Requirements for DirectAccess RRS feed

  • Question

  • Hi
    What would I need to create a lab for DirectAccess? Apart from IPv6 support, what domain functional level, OS on domain controllers, etc? I presume that the DirectAccess server is a role for a 2008 R2 server.

    Friday, January 9, 2009 10:24 AM


All replies

  • Friday, January 9, 2009 10:40 AM
  • Hi sindre,

    best of luck.
    sainath Windows Driver Development
    Friday, January 9, 2009 11:26 AM
  • Did not anyone find some more detailed info? I have started building a test set with a windows 7 laptop, a windows server 2008 r2 server with 2 networkcards and two public ip addresses. But still try to figure out how to get it working.

    Unfortunately at the DAMgmt tool the help at the bottom is not yet working, the is an "Overview of DirectAccess" and a "Checklist: Before you configure DirectAccess" but they lead to the help of Windows Firewall and an error page.

    Sunday, January 11, 2009 7:25 PM
  • Thursday, January 15, 2009 7:00 AM
  • Well it' s not much but it' s more than nothing, good find.
    I hope to get some time in the weekend to start playing with it again.

    Thursday, January 15, 2009 10:18 PM
  • Hi,

    tried to set up a test set as well, but still couldn't manage to get it work.
    Both NICs are provided with two consecutive ipv4-addresses, but it still says "The DirectAccess server must have two consecutive public IPv4 adresses configured on the same physical interface. Configure IPv4 adresses and then try again."

    I just found the documents you already postet. Help file doesn't work here too.

    Friday, January 16, 2009 4:40 PM
  • That part I' ve got working. I' ve made a security group with some members. But now it starts about "The interface connected to the internet must no be classified as a Domain network" I have to look up how to get this fixed. Maby the problem is that I run all things on one server. DC, DNS and Direct Access? 

    Friday, January 16, 2009 6:59 PM
  • I' am going to build a new test domain with a couple of PC' s. One PC as AD, DC, DNS, DHCP and Certificateserver. One PC for Direct Access with two networcards, on the internet networkcard two public IP addresses, on the intranet networkcard a connection to the AD. And a laptop with Windows 7 as a domainjoined PC to use from the internet so I can test Direct Access. Did I forget to mention some thing?

    Saturday, January 17, 2009 5:38 PM
  • What did you do [anyone] go get past this message, "The DirectAccess server must have two consecutive public IPv4 adresses configured on the same physical interface."

    I've added 2 virtual nics to a Hyper-V R2 VM and assigned the consectuive ip addresses to both but I  still get the message.

    Monday, January 19, 2009 10:49 PM
  • Thinking it was a Hyper-V issue, I tried the same thing using Vmware Workstatio 6.51 and still get the error about nics not being set right.

    Funny thing is I have an EdgeServer for Exchange 2007 SP1 running on VMware ESX with no issues at all and it requires two nics. I thought DirectAccess was sort of the same 'type' of base setup; the EdgeServer faces the internet and is not domain joined but uses ADAM and a 'syncing'  (Edgesync) to communicatate with the Exchange Server. This satisfies the need for AD info without requiring the machine to be domain joined.

    In contrast,  the DirectAccess server is 'required' to be domain joined.

    Anyone care to share some jump starting information. I guess the wizard will guide you thru the setup but still, I get satisfy the nic setup requirements. What am  I doing wrong?


    ps. I Would be nice is the Host could make available some 'how to' info.
    Wednesday, January 21, 2009 4:36 PM
  • Do you have two consecutive public ip addresses? Like and NOT in the private range like or I had the two public addresses on my internet Nic and the wizard did go past that part. Then i had some other problems like my server was also DC, Certserver, DNS and everything else. I was very busy in the last week so i am gone a give it another try later this week.


    Monday, January 26, 2009 8:03 PM
  • FYI: A new TechNet Web page has been created to contain the links to current and upcoming DA content:




    Wednesday, January 28, 2009 9:43 PM
  • Joe, the article was already mentioned earlier in the thread, but thanks any way.


    Wednesday, January 28, 2009 9:46 PM
  • Has anyone gotten this to work?  I am stuck at the PKI certificate section.   I have an enterprise PKI and it appears to be working fine, but the setup for DA still says I need an ID cert installed locally.  Ugh.  Anything would help.


    Friday, February 6, 2009 7:33 PM
  • May be, my setup is not complaining about anything any more but in Step 4 it asks for an Network Location Server? Whats that? I can not find any info on that.

    Saturday, February 7, 2009 5:23 PM
  • I'm stuck at Step 2 at the moment with the following message:
    "The interface connected to the Internet must not be classified as a Domain network."

    I'm sure this problem can be solved easily, but I honestly don't know how. 
    There is no internal IP assigned, just the Router as DNS and Gateway.


    Tuesday, February 10, 2009 1:50 PM
  • FYI: The "DirectAccess Early Adopter's Guide" has been published at http://www.microsoft.com/downloads/details.aspx?FamilyID=2fdc531d-9138-454f-a820-78211755b52a&displaylang=en.

    This guide introduces DirectAccess concepts, defines new terms, explains requirements for installation, discusses how to design DirectAccess architecture, and then steps you through installation and deployment.
    • Marked as answer by Elisa Willman Wednesday, March 18, 2009 5:10 AM
    Tuesday, February 10, 2009 3:56 PM
  • Thats what we need, thank you.
    Wednesday, February 11, 2009 7:12 PM
  • My DirectAccess reports DNS error within the DirectAccess management console.
    The error message says:

    None of the enterprise DNS servers "20xx:cxxx:x:x:xxxx:192:xxx:xxx:xxx" that DA client will attempt to use for name resolution appear to be responsive. This will prevent the DA clients from being able to resolve names in the corporate namespace, thus preventing them from connection to the enterprise network. Make sure the DNS server is online and responding to name resolution requests.

    I've used the "DirectAccess Early Adopters Guide" but that don't help me to troubleshoot further for the moment.
    “Direct Early Adopters Guide” is found here: http://www.microsoft.com/downloads/details.aspx?FamilyID=2fdc531d-9138-454f-a820-78211755b52a&DisplayLang=en

    Someone else who's into this?


    Saturday, March 7, 2009 11:41 AM
  • I'm stuck with the same problem, even when I set up a DNS server on the Direct Access Gateway itself. Still not responsive. And diagnostics tools like nslookup and portqry doesn't help with IPv6 testing.

    Sunday, March 8, 2009 8:08 AM
  • Yesterday I found that I had problem with my IPv6 settings for DNS. I run dcdiag /test:dns on my domain controller and it reported errors. But I don't know how to configure the DNS settings on the domain controller/DNS server and on the DirectAccess server.

    Do I need to configure something within the DNS management console, TCP/IP settings on the DNS server and DirectAccess server?
    Sindres, do you know how to configure the DNS settings properly within the TCP/IP settings on the domain controller and DirectAccess server?


    Sunday, March 8, 2009 12:17 PM
  • hlat said:

    I'm stuck at Step 2 at the moment with the following message:

    "The interface connected to the Internet must not be classified as a Domain network."

    I'm sure this problem can be solved easily, but I honestly don't know how. 
    There is no internal IP assigned, just the Router as DNS and Gateway.




    still got the same problem, any idea how to solve this?

    Monday, March 9, 2009 5:07 PM
  • Change the network profile from "Domain network" to "Private" or "Public".
    Tuesday, March 10, 2009 6:40 AM
  • At the DirectAccess Early Adopters Guide, at page 32 is the explanation of how to change the interface configuration to "Public" or "Private".

    10. On the DirectAccess server, ensure the Internet-facing interface is configured to be either a “Public” or a “Private” interface (depending on your network design) and the intranet interfaces are configured to be “Domain” interfaces. No other combinations are supported. If you have more than two interfaces, ensure that no more than two classification types are selected.

    Best regards
    Tuesday, March 10, 2009 2:20 PM
  • Hi,

    did anyone manage to get DirectAccess installed in a virtual test environment?
    I'm trying to get it working @home but i keep getting the error message to configure 2 consecutive ips.
    Are the two virtual network cards maybe not recognized as different physical ones (as there is only one physical behind)?

    Much appreciate any suggestions.
    Best Regards


    Wednesday, May 6, 2009 6:50 AM
  • For all that had problems to configure DirectAcess this is a really good guide for building a testlab.


    Hope this helps.



    Thursday, May 7, 2009 9:53 PM
  • The test lab document is definitely the place to start. There are a lot of steps that include concepts that aren't explained, so if you have questions, please share them with us on this board, or better, start a new thread. Some of the steps in the lab required to make DA work, but some of them are just needed to get a particular function within the lab work. It's important that you understand what the DA requirements and dependancies are, and what are artifacts of the test lab -- so that you can generalize what you've learned in the test lab to your own environment.


    Microsoft ISDUA
    Thursday, December 31, 2009 2:53 PM