Intermittent loss of UNC path access on Windows Server 2012

Hi All,
I hope someone can help with a major headache we've been having on two Windows Server 2012 boxes since September this year. Basically, these servers will intermittently lose the ability to browse network shares from windows explorer and the only way we have
found to resolve this is to reboot. When the issue happens, we can't even log into the server as it sits at 'applying user settings' - presumably as it is failing to access the netlogon share on our DCs. If we have an active RDP session when the issue occurs,
we can connect. In this instance we see that if you enter a UNC path in Windows explorer and hit enter, nothing happens - no error messages or anything. The only way I can get any response is when trying to access the IPC$ share on another server, which gives
the following response:
\\server\ipc$ is not accessible. You might not have permission to use this resource, Contact the administrator of this server to find out if you have access permissions.
The parameter is incorrect.
Everything looks right from a physical network perspective, as we can ping from the affected servers and DNS queries are working fine. I can even run net view from powershell and see the local servers and shares on these, however any attempt to access shares
just hangs the powershell session.
If I look in the SMBClient event logs, I can see entries like the following:
Event ID 30805
The client lost its session to the server.
Error: The transport connection is now disconnected.
This is made worse by the fact that when this issue happens, we can't even cleanly reboot the server (it just hangs) and have to perform a cold boot.
The firewall has been turned off and we have taken off our antivirus software to eliminate it as a possible cause. We have even rebuilt one of these servers on a clean install of 2012 R2, but the issue re-appeared. We have also tried using different NIC
drivers (Broadcom NICs installed) to no avail. We have also tried disabling IPv6.
We have logged a ticket with Microsoft support, who have come back telling us that this could be related to a known bug with DFS in 2012 for which a fix is being tested prior to release in a few weeks. However, I can't sit around on my hands until then on
the off chance that this fix will resolve our problem. These servers are hosting our production Lync 2013 front end service and when this issue occurs it breaks the address book search and response group services, so this issue is of critical importance for
us to get resolved asap.
Any help on this would be greatly appreciated.

Hi,
That's right, if you hit enter absolutely nothing happens, no error messages. It makes no difference if I try name or IP address - even trying \\localhost doesn't work. A few minutes later after trying, an entry appears in the SMBClient event logs as mentioned
in my original post. To me it looks like something deep within the networking operations of the OS is randomly breaking. Also, if I try to browse the network from Windows explorer, it just hangs. When I try to restart the workstation service, it just gets
permanently stuck in a stopping state and the server has to be cold booted. Once it boots up, everything is working fine again....until the next time. There is absolutely nothing appearing in the application or system event logs indicating the root cause.
I've checked and DNS resolution is working OK and I can telnet to other hosts on all the required ports.
I had originally thought it might be related to the Broadcom NICs as we've had issues with them in the past, but we switched over to use the 2012 inbox driver for them and the same issue happens. I should also mention that one server is a blade and the other
a rackmount box. Dell support have run full diagnostics on both and have come up clean, so it doesn't appear to be a hardware issue. The even more baffling thing is that we have a third server with identical spec and config that does not have the problem.
The only difference with this third server is that it is not part of a Lync pool pairing using DFS and sits in a remote location on a different LAN.
I had thought of trying to drop back to use SMB1 by disabling SMB2 and 3, but I'm not sure if this would adversely affect any other services.
This one really has me stumped.

Similar Messages

Remote access for Windows Server 2012

Hello there,
I have a dedicated Windows Server 2012 server, and I need remote access from a PC from a Mac OS X simultaneously.
Today, I use Remote Desktop Connection on the Mac and TeamViewer on your PC.
The problem is that the PC loses connection when Remote Desktop Connection is closed!
What is the solution for either the PC or the Mac or the two at the same time to access the server desktop?
Is there a setting that allows TeamViewer this?
Should I use or purchase additional software? if so, which one?
In short, what is the best solution to this problem?
Thank you!

We use RDP through VPN, so there is no forwarding ports, it is as if we are on the same network. This way, you do not have to worry about hackers, as you are in a secure VPN.
Are you doing this from a different office, from home, from a computer in the next room on the same network? What level of remote access are you looking at?
RealVNC is a good solution, but again, if you are outside the network, you will either need to go through a VPN to keep it secure, or open ports on the firewall. RDP will give you the ability to have two concurrent users (although with different usernames)
logged on at once. The limitation of only one user is a session limit on the computer itself, if one person is logged in as administrator, if someone else tries to RDP and log in as administrator, they will take over the session. This is
the same with other solutions. RealVNC is using a console session, so if another person uses VNC, they will see the already open console session, and possibly take over the others VNC session.

How to RDP access my Windows server 2012 system with Windows 7 system

In the VMWARE workstation, I have a " Windows server 2012" & " WIndows 7" OS deployed. I am not able to RDP the " Windows server 2012" from "Windows 7" system even though i have performed the below step.
1. Enabled the " Allow Remote Connections to this comptuter " in windows server 2012
2. Disabled the firewall in Windows server 2012.
Can someone advice me on the below.
1. How to RDP my windows server 2012 from my Windows 7 with " Firewall disabled" & "Firewall Enabled" conditions

Hi,
Just make sure that the firewall is disabled in all three profiles Domain/Private/Public.
Create a incoming UDP rule on firewall to allow port 3389 and give a try.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/b1ec4602-7120-4660-a1ba-e05289a479cf/windows-2012-r2-firewall-blocking-remote-desktop?forum=winserverTS
Regards,
Rafic
If you found this post helpful, please give it a "Helpful" vote.
If it answered your question, remember to mark it as an "Answer".
This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Direct Access on Windows Server 2012 R2 and IPV6

I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

Hi,
DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
For detailed information, please view the link below,
Plan the DirectAccess Infrastructure
http://technet.microsoft.com/en-us/library/jj574101.aspx
Hope this helps.
Steven Lee
TechNet Community Support

What is the best practice to connect 2 sites and replicate ADDS between 2 different sites using windows server 2012 r2?

I found that there is new features remote access inside windows server 2012 r2 which is much more easier. Is there anybody can suggest me how to connect 2 different sites and it will be the tunnel to replicate ADDS (RW) between both sites.

See this
https://social.technet.microsoft.com/Forums/windowsserver/en-US/133e7780-6a59-4bd7-906b-70830bea48d0/sites-connections-best-practice?forum=winserverDS
Regards,
Biswajit
MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
Blog:
Script Gallary:
LinkedIn:
Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

Windows Server 2012 - Printing using UNC path not working

Hi,
I have a problem printing using the printer's UNC path ("\\Server_Name\Printer_Hostname") to work with a web
app hosted on IIS 8. With a windows forms application the UNC path is working fine and the app prints.
With
the web app I receive an error "The data area passed to a system call is tool small".
Also,
in the event viewer under Applications and Services Logs -> Microsoft -> PrintService -> Operational, I receive the error "The print spooler failed to reopen an existing printer connection because it could not read the configuration information
from the registry key S-1-5-82-1980832875-2702362896-1795126167-3622310632-1152289074\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable."

I have contacted IIS forum support.
Please review the link: http://forums.iis.net/p/1213109/2079229.aspx?Re+Windows+Server+2012+Printing+using+UNC+path+not+working
Their final response:
Printing from ASP.NET using System.Drawing.Printing itself is a horrible approach, as this namespace was designed for Windows Forms only. The designers did not take everything about ASP.NET in mind, so any issue can happen. That can answer why the HP model
works while the Samsung fails, as the HP one just "happens
to work",
http://msdn.microsoft.com/en-us/library/system.drawing.printing.printdocument.aspx
Similarly, System.Printing was designed just for WPF.
About which printing API to use in ASP.NET/IIS, there is no clear answer so far. Thus, your only resource is Microsoft support, who can perform further analysis (with their dedicate utilities and of course Windows source code) and might come across a solution
to help you out. This is not a trivial scenario.

I can't access folder share in WIndows Server 2012 R2 from windows 8.1

i have a strange case:
I have a Windows Server 2012 R2 machine with a shared folder. Accessing this folder using a Win7, Win8,
Win 2008 R2 machine using \\servername works fine but form windows 8.1 or windows
2012 r2 i can't so any one can help me.

Hi,
Would you please let me know the complete error message that you can find, when can’t access to the share folder
that host in the Windows Server 2012 R2?
If you logon the Windows 8.1 (or server 2012 r2) with administrator account, will encounter the same issue?
Meanwhile, please access the share folder via \\server’s IP address\share folder. Then please check if this issue still persists.
In addition, there is a similar thread. Please refer to and check if can help you.
Can't
access UNC share on Windows Server 2012 R2
Hope this helps.
Best regards,
Justin Gu

How do I change the URL to the Remote Web Access server in Windows Server 2012?

Hallo!
I have set up a Remote Dexktop Service using the "Quick" deployment method in Server Manager and everything is working greate internally, but I cannot start an app published in Remote Web Access from outside our network.
The problem is that it wants to start the using the internal URL, for example, server.domain.local, instead of the external one, for example remote.server.com.
I therefore want to know how I can change the default URL for the Remote Web Access server and all the Remote Web Apps in Windows Server 2012?
I have allready looked in Server Manager and I can change some of the deployment settings in server manager, but there is no way to alter the URL of the Remote Web Access server. See below images:
Pressing the internal URL only results in opening the internal URL.
This was very simple to do in Windows Server 2008 R2 using the tsconfig tool, but it does not seam to be any way of solving this in server manager.
A possible sollution would be to alter the registry someware in HKLM->Software->Microsoft->Windows NT->Terminal Services. But this can easaly lead to problems due to wrong format, etc. and is probably not supported.
Is there a simpler and supported way?

That option can be used to connect to any machine that you want. The error message indicates that the client machine cannot resolve the name "server.domain.local" to an IP address that it can connect to.
You have several options for configuring that tab on the RDweb site. You can even remove it entirely.
Customization of RD Web Site
RD Web provides a number of customization options for the RD Web interface, including the ability to control default Gateway server settings and redirection settings. These settings
are controlled by editing the web.config file located in %SYSTEMROOT%\Web\RDWeb\Pages.
Displaying Local Help
To display local help for users instead of the web-based help, edit the LocalHelp value and change the value from false to true.

<add key="LocalHelp" value="false" />
When this value is changed, a user that clicks on Help in the upper right corner of the RD Web login page will open the local help file instead of web-based help.
Hiding the Connect to a Remote PC Tab
The RDWeb page
Connect to a Remote PC tab can be hidden from users to prevent connections to any servers through RD Web other than the servers configured in a collection. By default, this setting is set to true and the
Remote Desktops tab is displayed. To hide the tab, set the value to false.

<add key="ShowDesktops" value="true" />
When the value is set to false, a user will not see the Connect to a Remote PC tab when logged on to the RD Web page
RD Gateway Settings
If the Connect to a Remote PC tab is enabled, an administrator can configure RD Web to use a Gateway server when connecting to remote computers. To specify a gateway, edit the below
value with the name of the RD Gateway server:

<add key="DefaultTSGateway" value="" />
The default authentication method for the RD Gateway server can also be configured by editing the following section of the web.config:

<add key="GatewayCredentialsSource" value="0" />
Devices and Resources
By default, only Printers and Clipboard are redirected on connections made using the Connect to a Remote PC tab. If the user clicks the
Options << button, the redirection settings for a specific connection can be modified
To configure each specified redirection option to be enabled or disabled by default, edit the following section in the web.config file:

<add key="xPrinterRedirection" value="true" />
<add key="xClipboard" value="true" />
<add key="xDriveRedirection" value="false" />
<add key="xPnPRedirection" value="false" />
<add key="xPortRedirection" value="false" />
LAN Experience Defaults
Windows Server 2012 RD Web Access can display a new user selectable option for optimizing the connection for a LAN experience. This option is displayed at the bottom of the RD Web
page and can be controlled by the administrator using the following section of the web.config file:

<add key="ShowOptimizeExperience" value="false" />
<add key="OptimizeExperienceState" value="false" />
This value is set to false by default, but when changed to true, the following checkbox will display at the bottom of the webpage. The LAN experience
checkbox can also be set as enabled by default.
Each setting can also be modified using the IIS Manager user interface:
Don Geddes - SR Support Escalation Engineer - Remote Desktop Services - Printing and Imaging

Access Database (.mdb) on Windows Server 2012 R2 Essentials

Hi guys, thanks for your time!
SCENARIO:
- Windows Server 2012 R2 Essentials
- Windows 7 Ultimate Clients (3 clients)
- VB6 application on clients using a MS Database (.mdb) hosted on the server.
- Clients access the database (.mdb) via a mapped network drive (K:).
PROBLEM:
- Microsoft Database (.mdb) on server gets corrupted frequently.
- Clients don't "flush their changes" back to the database: database was not updated.
WORKAROUND:
- Database was moved from the server to one of the Windows 7 clients.
- Application is running OK.
CONFIGURATION:
- Permissions are correct: network and NTFS.
- No faulty network hardware: switch, cabling, NICs.
- Computers and Server hardware is new.
- UPS are used everywhere.
SOME LINKS:
SMB 3.0
- Opportunistic Locking and Read Caching on Microsoft Windows Networks.
- Windows 7 cannot
open the shared MS Access database if it's opened by another user
- Initializing the
Microsoft Jet 4.0 Database Engine Driver
- Moved to
Server 2012 getting Access Database Corruption
Oplocks
- Configuring
opportunistic locking in Windows
- Understanding
offline files
- How to
enable and disable SMBv1, SMBv2, and SMBv3
- Is it possible to
monitor and log actual queries against an Access MDB?
Now, server is useless if it is not hosting our database. Any ideas, please? Do I need to diagnose using Wireshark? Or using Sysinternals Process Monitor? I think that is a waste of time.
Thank you!

Thanks for your reply.
Software is from a 3rd party provider. It currently supports concurrency. It was deployed on Windows XP. SQL Server would be a nice upgrade, however that is
not an option.
Something has changed with newer versions of Windows. That is what I am going to study in a lab I prepared with a real server and some clients.
File-sharing databases (Microsoft JET databases) are very old technology even before I was a college student. However, I have been very busy researching this technology.
It was made for multi-user environments. It is highly tied to file sharing services from Windows: SMB protocol.
Windows XP, Vista, 7 and 8 use different versions of this protocol. I think that is the root of the problem. With old technology, application was running fine.
With new technology, application is troublesome. I will check several things: JET drivers vs. ACE drivers, SMB tweaks, etc.
UPDATE:
Basically, there are 4 general answers to this issue:
1) Migrate your Access Database to SQL Server Express (or another RDBMS engine).
2) @Server: disable SMB 2.0/3.0 protocol stack by powershell command. Network speed decreases.
3) @Clients: disable client redirector caches by using regedit.
4) @Server: disable the leasing on the file server.
5) @Server: tuning Broadcom NIC parameters.
References:
- https://technet.microsoft.com/en-us/library/ff686200(WS.10).aspx
- https://msdn.microsoft.com/en-us/library/windows/desktop/aa365433(v=vs.85).aspx
- http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_28482197.html
- http://tipsntricks.sherr.co.uk/stop-smb-corrupting-files/
- http://www.dataaccess.com/whitepapers/opportunlockingreadcaching.html
- https://social.technet.microsoft.com/forums/windowsserver/en-US/67baa9fd-5eaf-438e-9cc4-dc1a531b9e19/disabling-oplocksmb2-vs-fileinfocachelifetime
- https://social.technet.microsoft.com/Forums/windowsserver/en-US/7336d31b-6c24-468a-9c47-750244ae3a8c/moved-to-server-2012-getting-access-database-corruption
- https://social.technet.microsoft.com/Forums/en-US/e9567167-22db-4b8c-9f96-a08b97d507f9/server-2012-r2-file-server-stops-responding-to-smb-connections
- http://support2.microsoft.com/kb/2957623
- http://support2.microsoft.com/kb/2899011
- http://support2.microsoft.com/kb/2955164
- https://social.technet.microsoft.com/Forums/en-US/7bd0aa5b-eb95-40a8-a56d-c6013273665c/extremely-slow-smb-network-speed-server-2012-r2?forum=winserver8gen

Windows server 2012 and windows xp remote desktop connection loss

I am having this problem for a month now, and i am stumped with trying to find an answer . I have talked with several network admins in my area and with no luck i have not found a solution. I have a windows server 2012 placed with 5 pcs that are connected
on a local network , those 5 pc's connect to the server via remote desktop. List of pc's:
1x Windows 7
4x Windows XP SP3
All have the latests network drivers, all have the latest version of remote desktop installed. All have been scanned for viruses. All have antivirus software.
Problem is the 4 XP machines lose connection on when connected via remote desktop. If one starts losing connection the other 3 start to lose the connection aswell. The windows 7 machine is not affected by this it works fine.
What have I tried:
Scanning for viruses.
Disabling Firewall and antivirus software.
Updating all drivers.
Did many changes to group policy like keepalives etc.
Turning off SMBv2 SMBv3.
Turning off network adapter Offload settings.
Changed some registry settings like keepalive, smb etc.
Updating every pc and server with all windows updates.
Changed the router and switch.
Port forwarded needed ports like 3389.
Updating remote desktop to 7.0.
I might be forgetting some stuff i will add as i remember anything.
So the thing is this. I use a Windows XP machine from my office I remotely connect to the server via the Internet and I DO NOT experience any connection loss. BUT the XP machines on the local network constantly experience connection loss via remote desktop.
I pinged every Machine from the server via CMD command PING. So when they lose connection the Packets get time outs . Packets get dropped between 1-10 packets when a connection is lost. This packet drop does not occur when using the internet or anything else.
ONLY when connected to the server via remote desktop. The packets get dropped at random intervals.
Problem is I use an XP machine and I am not experiencing any loss of connection , while the XP machines on the local network experience it , but not the windows 7 machine.
Router is ASUS RT-N53 , and switch is Dlink DES-1008D. Server is a Dell PowerEdge T110 II.
Can someone please tell me what can i do to solve this problem?

So today got some word from their office. They were using RDP from 8AM until 12PM all was working fine. Then got back after lunch about 1PM and got a few connection lost errors when they tried using RDP again. Its weird since they didn't have disconnects
in the morning, and started having them after lunch.
Also noticed, that two pc were not using RDP and were disconnected as shown in task manager. And they still got request timeouts.
Maybe this is not a remote desktop issue?
TASK MANAGER
The 2 disconnected pc's ping screens:

Exchange Server 2013 and Remote Access VPN on a single server running Windows Server 2012?

Just by way of background, I have been installing and administering network servers, e-mail systems, VPN servers, and the like for many years. However, my involvement with Exchange and Windows Server has been mostly on the forensics and data recovery
level, or as a (sophisticated) user. I have never tried to deploy either from scratch before. My deployment experiences have been mostly with Linux in recent years, and with small private or personal "servers" running such cutting edge
software as Windows XP back when it was new. And even NetWare once.
When a client asked me if I could set up a server for his business, running Exchange Server (since they really want Outlook with all of its bells and whistles to work, particularly calendars) and providing VPN access for a shared file store, I figured it
could not be too difficult given that its a small business, with only a few users, and nothing sophisticated in the way of requirements. For reasons that don't bear explaining here, he was not willing to use a vendor hosting Exchange services or cloud
storage. There is no internal network behind the server; it is intended to be a stand-alone server, hanging off a static IP address on the Internet, providing the entirely mobile work-force of about 10 people with Exchange-hosted e-mail for their computers
and phones, a secure file store, and not much else. If Exchange didn't need it, I would not need to install Active Directory, for example. We have no direct need for its services.
So I did the research and it appears, more by implication than outright assertion, that I should be able to run Windows Server 2012 with Exchange Server 2013 on a server that also hosts Remote Access (VPN only) and does nothing else. And it appears
I ought to be able to do it without virtualizing any of it. However, I have spent the last three or four days fighting one mysterious issue after another. I had Remote Access VPN working and fairly stable very quickly (although it takes a very
long time to become available after the server boots), and it has mostly remained reliable throughout although at times while installing Exchange it seems to have dropped out on me. But I've always been able to get it back after scrounging through the
logs to find out what is bothering it. I have occasionally, for a few minutes at a time, had Exchange Server willing to do everything it should do (although not always everything at the same time). At one point I even received a number of e-mails
on my BlackBerry that had been sent to my test account on the Exchange Server, and was able to send an e-mail from my BlackBerry to an outside account.
But then Exchange Server just stopped. There are messages stuck in the queues, among other issues, but the Exchange Administration Center refuses now to display anything (after I enter my Administrator password, I just get a blank screen, whether on
the server or remotely).
So, I am trying to avoid bothering all of you any more than I have to, but let me just begin with the basic question posed in the title: Can I run Exchange Server (and therefore Active Directory and all of its components) and Remote Access (VPN only) on
a single Windows Server 2012 server? And if so, do I have to run virtual machines (which will require adding more memory to the server, since I did not plan for it when I purchased it)? If it can be done, can anyone provide any pointers on what
the pitfalls are that may be causing my problems? I am happy to provide whatever additional information anyone might like to help figure it out.
Thanks!

An old thread but I ran into this issue and thought I share my solution since I ran into the same issue. Configuring VPN removes the HTTPS 443 binding on the Default Site in IIS for some strange reason; just go and editing the bindings, add HTTPS and things
should be back to normal.

REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER

I am using a window 7 professional service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but the seller did not send me any installation CD or instruction
on how to use it.
Please how can I use it on my window 7 professional service pack 1.
Thank you.

Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server. I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008.
http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
Here is a lab guide for 2012 -
http://technet.microsoft.com/en-us/library/jj134160.aspx
But, the explanation of your environment begs the question - what are you trying to do? You say you have a desktop OS and you are talking about Windows Server products. In that light, your question does not make a lot of sense.
. : | : . : | : . tim

Windows server 2012 and windows 7 direct access

I am looking for some decent documentation on how to get direct access in windows 2012 to work with windows 7
Can anyone point me the right direction?

Hi, I got success through this
http://syscomlab.blog.com/2012/09/how-to-get-windows-7-to-work-with-directaccess-server-2012/ and this one
http://syscomlab.blog.com/2012/09/directaccess-for-windows-server-2012-guide/ but I'm using NLS in a dedicated server (what is fine for me) but the Win7 client doesn't connect to DA (EDGE server) through internet. I'm using a LAB where WS2012 host acts
as a GATEWAY (using NAT) and for Windows 8 client is working fine but when I try using win7 clients it just doesn't work :(
Server WS 2012 RTM full patched + Win8 Enterprise RTM full patched + Win7 Enterprise RTM ful patched (including the recommended KBs for DA solution)
regards,
Thiago
Thiago Beier Se foi útil marca como resposta! Don´t forget to mark as answer!

How do I install user client access licence on Windows Server 2012

I have recently setup a Windows Server 2012 Std. I have not configured any roles yet. The server licence has been installed and activated successfully. How do I get my Windows Server CAL 2012 ( tracking ID is 15 digits) onto the server. I have google
but did not get the correct result. The closest I found was
http://technet.microsoft.com/en-us/library/cc540509(v=ws.10).aspx.
I am not too familiar with the Server 2012 display so I am not certain if I am missing something. If the CALs are not captured on the server, will this restrict user access to the 2012 server?
I thank you in advance for your assistance.

Hi,
I’m glad to hear that you have found the thread as reference. As DonPick mentioned, since these are Windows Server CALs, there is no activation nor input of any kind needed. You bought the
CALs, you have the paper, you are now licensed, there is no configuration step necessary. If there is anything else I can do for you, please do not hesitate to let me know. I will be very happy to help.
Best Regards,
Andy Qi
Andy Qi
TechNet Community Support

LAN side firewall settings for Direct Access (Windows Server 2012 R2) in DMZ?

I am currently planning to set up our first Direct Access server (Windows Server 2012 R2). I will be in our firewall DMZ and we will be using the IP-HTTPS listener.
For the Internet facing rule only TCP 443 inbound/outbound is sufficient but for the LAN facing rules (not talking about the Windows server firewall) what would be the recommended firewall rules for a Direct Access server? Is there a best practice guideline
to follow for this? Appreciate any advice or comments. Thank you.

Hi Barkley
Please see this Technet Link which will backup your requirements - https://technet.microsoft.com/en-gb/library/jj574101.aspx
Section Reads -
When using additional firewalls, apply the following internal network firewall exceptions for Remote Access traffic:
ISATAP—Protocol 41 inbound and outbound
TCP/UDP for all IPv4/IPv6 traffic
Also another link from http://www.ironnetworks.com/blog/directaccess-network-deployment-scenarios#.VO3tfvmsVrU
"I have had a number of conversations with security administrators and network architects who have expressed a desire to place the DirectAccess server between two firewalls (firewall sandwich) in order to explicitly control access from the DirectAccess
server to the internal corporate network. While at first this may sound like a sensible solution, it is often quite problematic and, in my opinion, does little to improve the overall security of the solution. Restricting network access from the DirectAccess
server to the internal LAN requires so many ports to be opened on the inside firewall that the benefit of having the firewall is greatly diminished. Placing the DirectAccess server’s internal network interface on the LAN unrestricted is the best configuration
in terms of supportability and provides the best user experience."
Kindest Regards
John Davies
Thank for your reply and information John. I find it somewhat disappointing that Microsoft does not provide much more in the way of documentation and information regarding this topic. I required more information to show to our security team so they will allow
us to have the internal facing NIC not have more restrictive rules in place as it is a security concern.

Intermittent loss of UNC path access on Windows Server 2012

Similar Messages

Maybe you are looking for