Comprehensive Guide for Installing and Configuring DirectAccess on Windows Server

Step 1: Install the Remote Access Management Role

Begin by adding the Remote Access Management role to get access to the necessary tools for DirectAccess.

• Open Server Manager.
• Select “Add roles and features” from the Configure Server section.
• Proceed through the wizard by clicking “Next”.
• Opt for Role-based or feature-based installation and continue.
• Choose your server from the pool and hit “Next”.
• Skip the Server Roles section again by selecting “Next”.
• Ensure that Remote Access Management Tools and all related options are checked.

Pro Tip: After installing, verify that the role is properly configured through the Server Manager dashboard.

Step 2: Assign a Static IP Address

An essential step is configuring a static IP address for the DirectAccess server.

• In Server Manager, go to Local Server and click on the Ethernet link.
• Right-click on your network adapter, select Properties.
• Choose Internet Protocol Version 4 (TCP/IPv4), then click Properties.
• Select “Use the following IP address” and “Use the following DNS server addresses”.
• Enter the server’s designated static IP address in the DNS section.
• Click “OK” to apply the changes.

Pro Tip: Make sure your static IP is within the correct subnet for the network configuration.

Step 3: Establish a Security Group and Manage Permissions

Create a security group for the DirectAccess clients and ensure appropriate permission settings.

• Launch Server Manager.
• Navigate via Tools to Active Directory Users and Computers.
• Expand the server name, proceed to Users, right-click, and select New > Group.
• Name your group, retain default settings, and click “OK”.

Next, grant full permissions for authenticated users:

• Go back to Server Manager, navigate to Tools > Certification Authority.
• Right-click on Certificate Templates, then Manage.
• Find the Web Server template and right-click to access Properties.
• Grant access to necessary users by checking the “Full Control” box and pressing “OK”.
• Execute Restart-Service certsvc in an elevated PowerShell prompt.

Pro Tip: Regularly review permissions to ensure the security of the DirectAccess setup.

Step 4: Configure the DirectAccess-NLS A Record

It’s essential to set up a host A record for the Network Location Server (NLS).

• In Server Manager, navigate to Tools > DNS Manager.
• Right-click your local domain and opt for New Host (A or AAAA).
• Input “DirectAccess-NLS” as the name and the server’s IP address.
• Select “Add Host” and confirm the action.

Pro Tip: You can check the DNS record using the command prompt to ensure it has been registered correctly.

Step 5: Activating DirectAccess

Finally, enable DirectAccess via the Remote Access Management tool with these steps:

• Open Server Manager and navigate to Tools > Remote Access Management.
• Proceed despite any error warnings, and go to the Configuration tab.
• Select “Enable DirectAccess”.
• The Enable DirectAccess Wizard will launch; press “Next”.
• Click “Add”, then “Advanced”, and select “Find Now”.
• Choose the Direct Access Computers group and confirm.
• Select “Enable DirectAccess for mobile computers only” and advance.
• Choose “Behind an edge device” (with a single network adapter) and proceed.
• Follow prompts until completion and click “Finish”.

Finally, check the Dashboard for Configuration Status. Refresh as required until all indicators are green, except one which can be noted but disregarded.

What are the prerequisites for DirectAccess?

Can I access DirectAccess from any Internet connection?