Editing: Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP) and Remote Desktop Gateway (RDG) - Community Edition - TechNet Articles - United States (English)

Title
[TOC] This is the text of the <a href="http://go.microsoft.com/fwlink/?LinkId=206505">Test Lab Guide: Demonstrate UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP) and Remote Desktop Gateway (RDG)</a> Test Lab Guide, which you can download at <a href="http://go.microsoft.com/fwlink/?LinkId=206505">http://go.microsoft.com/fwlink/?LinkId=206505</a>    I am posting the entire text of the Test Lab Guide here with the goal that the community can improve on the Test Lab Guide by adding new options, demonstrating new features, or just correct errors in the text :)  In fact, you can make any changes you like - that is the nature of a wiki. I'm looking forward to seeing how you all can make this great Test Lab Guide even better! ======================================================== <h1 style="margin: 24pt 0in 0pt;"><a name="Introduction"></a><a name="_Toc277586240"></a><a name="_Toc265500018">Introduction</a><o:p></o:p></h1> DirectAccess is a new feature in the Windows 7 and Windows Server 2008 R2 operating systems that gives users the experience of being seamlessly connected to their intranet any time they have Internet access. With DirectAccess enabled, requests for intranet resources (such as e-mail servers, shared folders, or intranet Web sites) are securely directed to the intranet, without requiring users to connect to a VPN. DirectAccess provides increased productivity for a mobile workforce by offering the same connectivity experience both inside and outside the office. <o:p></o:p> Forefront Unified Access Gateway (UAG) SP1 RC extends the value of the Windows DirectAccess solution by adding features that meet the requirements of many enterprise deployments:<o:p></o:p> <ul style="margin-top: 0in; list-style-type: disc;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Support for arrays of up to 8 UAG DirectAccess servers where configuration is done once on an array master and is automatically deployed to all other members of the array<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Support for Network Load Balancing, which enables the UAG DirectAccess SP1 RC array to be highly available without requiring the use of an external hardware load balancer<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Support for IPv4-only networks, network segments, or server or application resources with the help of NAT64/DNS64 IPv6/IPv4 transition technologies.<o:p></o:p></li> </ul> To learn more about UAG DirectAccess, see the following resources:<o:p></o:p> ·         <a href="http://technet.microsoft.com/en-us/library/ee406191.aspx">Forefront UAG DirectAccess Design Guide</a><o:p></o:p> ·         <a href="http://technet.microsoft.com/en-us/library/dd857320.aspx">Forefront UAG DirectAccess Deployment Guide</a><o:p></o:p> UAG SP1 RC supports hosting multiple roles on a single UAG server or UAG array. For example, you might want to host both the DirectAccess server and SSTP VPN server roles on the same server or array. Windows 7 clients that are configured DirectAccess clients will automatically use DirectAccess to connect to intranet resources. Windows 7 clients that are not domain members, or who are not configured as DirectAccess clients can use SSTP to connect to the intranet using a network level VPN connection. Windows 7, Windows Vista and Windows XP clients can connect to Remote Desktop and RemoteApps through a UAG server that is configured to host the Remote Desktop Gateway role. In this guide, we demonstrate how a UAG server can support the combined, DirectAccess, SSTP and Remote Desktop Gateway server roles.<o:p></o:p> <h2 style="margin: 10pt 0in 0pt;"><a name="In_this_guide"></a><a name="_Toc277586241"></a><a name="_Toc265500019"></a><a name="_Toc250629632">In this guide</a><o:p></o:p></h2> This guide provides step-by-step instructions for configuring UAG DirectAccess SP1 RC with SSTP and Remote Desktop Gateway in a test lab so that you can see how it works. You will set up and deploy UAG DirectAccess SP1 RC using five server computers, two client computers, Windows Server 2008 R2 Enterprise edition, and Windows 7 Ultimate Edition. The Test Lab simulates intranet, Internet, and a home networks, and demonstrates a co-located Forefront UAG DirectAccess and SSTP VPN server role deployment. The starting point for this paper is the <a href="http://go.microsoft.com/fwlink/?LinkId=204993">Test Lab Guide: Demonstrate UAG SP1 RC DirectAccess</a> . <o:p></o:p> <table cellpadding="0" border="1" class="MsoNormalTable" style="margin: auto auto auto 3.75pt; width: 97%; border: 1pt solid #dddddd;"> <tbody> <tr> <td valign="bottom" style="border-color: #cccccc #cccccc #c8cdde; border-width: 1pt; border-style: solid; background-color: #efeff7; padding: 3.75pt; background-position: initial initial; background-repeat: initial initial;"> <v:shapetype coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f" id="_x0000_t75"><v:stroke joinstyle="miter"></v:stroke><v:formulas><v:f eqn="if lineDrawn pixelLineWidth 0"></v:f><v:f eqn="sum @0 1 0"></v:f><v:f eqn="sum 0 0 @1"></v:f><v:f eqn="prod @2 1 2"></v:f><v:f eqn="prod @3 21600 pixelWidth"></v:f><v:f eqn="prod @3 21600 pixelHeight"></v:f><v:f eqn="sum @0 0 1"></v:f><v:f eqn="prod @6 1 2"></v:f><v:f eqn="prod @7 21600 pixelWidth"></v:f><v:f eqn="sum @8 21600 0"></v:f><v:f eqn="prod @7 21600 pixelHeight"></v:f><v:f eqn="sum @10 21600 0"></v:f></v:formulas><v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"></v:path><o:lock v:ext="edit" aspectratio="t"></o:lock></v:shapetype><v:shape o:spid="_x0000_i1029" alt="Description: Important" type="#_x0000_t75" id="Picture_x0020_3" style="width: 7.5pt; height: 7.5pt; visibility: visible;"><v:imagedata src="file:///C:\Users\tomsh\AppData\Local\Temp\msohtmlclip1\01\clip_image001.gif" o:title="Important"></v:imagedata></v:shape>Important: <o:p></o:p> </td> </tr> <tr> <td valign="top" style="border-color: #cccccc #d5d5d3 #cccccc #cccccc; border-width: 1pt; border-style: solid; background-color: #f7f7ff; padding: 3.75pt; background-position: initial initial; background-repeat: initial initial;"> These instructions are designed for configuring a test lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network, and to show clearly the required functionality. This configuration is not designed to reflect best practices, nor does it reflect a required or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed to work only on a separate test lab network. For more information on planning and deploying DirectAccess with Forefront UAG, please see the <a href="http://technet.microsoft.com/en-us/library/ee406191.aspx">Forefront UAG DirectAccess design guide</a> and the <a href="http://technet.microsoft.com/en-us/library/dd857320.aspx">Forefront UAG DirectAccess deployment guide</a><o:p></o:p> </td> </tr> </tbody> </table> <h1 style="margin: 24pt 0in 0pt;"><a name="Overview_of_the_test_lab_scenario"></a><a name="_Toc277586242"></a><a name="_Toc267915211">Overview of the test lab scenario</a><o:p></o:p></h1> In this test lab scenario, Forefront UAG DirectAccess SP1 RC is deployed with:<o:p></o:p> <ul style="margin-top: 0in; list-style-type: disc;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One computer running Windows Server 2008 R2 Enterprise Edition (DC1), that is configured as an intranet domain controller, Domain Name System (DNS) server, Dynamic Host Configuration Protocol (DHCP) server, and an enterprise root certification authority (CA).<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One intranet member server running Windows Server 2008 R2 Enterprise Edition (UAG1), that is configured as a Forefront UAG SP1 RC DirectAccess, SSTP VPN and Remote Desktop Gateway server.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One intranet member server running Windows Server 2008 R2 Enterprise Edition (APP1) that is configured as a general application server and network location server.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One intranet member server running Windows Server 2003 SP2 (APP3) that is configured as an IPv4 only web and file server. This server is used to highlight the UAG’s NAT64/DNS64 capabilities.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One standalone server running Windows Server 2008 R2 Enterprise Edition (INET1) that is configured as an Internet DNS and DHCP server.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One standalone client computer running Windows 7 Ultimate Edition (NAT1), that is configured as a network address translator (NAT) device using Internet Connection Sharing.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One roaming domain member client computer running Windows 7 Ultimate Edition (CLIENT1) that is configured as a DirectAccess client.<o:p></o:p></li> </ul> The test lab consists of three subnets that simulate the following:<o:p></o:p> <ul style="margin-top: 0in; list-style-type: disc;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">A home network named Homenet (192.168.137.0/24) connected to the Internet subnet by NAT1.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The Internet subnet (131.107.0.0/24).<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The Corpnet subnet (10.0.0.0/24) separated from the Internet by the Forefront UAG DirectAccess server.<o:p></o:p></li> </ul> Computers on each subnet connect using either a physical or virtual hub or switch, as shown in the following figure.<o:p></o:p> <v:shape type="#_x0000_t75" id="_x0000_i1025" style="width: 466.5pt; height: 312pt;"><v:imagedata src="file:///C:\Users\tomsh\AppData\Local\Temp\msohtmlclip1\01\clip_image002.emz"></v:imagedata></v:shape><o:p></o:p> <h1 style="margin: 24pt 0in 0pt;"><a name="Configuration_component_requirements"></a><a name="_Toc277586243"></a><a name="_Toc267915212">Configuration component requirements</a><o:p></o:p></h1> The following components are required for configuring Forefront UAG DirectAccess in the test lab:<o:p></o:p> <ul style="margin-top: 0in; list-style-type: disc;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The product disc or files for Windows Server 2008 R2 Enterprise Edition.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The product disc or files for Windows Server 2003 Enterprise SP2<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The product disc or files for of Windows 7 Ultimate.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Five computers or virtual machines that meet the minimum hardware requirements for Windows Server 2008 R2 Enterprise; two of these computers has two network adapters installed (UAG1).<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">One computer or virtual machine that meets the minimum hardware requirements for Windows Server 2003 SP2<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Two computers or virtual machines that meet the minimum hardware requirements for Windows 7 Ultimate; one of these computers has two network adapters installed (NAT1).<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The product disc or a downloaded version of Microsoft Forefront Unified Access Gateway (UAG) SP1 RC.<o:p></o:p></li> </ul> This Test Lab Guide demonstrates a combined UAG SP1 RC DirectAccess and SSTP deployment. <o:p></o:p> <v:shape o:spid="_x0000_i1028" type="#_x0000_t75" id="Picture_x0020_9" style="width: 18pt; height: 12pt; visibility: visible;"><v:imagedata src="file:///C:\Users\tomsh\AppData\Local\Temp\msohtmlclip1\01\clip_image004.gif"></v:imagedata></v:shape>Important <o:p></o:p> The following instructions are for configuring a test lab using the minimum number of computers. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. It is important to remember that this configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network.<o:p></o:p> Attempting to adapt this test lab configuration to a pilot or production deployment can result in configuration or functionality issues. To ensure proper configuration and operation of UAG DirectAccess and SSTP, please refer to the <a href="http://technet.microsoft.com/en-us/library/dd857320.aspx">Forefront UAG DirectAccess Deployment Guide</a> for the steps to configure the UAG DirectAccess server and supporting infrastructure servers.<o:p></o:p> <h1 style="margin: 24pt 0in 0pt;"><a name="Steps_for_configuring_the_test_lab"></a><a name="_Toc277586244">Steps for configuring the test lab</a><o:p></o:p></h1> The following sections describe how to configure UAG1 as a DirectAccess, SSTP VPN and Remote Desktop Gateway server. After UAG1 is configured, this guide provides steps for demonstrating the DirectAccess, SSTP VPN and Remote Desktop Server functionality for CLIENT1 when it is connected to the Homenet subnet.<o:p></o:p> <v:shape type="#_x0000_t75" id="_x0000_i1027" style="width: 18pt; height: 12pt; visibility: visible;"><v:imagedata src="file:///C:\Users\tomsh\AppData\Local\Temp\msohtmlclip1\01\clip_image005.gif"></v:imagedata></v:shape>Note <o:p></o:p> You must be logged on as a member of the Domain Admins group or a member of the Administrators group on each computer to complete the tasks described in this guide. If you cannot complete a task while you are logged on with an account that is a member of the Administrators group, try performing the task while you are logged on with an account that is a member of the Domain Admins group. For all tasks described in this document you can use the CONTOSO\User1 account created when you went through the steps in the UAG DirectAccess <a href="http://go.microsoft.com/fwlink/?LinkId=204993">Test Lab Guide: Demonstrate UAG SP1 RC DirectAccess</a>.<o:p></o:p> The following procedures are performed to enable and allow you to test the UAG SP1 RC DCA:<o:p></o:p> ·         Step 1: Complete the Demonstrate UAG SP1 RC DirectAccess with SSTP Test Lab Guide – The first step is to complete all the steps in the <a href="http://go.microsoft.com/fwlink/?LinkId=206283">Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP)</a>.<o:p></o:p> ·         Step 2: Install and Configure the RDS Session Host on APP1. In order to test UAG1 publishing of Remote Desktops and RemoteApps we need an RDS Session Host server on the corpnet subnet. In this step you will install the RDS Session Host Role on APP1.<o:p></o:p> ·         Step 3: Generate the RemoteApp Configuration File on APP1. You will publish a RemoteApp on UAG1. In order to publish the RemoteApp, you need to generate a RemoteApp configuration file on APP1. In this step you will generate the RemoteApp configuration file and copy it to UAG1.<o:p></o:p> ·         Step 4: Publish Remote Desktops on UAG1. To publish Remote Desktops you need to add the Remote Desktops Application to the portal. In this step you will add the Remote Desktop applications to the UAG1 portal page.<o:p></o:p> ·         Step 5: Publish RemoteApps on UAG1. To publish RemoteApps you need to add the RemoteApps application to the portal. In this step you will add the RemoteApps application to the portal page. <o:p></o:p> ·         Step 6: Test DirectAccess, SSTP and Remote Desktop Connectivity from CLIENT1. After the portal configuration is completed, you can test connectivity to resources through the UAG portal. In this step you will confirm DirectAccess and SSTP connectivity, and test Remote Desktop and RemoteApp connectivity through the portal.<o:p></o:p> ·         Step 7: Snapshot the configuration. After completing the Test Lab, take a snapshot of the working UAG DirectAccess, SSTP and Remote Desktop Gateway Test Lab so that you can return to it later to test additional scenarios.<o:p></o:p> <v:shape o:spid="_x0000_i1026" type="#_x0000_t75" id="Picture_x0020_7" style="width: 18pt; height: 12pt; visibility: visible;"><v:imagedata src="file:///C:\Users\tomsh\AppData\Local\Temp\msohtmlclip1\01\clip_image005.gif"></v:imagedata></v:shape>Note <o:p></o:p> You will notice that there are several steps that begin with an asterisk (*). The * indicates that the step requires that you move to a computer or virtual machine that is different from the computer or virtual machine you were at when you completed the previous step. <o:p></o:p> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_1_Complete_the_Demonstrate_UAG_SP1_RC_DirectAccess_with_SSTP_Test_Lab_Guide"></a><a name="_Toc277586245">STEP 1: Complete the Demonstrate UAG SP1 RC DirectAccess with SSTP Test Lab Guide</a> <o:p></o:p></h2> The first step is to complete all the steps in the <a href="http://go.microsoft.com/fwlink/?LinkId=206283">Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP)</a>. After completing the steps in that Test Lab Guide you will have the core infrastructure required to complete this Test Lab Guide on how to configure UAG DirectAccess with SSTP and RDG.  If you have already completed the steps in that Test Lab Guide and saved a snapshot or disk image of the Test Lab, you can restore the snapshot or image and begin with the next step.<o:p></o:p> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_2_Install_and_Configure_the_RDS_Session_Host_on_APP1"></a><a name="_Toc277586246"></a><a name="_Toc265500029">STEP 2: </a>Install and Configure the RDS Session Host on APP1<o:p></o:p></h2> In order to test UAG1 publishing of Remote Desktops and RemoteApps we need an RDS Session Host server on the corpnet subnet. In this step you will install and configure the RDS Session Host Role on APP1. <o:p></o:p> Install the RDS Session Host on APP1:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">At the APP1 computer or virtual machine, log on as CORP\User1. Open the Server Manager. In the left pane of the Server Manager console, click the Roles node. In the right pane of the console, click Add Roles. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Before You Begin page, click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Select Server Roles page, select Remote Desktop Services and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Introduction to Remote Desktop Services page, click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Role Services page, select Remote Desktop Session Host and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Application Compatibility page, click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Authentication Method page, select Require Network Level Authentication and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Licensing Mode page, select Configure later and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the User Groups page, confirm Administrators is in the User or User Groups list and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Client Experience page, put a checkmark in the Audio and video playback, Audio recording redirection, and Desktop composition (provides the user interface elements of Windows Aero) checkboxes and click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Confirmation page, click Install. When you see the message Restart Pending, click Close. In the Add Roles Wizard dialog box, click Yes. The machine will restart to complete installation. Log on as CORP\User1. After you log on the installation will continue. On the Results page, click Close.<o:p></o:p></li> </ol> Configure the RDS Session Host on APP1:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click Start and point to Administrative Tools. Point to Remote Desktop Services and click Remote Desktop Session Host Configuration. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the Remote Desktop Session Host Configuration console, in the right pane of the console, right click RDP-Tcp and click Properties.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the RDP-Tcp Properties dialog box, on the General tab, click the Select button. In the Windows Security dialog box, click APP1.corp.contoso.com and click OK. In the RDP-Tcp Properties dialog box, click OK. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Close the Remote Desktop Session Host Configuration console. <o:p></o:p></li> </ol> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_3_Generate_the_RemoteApp_Configuration_File_on_APP1"></a><a name="_Toc277586247"></a><a name="_Toc265500030">STEP 3: </a>Generate the RemoteApp Configuration File on APP1<o:p></o:p></h2> You will publish a RemoteApp on UAG1. In order to publish the RemoteApp, you need to generate a RemoteApp configuration file on APP1. In this step you will generate the RemoteApp configuration file and copy it to UAG1. <o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click Start and point to Administrative Tools. Point to Remote Desktop Services and click RemoteApp Manager. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the RemoteApp Manager console, in the Actions pane, click Add RemoteApp Program. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Welcome to the RemoteApp Wizard page, click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Choose programs to add to the RemoteApp Programs list page, select WordPad and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Review Settings page, click Finish. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the Actions pane, click Export RemoteApp Settings.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the Export RemoteApp Settings dialog box, select Export the RemoteApp Programs list and settings to a file and click OK. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the Save As dialog box, in the File name text box, enter WordPadRemoteApp and save the file to the C:\Files folder.  In the RemoteApp Manager dialog box click OK. Close the RemoteApp Manager console. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">*Log on to the UAG1 computer or virtual machine as CORP\User1. Click Start and in the Search box enter <a href="file://app1/Files">\\APP1\Files</a> and press ENTER. Copy the WordPadRemoteApp.tspub file to the desktop on UAG1. Close the Windows Explorer window.<o:p></o:p></li> </ol> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_4_Publish_Remote_Desktops_on_UAG1"></a><a name="_Toc277586248"></a><a name="_Toc265500033">STEP 4: </a>Publish Remote Desktops on UAG1<o:p></o:p></h2> To publish Remote Desktops you need to add the Remote Desktops Application to the portal. In this step you will add the Remote Desktop application to the UAG1 portal page.<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">At the UAG1 computer or virtual machine, click Start and then click All Programs. Click Microsoft Forefront UAG and then click Forefront UAG Management. In the User Account Control dialog box, click Yes. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the left pane of the Microsoft forefront Unified Access Gateway Management console, expand HTTPS Connections and click on HTTPSTrunk. In the right pane of the console, in the Applications section, click Add. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Welcome to the Add Application Wizard page, click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 1 – Select Application page, select the Terminal Services (TS)/Remote Desktop Services (RDS) option. From the drop down box, select Remote Desktop (Predefined). Click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 2 – Configuration Application page, in the Application name text box, enter Predefined Remote Desktop. Click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 3 – Select Endpoint Policies page, from the Access policy drop down list, select Always. We select Always in this lab because the default policy requires that the client system have antivirus software installed in order to launch the application. CLIENT1 does not have antivirus software installed, so we need to select the Always option for the Test lab. Click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 4 – Configure Server Settings page, in the UAG SP1 RC Session Host (IP address or FQDN) text box, enter app1.corp.contoso.com. Click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 5 – Configure Client Settings page, accept the default settings and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 6 – Portal Link page, accept the default settings and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 7 – Authorization page, accept the default settings and click Next. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Completing the Add Application Wizard page, click Finish. <o:p></o:p></li> </ol> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_5_Publish_RemoteApps_on_UAG1"></a><a name="_Toc277586249"></a><a name="_Toc265500035">STEP 5: </a>Publish RemoteApps on UAG1<o:p></o:p></h2> To publish RemoteApps you need to add the RemoteApps application to the portal. In this step you will add the RemoteApps application to the portal page.<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the right pane of the Microsoft Forefront Unified Access Gateway Management console, in the Applications section, click the Add button.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Welcome to the Add Application Wizard page, click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 1 – Select Application page, select the Terminal Services (TS)/Remote Desktop Services (RDS) option. From the drop down box, select RemoteApp. Click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 2 – Configuration Application page, in the Application name text box, enter Remote WordPad. Click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 3 – Select Endpoint Policies page, from the Access policy drop down box, select Always. Click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 4 – Import RemoteApp Programs page, click the Browse button. Navigate to the Desktop and open the WordPadRemoteApp.tspub file. In the UAG SP1 RC Session Host (IP address or FQDN) text box, confirm that it says APP1.corp.contoso.com. Click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 5 – Select Publishing Type page, in the Available RemoteApps section, select WordPad and click the right-pointing double-arrow. This moves the WordPad application to the Published RemoteApps section. Click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step – 6 Configure Client Settings page, accept the default settings and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step – 7 Portal Link page, accept the default settings and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Step 8 – Authorization page, accept the default settings and click Next.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Completing the Add Application Wizard page, click Finish.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click the File menu and click Activate.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the Activate Configuration page, click the Activate button.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click Finish on the Activation completed successfully page.<o:p></o:p></li> </ol> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_6_Test_DirectAccess_SSTP_and_Remote_Desktop_Connectivity_from_CLIENT1"></a><a name="_Toc277586250">STEP 6: Test DirectAccess, SSTP and Remote Desktop Connectivity from CLIENT1</a><o:p></o:p></h2> After the portal configuration is completed, you can test connectivity to resources through the UAG portal. In this step you will confirm DirectAccess and SSTP connectivity, and then test Remote Desktop and RemoteApp connectivity through the portal.<o:p></o:p> Confirm DirectAccess Connectivity to the Corpnet subnet:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">*Move the CLIENT1 computer or virtual machine to the Homenet subnet. Log on to CLIENT1 as CORP\User1. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Open an elevated command prompt. In the command prompt window, enter ping dc1 and press ENTER. You should see four responses from DC1. This indicates that the IPv6 transition technology that connects CLIENT1 to UAG1 is working correctly.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the command prompt window, enter net view <a href="file://dc1/">\\dc1</a> and press ENTER. You should see a list of shares on DC1. This indicates that the infrastructure tunnel is working correctly.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the command prompt window, enter net view <a href="file://app1/">\\app1</a> and press ENTER. You should see a list of shares on APP1. This indicates that the intranet tunnel is working correctly.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">You have demonstrated that DirectAccess connectivity is successful over both the intranet and infrastructure tunnels. Close the command prompt window.<o:p></o:p></li> </ol> Confirm SSTP Connectivity to the Corpnet subnet:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On the CLIENT1 computer or virtual machine, open Internet Explorer. In Internet Explorer, in the address bar, enter <a href="https://uag1.contoso.com/">https://uag1.contoso.com</a> and press ENTER. Click the information bar that informs you that the Website wants to run the following add-on: Microsoft Remote Desktop Services Web Access Con…” from “Microsoft Corporation:… click Run Add-on. In the Internet Explorer – Security Warning dialog box that asks Do you want to run this ActiveX control? click Run.  <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Enter the username and password for CORP\User1 in the Application and Network Access Portal page. If the page times out and you see a message that says The logon process cannot be completed. User credentials were not submitted within the time limit, click the Back link and log on as CORP\User1.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the right pane of the portal page, click SSTP VPN. After you see the balloon in the system notification area that says that network connectivity is started, open an elevated command prompt.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the command prompt window, enter ping APP3 and press ENTER. You should see four responses from the IPv4 address of APP3. This indicates that DirectAccess has been disabled and the IPv4 SSTP connection to the Corpnet subnet is active. Close the elevated command prompt window.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Right click the Remote Network Access icon in the system notification area and click Disconnect remote Network Access command. You will see a balloon in the system notification area that says that the connection is ended. <o:p></o:p></li> </ol> Confirm Remote Desktop Connectivity to the Corpnet subnet:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the right pane of the portal page, click the Predefined Remote Desktop link. If the Message from webpage dialog box appears, click OK. If the Information bar appears saying that the website wants to run Remote Desktop Services ActiveX Client, click the information bar and click Run Add-on. In the Internet Explorer – Security Warning dialog box, click Run.  <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click the Predefined Remote Desktop link in the right pane of the portal page. In the Remote Desktop Connection dialog box, click Connect. In the Windows Security dialog box, enter credentials for CORP\User1. .<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">The Desktop now appears in the RDC client window. Close the RDC window. In the Remote Desktop Connection dialog box, click OK. <o:p></o:p></li> </ol> Confirm RemoteApp Connectivity to the Corpnet subnet:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the right pane of the portal, click the WordPad link. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the RemoteApp dialog box, click Connect.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">In the Document – WordPad window, enter This is a RemoteApp document. Click the Save icon in the Title Bar, and save the document to the desktop with the name My RemoteApp Doc. Close the WordPad window.<o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">Click the Log Off button in the upper right corner of the portal page. Close Internet Explorer.<o:p></o:p></li> </ol> <h2 style="margin: 10pt 0in 0pt;"><a name="STEP_7_Snapshot_the_Configuration"></a><a name="_Toc277586251"></a><a name="_Toc268018645">STEP 7: Snapshot the Configuration</a><o:p></o:p></h2> This completes the UAG SP1 RC DirectAccess with SSTP and Remote Desktop Gateway test lab. To save this configuration so that you can quickly return to a working UAG SP1 RC DirectAccess with SSTP and Remote Desktop Gateway configuration from which you can test other DirectAccess modular TLGs, TLG extensions, or for your own experimentation and learning, do the following:<o:p></o:p> <ol style="margin-top: 0in; list-style-type: decimal;"> <li class="MsoNormal" style="margin: 0in 0in 10pt;">On all physical computers or virtual machines in the test lab, close all windows and then perform a graceful shutdown. <o:p></o:p></li> <li class="MsoNormal" style="margin: 0in 0in 10pt;">If your lab is based on virtual machines, save a snapshot of each virtual machine and name the snapshots TLG UAG DirectAccess SP1RC SSTP+RDG. If your lab uses physical computers, create disk images to save the DirectAccess test lab configuration.<o:p></o:p></li> </ol> <h1 style="margin: 24pt 0in 0pt;"><a name="Additional_Resources"></a><a name="_Toc277586252"></a><a name="_Toc267913054"></a><a name="_Toc267556283">Additional Resources</a><o:p></o:p></h1> For more information on UAG and SSTP, see <a href="http://technet.microsoft.com/en-us/library/dd861404.aspx">Setting up Remote Network Access</a>.<o:p></o:p> For more information on UAG and Remote Desktop Gateway, see <a href="http://technet.microsoft.com/en-us/library/dd861391.aspx">Remote Desktop Services publishing solution guide</a>.<o:p></o:p> For procedures to configure the Base Configuration test lab on which this document is based, see the <a href="http://go.microsoft.com/fwlink/?LinkId=198140">Test Lab Guide: Base Configuration</a>.<o:p></o:p> For procedures to configure UAG SP1 RC DirectAccess on which this document is based, see the <a href="http://go.microsoft.com/fwlink/?LinkId=204993">Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess</a>.<o:p></o:p> For procedures to configure UAG SP1 RC DirectAccess on which this document is based, see <a href="http://www.microsoft.com/downloads/en/details.aspx?FamilyID=ff377cea-2f37-471f-b3e8-2993bc1744ac">Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP)</a>  <o:p></o:p> For a comprehensive list of Test Lab Guides, please see <a href="http://social.technet.microsoft.com/wiki/contents/articles/test-lab-guides.aspx">Test Lab Guides</a>.<o:p></o:p> For a list of UAG DirectAccess related Test Lab Guides, please see <a href="http://social.technet.microsoft.com/wiki/contents/articles/uag-directaccess-test-lab-guide-portal-page.aspx">UAG DirectAccess Test Lab Guide Portal Page</a><o:p></o:p> For the design and configuration of your pilot or production deployment of DirectAccess, see the <a href="http://technet.microsoft.com/en-us/library/ee406191.aspx">Forefront UAG DirectAccess design guide</a> and the <a href="http://technet.microsoft.com/en-us/library/dd857320.aspx">Forefront UAG DirectAccess deployment guide</a>. <o:p></o:p> For information about troubleshooting DirectAccess, see the <a href="http://go.microsoft.com/fwlink/?LinkId=165904">DirectAccess Troubleshooting Guide</a>.<o:p></o:p> For information on troubleshooting UAG DirectAccess in a Test Lab, see <a href="http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=d2e460c8-b4bf-4fda-9f86-ecc4b7add5d1">Test Lab Guide: Troubleshooting UAG DirectAccess</a>. <o:p></o:p> For more information about DirectAccess, see the <a href="http://www.microsoft.com/servers/directaccess.mspx">DirectAccess Getting Started Web page</a> and the <a href="http://technet.microsoft.com/en-us/network/dd420463.aspx">DirectAccess TechNet Web page</a>. ======================================================== Tom Shinder <a href="mailto:tomsh@microsoft.com">tomsh@microsoft.com</a> Knowledge Engineer, Microsoft DAIP iX/Forefront iX  UAG Direct Access/Anywhere Access Group (AAG) The “Edge Man” blog (DA all the time): <a href="http://blogs.technet.com/tomshinder/default.aspx">http://blogs.technet.com/tomshinder/default.aspx</a> Follow me on Twitter: <a href="http://twitter.com/tshinder">http://twitter.com/tshinder</a> Facebook: <a href="http://www.facebook.com/tshinder">http://www.facebook.com/tshinder</a>
Comment
Tags
Please add 2 and 4 and type the answer here:

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Editing: Test Lab Guide: Demonstrate Forefront UAG SP1 RC DirectAccess with Secure Socket Tunneling Protocol (SSTP) and Remote Desktop Gateway (RDG) - Community Edition