Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Windows Server Direct Access

No media available

This session was not recorded or the recording is not available. Sorry for the inconvenience

+My schedule - My schedule
Pre-Conference Seminars require an additional registration fee. If you have not pre-registered for a Pre-Con, please visit TechEd North America Registration to add this to your registration record.

Any time a user connects to the Internet with DirectAccess they are seamlessly connected to the corporate intranet. There is no need for the user to initiate a VPN connection, the user experiences the same connectivity regardless of whether they are connected to the intranet or Internet. DirectAccess was first introduced in Windows Server 2008 R2; however its implementation presented a number of challenges for administrators and to provide an enterprise ready solution inevitably required the use of Forefront Unified Access Gateway (UAG). Windows Server 2012 now includes an enhanced full feature solution for DirectAccess including load balancing, multisite, multidomain and IPv4 support via the inclusion of DNS64 and NAT64. There is even a 3-click wizard to deploy a fully functioning DirectAccess solution for SMBs. This implementation removes the need for PKI and can be configured on a single network card behind NAT. While the Wizard masks the complexities of the technologies involved, a thorough understanding of DirectAccess is required to troubleshoot and build enterprise solutions. John Craddock has worked extensively in the challenging environment of DirectAccess with Windows Server 2008 R2 and UAG. Windows Server 2012 allows the implementation of quicker and more compelling solutions. Come to this pre-con and learn how to deploy and troubleshoot Windows Server 2012 DirectAccess, and realize all the benefits that the Windows Server 2012 implementation has to offer. An IPv6 primer is included to provide you with sufficient knowledge to fully support your DirectAccess implementation. Comprehensive demos accelerate your learning.
For more information, check out this course on Microsoft Virtual Academy:

Follow the discussion

  • Oops, something didn't work.

    Getting subscription
    Subscribe to this conversation
  • I don't know much about IPv6 and I know this is a big part of Direct Access - will I be OK with the session

  • Forgot to ask, will it cover NAP and Direct Access integration? 

  • Will it cover 2FA

  • @BradAgain: Hi Brad, I will be covering 2FA directly and with NAP intergration

  • @NetworkingGuy:Yes NAP integration with Direct Access will be covered.

  • @NetworkingGuy:

    The approach that I am taking with this precon is to discover the use of IPv6 as we go through Direct Access. For example I will start with a demo of using the 3-Click Wizard to get  DA up and running in it's simplest form. We'll then do a ping from the external client to one of the intranet servers and see the use of an IPv6 address. At this point you will learn about the IPv6 address format and types. We will then delve into the transition technologies, 6to4, IPHTTPS etc. By the time you leave the sessions you will have learned a lot about IPv6.

    I see this session as not only learning about deploying Direct Access but also learning the key elements of IPv6. And you'll also learn about certificates, NAP and a lot more...

    I hope that helps, If you want to know anything else just let me know.


  • If you have any questions about the precon - please ask away

    You can never ask a silly question, you can only get a silly reply! I'll try and give you a sensible reply  Angel

  • Many thanks for the replies John. I think you approach looks very interesting - I look forward to it

  • enspositoensposito Woohoo!

    Can Win 7 and Mac clients connect to Win 2012 server using direct access?

  • Doug KinzingerDoug_​Kinzinger Avid Microsoft product expert and all-around good guy.

    I'm guessing IPv6 all the way is still required, yes?

  • James SmithJames Smith

    Will this cover a similar capability to Reverse Proxy Web Publishing currently available in UAG 2010 ?

  • @ensposito:Hi, Windows Server 2012 allows Direct Access to be deployed in a single tunnel mode and through the use of a Kerberos proxy the clients authenticate to the tunnel endpoints using Kerberos Tokens. This will only work with Windows 8 clients.

    To support Windows 7 clients the two tunnel mode is deployed. This is also required for OTP, NAP etc. In the precon we will cover all options.

    I am not aware of a MAC DA client, but there may be one I haven't seen. However the DirectAccess server now supports a unified remote access role that allows you to deploy DA and a VPN server together.

  • @douglaskinzinger:Hi Douglas, All client apps need to communicate over the IPv6 stack, so the client connects to the DA server using IPv6 natively or using a transition mechanism (IPv6 over IPv4), such as 6to4, Teredo or IPHTTPS. The DA server now includes NAT64 and DNS64 so your corporate network can remain IPv4 only. Having said that if you want to manage out, the management server/client must talk IPv6 either natively or through ISATAP.

    We will go through all the options in the precon.



  • @James Smith:Hi James, The precon will not cover reverse proxy publishing. It is focused on providing DA capabilities. Of course with DA a DA client can connect to all corporate resource or you could limit access through the use of end-to-end IPsec.

  • I just receive a question on the TechEd Europe website and thought it might be useful to include it here:

    "John, to what extent will this be targetted just at Enterprise leve installations?  It'd be useful to have an element of the focussing on what modestly sized organisations who do not have 16 full 42U racks of servers (!) might be able to do to use DA effectively in their businesses (and by extension, how enterprises might implement on a more modest basis)"

    @pjbryant:Hi PJ, The precon will show how DA works and how you configure it irrespective of organizational size. I am starting the day with using the 3-click wizard, from that we will go through and understand all of the technologies involved. We will then progress to the two tunnel mode necessary to support Windows 7 clients and other features. 

    The idea is that you will come away from the day with a good understanding of DA and with that knowledge be able to deploy an installation regardless of size. Towards the end of the day I will be covering the enterprise features of OTP, NAP and multisite deployments etc, but the main focus is to really understand how it all works.

    I hope that helps - please let me know if you need any more information.


  • John, what's your view on the use of 6to4 for DA clients?

  • @ipv6girl:

    Hi IPv6Girl, Great question! The quick answer is don't use it.

    6to4, is an IPv6 transition mechanism that is used to transport IPv6 over the IPv4 Internet. When the client has a public IPv4 address, the 6to4 interface on the client is automatically assigned an IPv6 addressed based on the client's unique IPv4 address.

    If the client receives a public IPv4 address when it is not actually directly connected to the Internet and the network doesn't allow IP protocol 41 to be routed to the destination, 6to4 will fail. Examples of where problems occur are mobile phone networks and locations that assign public IPs which route onto the Internet through NAT and firewalls.

    Combine these problems with the fact that 6to4 cannot be used in multisite deployments because of asymmetrical routing issues and you will see why I said don't use it.

    DirectAccess client connections should be supported by the transition mechanisms Teredo and IPHTTPS. The best thing to do is to sign up for the precon where I will go into all the details Big Smile. We will need to understand 6to4 addressing as the DA server derives addresses and prefixes from the 6to4 address of the server's external interface.



  • Looking forward to this session as I was almost ready to utilize UAG for Direct Access.  Doing some research on my own and talking with management, I was able to persuade them to hold off and focus on Server 2010 with Direct Access.  I have knowledge gaps to fill in this section but it will be a great way to start the conference!

  • I'd be interested in hw based load balancing (i.e. F5 and DA 2012)

  • Hi John

    DA2012 looks to be a huge improvement over DA with UAG on server 2008.  Can you confirm that we were wise in our company to wait for 2012 before rolling DA to our users?

    I will be at the Precon for DA. 


  • Jason R.


    from my experience its 10 fold much nicer in server 2012 and I would if you don't need UAG.


    I am here as well, and in the seminar if you want to chat.



  • John


    Windows Phone 8 support for DA coming?

  • Currently attending your session and attempted to look at the slides via the tinyurl.  It appears that the slides were not uploaded successfully and some repeat.  If possible could you please take a look and see if this is on your end or a problem with how I was attempting to review the slides.  Many Thanks!

  • @CSVvalentinis


    I was able to look at them just fine, I have them up on my surface now,


  • @Reinhartjason:Hi if you are still having problems let me know. Seems to be OK for me


  • Thank you all for coming and being such a great audience. Please don't forget to evaluate the session!


  • I was registered for this pre-con seminar, however my travel plans got changed last minute and I had to come down to NO on Monday AM.  Is there any way I can still get this seminar (was it recorded) or are the slides available for those of us that registered for a pre-con seminar?

  • I just got an email from "Precon Deanna Schuler" wanting to share some files with me regarding this course. Is this legit? In case it wasn't, I tried the skydrive.live.com link in the message on an isolated system and it says the files have been removed.

  • Richard HicksRichard Hicks

    For those interested, many of the questions on this thread can be answered by viewing my Windows Server 2012 DirectAccess breakout session here:



Remove this comment

Remove this thread


Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.