Step-By-Step: Setting Up DirectAccess

DirectAccess, introduced by Microsoft during the release of Windows 7 and Windows 2008 R2 acts as an always-on connection from remote location to local network. This enables remote clients to automatically connect to the local network and ensure the connection will reestablish itself should the connection drop. This feature is works based on IPsec and IPv6. So if your network is not yet move in to IPv6 you need to use transition mechanism such as Trendo, 6to4 etc to use it along with IPv4. This post will take you through the steps of enabling DirectAccess.

Prerequisites

1. An Active Directory domain environment at a Windows Server 2008 R2 domain functional level at minimum
    
2. The server enabling the DirectAccess server role must be added to the domain
    
3. DirectAccess clients must be running Windows 7 Enterprise, Ultimate versions or higher
    
4. The DirectAccess server must be accessible via a public IP address
    
5. If network is not running with IPv6, transitioning technologies such as 6to4, Teredo, ISATAP will be required
    
6. PKI (public key infrastructure) is required to issue certificates for devices authentication. The DirectAccess enabled server must have SSL installed and must contain valid FQDN which can be access from internet

Step 1: Adding the DirectAccess role to the designated server

1. Log on to the designated server as member of domain administrator or enterprise administrator security group
    
2. Navigate to Server Manager > Add Roles and Features
    
   
    
3. Once the wizard opens, click next to continue
    
   
    
4. Select option “role-based or feature-based installation” and click next
    
   
    
5. From the server selection I keep the default and click next
    
   
    
6. From the server roles list, put tick box on “Remote Access” option and click next
    
   
    
7. From the features list keep default and click next
    
   
    
8. In next window it gives explanation about  remote access role and click next to continue
    
   
    
9. On role service list click on “DirectAccess and VPN (RAS) ” option to select. Then it will prompt to add related features. Click add feature to add them
    
   
    
10. If the deployment also need routing services make sure to add “Routing” option too. Then click next to continue
     
    
     
11. Click next to continue when the process displays a description about web server role
     
12. For IIS role services keep default and click next to continue
     
13. At the confirmation about roles and features screen, click install to continue
     
    
     
14. Wait for the installation to complete
     
    
     
15. After it is completed close the console to exit from the wizard
     

Step 2: Configuring the DirectAccess service

1. Navigate to Server Manager > Tools > Remote Access Management
    
   
    
2. Then it will load the mmc and from there select DirectAccess and VPN and configuration section in left hand panel
    
3. To run the wizard click on the option from Remote access mmc
    
   
    
4. From the console select option Deploy DirectAccess Only
    
   
    
5. Then in next window it shows 4 main steps to complete the configuration. In some setups all 4 options will not apply. For example some time remote access server role will holds by the infrastructure or the application server
    
   

Further details regarding this will be made available in a future post.