I am trying to implement a Windows Server 2012 DirectAccess and have a few questions regarding this.
I am trying to install a DA server behind a NAT and with two network adapters (one in DMZ and one on internal network). I use PKI and need Windows 7 client support.
The questions are:
- Deployment guide
- Does anyone know where to find a Windows Server 2012 DirectAccess deployment guide?
- The only thing I can find is this from Microsoft.http://technet.microsoft.com/en-us/library/hh831416.aspx. In the bottom of the page there is a link for deployment, but it only takes me back to the same page as the link is on. MS also have some guides for specific DA test labs, but they are very specific.
- I can find a few blogs describing how to deploy DirectAccess in different scenarios but again they are very specific.
- ISATAP
- When installing DirectAccess in Windows Server 2008 R2 the DA server would be configured as an ISATAP router. When installing Windows Server 2012 DirectAccess the DA server is not configured as an ISATAP server. I think that is because of the DNA6to4 and DNS6to4 is now supported in native 2012 DA. Is that correct that the DA server should not be configured as an ISATAP server?
- As far as I can figure out (MS wrote it herehttp://technet.microsoft.com/en-us/library/hh831416.aspx) ISATAP or native IPV6 internally is needed to be able to manage-out. Is that correct?
I have a nearly functional DA setup now. I can ping the DNS server and the DA server on the IPV6 addresses (from a client) but I have no DNS resolution for the other internal servers.
Any ideas what I am missing?
Thomas Forsmark Soerensen