Let’s face it – DirectAccess was not designed for ease of use. Anyone who’s had a chance to wrestle with configuring DirectAccess, even in a test lab, quickly learns that getting it to work in a production environment is not going to be the average admin.
There are a thousand ways you can get your configuration wrong. Put on top of that the fact that most IT admins are not expert with IPv6 – and the fact that many organizations are revisiting plans to moving to IPv6 since the benefits don’t seem to outweigh the gains, it starts to make DirectAccess seem like something you don’t want to put on your to-do list real soon.
Whether Microsoft could have done it better or make it easier is moot – that horse is out of the barn. But one thing you can do it use UAG to make it much, much easier to deploy DirectAccess.
In this article by Meir Mendelovich, he goes through some technologies that might be new to you – namely NAT64 and DNS64. I know that I never heard of them before looking at UAG and DirectAccess.
Check out Meir’s article here:
HTH,
Tom
Thomas W Shinder, M.D., MCSE
Sr. Consultant / Technical Writer
Prowess Consulting www.prowessconsulting.com
PROWESS CONSULTING | Microsoft Forefront Security Specialist
Email: [email protected]
MVP — Forefront Edge Security (ISA/TMG/IAG)
The domain I use to detect the DNS server come back with an address that do not validate. But my operation status are all green. The da client troubleshooter I ran on the client have 2 errors:
1. cannot connect to domain sysvol share.
2. cannot connect to http://directaccess-webprobehost.bcclsp.org
How is that relate the DNS64 service. How Can I fix this ?