Hi All,
I'm currently deploying directaccess 2012 with no Luck on making it work :(.
I have the following Scenario:-
- Internal Domain: Contoso.com .
- Domain Env: Windows Server 2012 with Windows Server 2003. Functional & Domain Level is 2003.
- DA Server: Windows Server 2012 with IIS installed to be used as DirectAccess + VPN + NLS. One Single NIC Interface with a Private IP NATed through Cisco Firewall to Public IP. DNS Settings on the NIC refer only to Windows Server 2012 DC/DNS.
- DNS Records: NLS.Contoso.com refer to IPV4 of the DA Server. Webprobe also refer to IPV4 of the DA Server . DA.ContosoPublic.com created on Local & Public DNS and is Redirecting to IPV4 of the DA Server.
- Certificates: Used AD CA, I Duplicated the Workstation Template and Added Server Authentication to It + AD Publishing + Enrollment Permission and used it to Authenticate Win 7 Machines ( Used GP AutoEnrollment, etc....). I also Duplicated the Web Server Template and made the Private Key Exportable + Enrollment Permission and used this Template to Issue two Certificates one for NLS (CN: NLS.Contoso.com, DNS; NLS.Contoso.com) and one for DA (CN: DA.ContosoPublic.com, DNS; DA.ContosoPublic.com).
- Certificate CRL: I created two Distribution Points. one is http://DA.ContosoPublic.com/CRLD and one is \\NLS.Contoso.com\CRLD Both Refer to the same IIS created in DA Server to the same Virtual Directory Called CRLD.
- DA Setup: i created a Security Group for DA Client. I only allowed Mobile Computers. No Force Tunneling + No Local Name Resolution. IP-HTTPS Certificate is DA.ContosoPublic.com I used Computer Authentication + Allowed Win 7 Clients. NLS Certificate is NLS.Contoso.com and DNS Refer to the DA Server ( Also Tried AD Server ). I used Local Name Reolution If DNS Not Available.
Now when trying to Connect the Client ( Windows 8 ) to External Network and then Typing Get-DAConnectionStatus i get the Following:-
- In the First two Seconds i get RemoteNetworkAuthenticationFailure.
- Then CouldnotContactDirectAccessServer.
- then NameResolutionFailure and that's it.
Do you have any Advise guys? i've been stuck here for couple of days with not answer .
Check out My Blog. http://crm-revolution.blogspot.com/