Server 2012 DirectAccess and QOS

Similar Messages

• Configuring "Manage Out" Server 2012 DirectAccess IP-HTTPS

  Hoping someone with hands on experience configuring Manage Out functionality can answer a few questions for me?
  We have built a Server 2012 VM and deployed DirectAccess successfully.  Have tested with both Win7 and Win8 clients successfully.  After some initial issues with DNS were addressed with a Microsoft hotfix, it seems to be running stable.
  I want to configure Manage Out capabilities, so that I can remotely help the DA clients with software installs and similar.  I've read up on as many blog entries as I can find, but still finding it a bit mystifying. 
  We are using IP-HTTPS connectivity.  As best I can tell, we are not using Teredo or ISATAP.  The DA server is dual-NIC and is configured behind an Edge device (NIC #1 is DMZ and receives NAT'd traffic from external IPv4 address on firewall, NIC
  #2 is internal LAN).  Our internal networks are IPv4 only (no IPv6 at all); therefore DNSv4 and DHCPv4 internally).
  Am hoping that somewhere there might be a step-by-step configuration guide to match our scenario.  Alternatively, if someone can recommend a Local (i.e. Melbourne, Australia) consultant who knows this stuff backwards, I'd consider paying for that.

  OKay, so finally I am in a position to share some information ... it has taken me about 6 months of off-and-on (mostly "off") activity to get things working.
  We engaged a third-party company to do the initial installation of Direct Access.  This got us 90% of the way to where we needed to go.
  The configuration of Manage Out was eventually achieved, but we did take some further expert advice, because I didn't want to change anything without first understanding What was being changed and Why it needed to be changed.  So I had to be educated
  quite a bit about IPv6, IP-HTTPS and ISATAP.
  We ended up disabling all IPv6 on the clients EXCEPT for the IP-HTTPS protocol.  This was done via a GPO.
  I ran into some problems with IPv6 and ISATAP initially when configuring our IT PCs to be able to "manage out" to the DA clients.  We went with a non-standard name for the ISATAP Router (we called ours ISATAP-DirectAccess) and pointed this in DNS to
  the internal IPv4 address of the DA server.  This was enforced via a GPO.  However our PCs did not get IPv6 addresses on their ISATAP adapters.  This was eventually resolved by changing some settings on the ISATAP adapter for the Internal NIC
  on the DA server.  The settings were:  Forwarding=Enabled and also Advertising=Enabled
  After that the IT PCs were getting ISATAP addresses fine, but some of the DA Clients were not registering themselves with an IPv6 address in our Internal DNS.  This was eventually resolved when we discovered that some of the DA Clients' DNS records
  had 'bad' security permissions on them.  Once we fixed those permissions we found the DA Clients would register an IPv6 address when operating in Direct Access mode (and would remove their old IPv4 address) and would register an IPv6 address when connected
  internally (and would remove their unwanted IPv6 address).
  There was also a hitch with getting Windows Remote Assistance working with the DA clients.  This required a Hotfix from Microsoft to get it working properly.
  Setting the Firewall rules for the DA clients with Edge Traversal enabled was the easiest part of the process frankly.  The most difficult part was troubleshooting the problems with DNS registration and the problems with getting selected internal PCs
  to get a valid ISATAP adapter address from the DA server.

• Server 2012 DirectAccess Issues

  I have DirectAccess configured on Server 2012.  Just a single NIC configuration.  I've got it configured to work with Windows 7 and everything is fine as far as accessing network resources from the DirectAccess client, but not the other way around. 
  I've setup ISATAP for the machines that I want to communicate with the clients and that appears to be working.
  The first problem we are having is the client will not register with our DNS servers. 
  If we manually add a record with it's IPv6 address, we can ping the client, RDP to the client, but Microsoft Remote Assistance or trying to browse to the client doesn't work. 
  I believe I have opened the correct ports and allowed edge traversal on the client.  Do you guys have any other suggestions?  Thank you.

  Hi,
  "To configure ISATAP you have to put ISATAP host (A) record in your DNS and all machines can then resolve this name to configure their ISATAP adapters." (Quoted from below article)
  Windows Server 2012 Direct Access – Part 1 What’s New
  In addition go through beneath articles and thread for more information.
  1.  Direct Access Windows Server
  2012 - ISATAP and Internet connectivity problem
  2.  'Real W2orld' Direct Access installation using Windows Server 2012
  Hope it helps!
  Thanks,
  Dharmesh

• REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER

  I am using a window 7 professional  service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but  the seller did not send me any installation CD or instruction
  on how to use it.
   Please how can I use it on my window 7 professional  service pack 1.
  Thank you.

  Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server.  I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008. 
  http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
  Here is a lab guide for 2012 -
  http://technet.microsoft.com/en-us/library/jj134160.aspx
  But, the explanation of your environment begs the question - what are you trying to do?  You say you have a desktop OS and you are talking about Windows Server products.  In that light, your question does not make a lot of sense.
  . : | : . : | : . tim

• I have windows server 2012 R2 and install active directory

  My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
  Have not registered domain only install active directory to test. 
  So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
  software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine. 
  Please give me a solution for this.
  This is the setup for a test use only so their not big environment connect with my pc.
  Thanks in advance.
  Regards,
  Krunal

  Hi,
  The following article is talking about creating and managing Group Policy on a Windows Server 2012:
  http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
  As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
  Group Policy Overview
  http://technet.microsoft.com/en-us/library/hh831791.aspx
  Please feel free to let us know if you need further assistance.
  Regards.
  Vivian Wang

• Hyper-v Role in Windows Server 2012 foundation and Essentials

  Hello,
  I have seen that the two low cost version of Windows Server 2012 essential and Foundation) will not support hyper-v. Can you please tell me what it means exactly :
  Can you please tell me what is possible :
  -The server can not be installed as a hyper-v  guest (probably yes)
  -The hyper-v role can not be installed on the server (so I have to rely on vmware)?
  - Hyper-v role can be installed but there is no free license included with the server.
  Thank you
  Marc

  I suppose then, you would have to install Windows 8 and Hyper-V as your guest or core.
  Then run your Server 2012 Foundation under Win8.  which has 512GB Memory Limit.
  It seems asinine that you cannot install this role on Foundation, but seemingly you could work around it with Win8.  (Or Sun Virtual Box (free) (or VmWare(Free).
  So load up a dozen Win8Pro virutal sessions on that Win8 VirtualBox with up to 512GB Memory and Create your own Ghetto Remote Desktop Server with Foundation and Windows 8.   ;)
  What good is it if your can't run Hyper-V and Remote desktop services?  Those are the two apps small business need most.  But Microsoft strips it out, calls it a DEAL  (Essentials and Foundation) , yet if you want the good stuff, you're gonna
  have to buy Server 2012 Standard anyhow, + the CALs.
  So you are hooked into this "deal" by Microsoft Special Offer.   Its special alright, because you get to buy it twice.  The stripped down version that come with your server, then the full version when you discover Foundatoin and Essentials gives
  you AD, and thats it.  Nothing Else.  No "deal"
  Remember:
  All you get with Foundation or Essentials is AD and Group Policy.
  You cannot load RDP on Foundation or Essentials
  You cannot load Exchange on a DC, or Foundation or Essentials
  You cannot load Exchange and RDP on the same box.
  You cannot have Remote Web Apps if you load RDP on your DC.
  You cannot win with Microsoft.  No worthwhile "deal" has ever come out of the city of Redmond.
  The internet is a one-way money pipeline to Microsoft.
  Its three times the work, three times the cost and requires three servers licenses to do with 2012, what you could do with one 2008R2 license.  
  Might as well purchase 2 Server 2013 Standard Editions if you want:
  1.) Active Directory
  2.) Remote Desktop and Remote Apps
  3.) Your own Exchange Server
  You are better off installing a NAS if all you need is a file server. 
  Why bother with Foundation or Essentials?  Its a "Gimmick-ware"

• Windows Server 2012 Standard and Essentials User CAL's

  I've been running Windows Server 2012 Essentials in an organization that until recently stayed within the 25 user 50 network device limit specified by the license. Eventually we've grown beyond that. Since the Server 2012 Essentials machine had a non-transferable
  OEM license I decided not to waste it by doing an in-place migration to Server 2012 Standard, and instead set up a new server with freshly purchased Server 2012 R2 Standard and migrated Active Domain roles to it, leaving the original server as a part of a
  fail-over cluster.
  We purchased 30 User CAL's for the 2012 R2, as required for 25+ staff members.
  Now I am curious. The 2 servers that we have right now (2012 R2 Standard and 2012 Essentials) both maintain the same Active Directory and manage the same pool of users and workstations. Does that mean that the primary server with 30 User CAL's takes dominance
  and sets the limit as to how many people are allowed to access the network. Or does it become a combination of purchased 30 CAL's + 25 Users hard-wired into the 2012 Essential edition?
  Do these servers have to run separate domains with segregated pools of users in order to be license compliant for 30+ users or can they exist within the same same domain preserving individual user limits? What if the 2012 Essentials server maintains
  one office location with fewer than 25 staff and the Standard R2 2012 server runs another office with fewer than 30 staff, while both offices are linked via a VPN for the purpose of sharing 3rd party licenses? Do individual user limits apply, or is it still
  30 users max?
  To sum up the question, I'd like to know whether I'd need to buy more user CAL's when we reach more than 30 staff at 1 or possibly 2 office locations.
  Oh, and the device limit! 2012 R2 Standard under user CAL licensing scheme has no machine limits. Essentials is always capped at 50. When running one active directory, what's the legally allowed number of devices on the network? I assume it's unlimited.
  Thanks.

  Thank you for the reply.
  My question then is how to transition while preferably keeping both physical servers.
  Should a 2012 Standard key be purchased additionally for an in-place transition of 2012 Essentials machine to 2012 Standard (which at this point is as good as a fresh install)? Until then, should the Essentials 2012 server be taken offline entirely?
  What about the situation where I described both servers running segregated networks with their own pools of users, only connected via a VPN for 3rd party license sharing? Is that configuration supported?
  Also, if the configurations is unsupported, why are the servers able to share roles in first place? Why isn't there a software mechanism preventing interaction? What configuration do the servers themselves assume is in place?
  Thanks again.

• Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10?

  Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10? We have a remote desktop farm setup with 2012 R2 servers and we are publishing some web links that only work with IE10. As a result, we need to
  downgrade the remote desktop servers to IE10. I have a feeling that this isn't possible, but if I could get a definitive answer, I would greatly appreciate it, thank you!

  Hi,
  Agreed with DonPick.
  Internet Explorer 11 is preinstalled with Windows 8.1 and Windows Server 2012 R2.
  More information regarding Internet Explorer 11, please check:
  Internet Explorer 11 - FAQ for IT Pros
  http://msdn.microsoft.com/en-us/library/dn268945.aspx
  Best regards
  Michael Shao
  TechNet Community Support

• Just FYI, Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide in Word format in the TechNet Gallery

  The Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide is now available for download in Word format in the TechNet Gallery at
  http://bit.ly/1pYZT3F
  Thanks -
  James McIllece

  hello again,
  meanwhile I was lucky to find this article about Idenity Mapping in TechNet in the Storage Team Blog:
  http://blogs.technet.com/b/filecab/archive/2012/10/09/nfs-identity-mapping-in-windows-server-2012.aspx
  Likely to be overseen at the end of one paragraph it says:
  "Client for NFS does not support NFS V4.1 in Windows 8 or Windows Server 2012"
  Question : Is this an official statement and is it still valid with most recent
  Windows Server 2012 R2 that NFS client does NOT support NFSv4.x  ??
  thanks - Rainer

• Server 2012 R2 and DPM 2012 (ocsetup not recognized)

  I am trying to install DPM 2012 on Server 2012 R2 and unalbe to get past prerequisties check.  When I try the command "OCSetup.exe SIS-Limited"  it comes up that OCSetup is not recognized.  How do I install (SIS) on Server 2012 R2?

  Hi.
  DPM 2012 SP1 is not supported running on Windows 2012 R2.  Please decide on one of the following.
  A) Install DPM 2012 R2 on the Windows Server 2012 R2 or other
  supported operating systems.
  B) Install DPM 2012 SP1 on Windows Server 2012 or other
  supported operating systems.
  FYI for Windows server 2012 R2 the new command is:
  dism /online /enable-feature:SIS-Limited
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.

• DirectAccess Client not connecting without error code on Windows Server 2012 R2 and Windows 8.1

  Hello,
  we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
  Errors:
  There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
  >Get-DAConnectionStatus
  Status    : Error
  Substatus : CouldNotContactDirectAccessServer
  >Get-NetIPHttpsState
  LastErrorCode   : 0x0
  InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
  Setup:
  Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
  successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
  been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
  The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
  setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
  Diagnosis:
  So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
  access the NLS-Website located on the server, which worked fine).
  Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
  Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
  on the URL returning HTTP-200 and no content.
  I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
  Regards
  Matthias

  Hi,
  In addition, have you disabled the DA client components on the DA client? If no, please also check
  the settings on the Name Resolution Policy Table.
  More information:
  DirectAccess
  Client Location Awareness – NRPT Name Resolution
  In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
  registry or corrupt drivers. For more detailed information, please refer to the link below:
  Error 1225 - Error Code 0x4C9
  Note:
  Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Susie

• DirectAccess Windows Server 2012 R2 and Windows 8.1 - status connecting

  I've successfully deployed DirectAccess on Windows Server 2012 R2 in a 2 node NLB cluster. Everything in the console is green and I can see clients connecting.
  Windows 7 clients can connect and with the DirectAccess connectivity assistant installed show as connected and I can access resources.
  On a Windows 8.1 client I can access resource and run the troubleshooting tool which reports no errors, but if I look at connections it shows as connecting and the status never changes to connected. Clients work correctly when on the internal network.
  I've looked at available hotfixes, but not found anything for when the status is incorrectly shown.
  Any ideas before I raise a support call?
  James Saunders

  Hi,
  You current information hardly determine which part may occur error, I found the similar symptom on the following third party article, may can give you some help.
  The similar issue third party article:
  Windows 8 DirectAccess client keeps saying "Connecting"
  http://tfs.letsblog.it/post/2013/07/10/Windows-8-DirectAccess-client-keeps-saying-Connecting.aspx
  More information:
  The Network Connection Status Icon
  http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Update Server 2012 to Server 2012 R2 and keep DirectAccess configuration?

  Hi!
  Does anybody know if you can upgrade an existing Windows 2012 Server with
  DirectAccess to Windows Server 2012 R2 without losing or wrecking the DirectAccess configuration?

  Hi There - Done it quite a few times and works without issues - as long as the Server Name, IP's and everything stays the same it will be fine.
  John Davies

• Direct Access on Windows Server 2012 R2 and IPV6

  I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Hi,
  DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
  However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
  Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
  For detailed information, please view the link below,
  Plan the DirectAccess Infrastructure
  http://technet.microsoft.com/en-us/library/jj574101.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• Server 2012 DirectAccess - RDP

  Hi
  Just curious, if someone is running DirectAccess with remote desktop, and the clients do not actually connect via DirectAccess at all. The clients will just connect using standard RDP. But DirectAccess is running on the server. Is there any benefit or use
  for DirectAccess if they are avoiding connecting using it DirectAccess?
  Just seems like to make use of DirectAccess you would need to connect via that first then use the RDP, or am i missing something?

  Hi,
  Would recommend you follow the Windows Server 2012 Test Lab Guides for DA
  http://social.technet.microsoft.com/wiki/contents/articles/7807.windows-server-2012-test-lab-guides.aspx
  This will help you setup the virtual environment correctly. 
  Regards, Rmknight