" -WindowsAuthentication
  $true -BasicAuthentication $false  -FormsBasedAuthentication $false
  Set-ECPVirtualDirectory -Identity "ECP (Default Web Site)"
  -WindowsAuthentication $true -BasicAuthentication $false  -FormsBasedAuthentication
  $false
  Step 6: iisreset
  now if I access the default site I log in with
  windows integrated authentication, but when I try to access the second site with forms authentication tells me username or password incorrect
  Tell me you know where I'm wrong?
  thanks
  Greetings
  Daniele

  Hello,
  Something like this:
  New-OWAVirtualDirectory -WebSiteName "FBA"
  Enable the Basic authentication via running the following command:
  Set-OWAVirtualDirectory -Identity "yourservername\owa (FBA)" -BasicAuthentication $true
  Restart the IIS admin service in services.msc
  Thanks,
  Simon Wu
  TechNet Community Support