Sunday, 20 October 2013

Direct Access Easy Step 4: Configure Remote Access Role

Back to Direct Access main menu

We have added the Remote Access Role and now we must carry out the final configuration.

Open the Remote Access Management Console.

Note that the Microsoft have simplified the configuration by grouping the tasks into steps. We will configure each in turn.

1. Click Edit under Step 1 - Remote Clients

Choose to "Deploy Full Direct Access for client access and remote management".

The wizard has been pre-populated with Domain Computers. Remove this and add the Active Directory Security Group you created earlier.

Uncheck the box "Enable Direct Access for mobile computers only".

2. Click Edit under Step 2 - Remote Access Server

Verify the details

Choose the SSL certificate that you configured earlier.

We are using Active Directory credentials.

Also, see the check box to enable Direct Access support for Windows 7 clients. We will not be enabling this for now.

We will not configure any VPN settings at the moment.

3. Click Edit under Step 3 - Infrastructure Servers

Use a self-signed certificate for the NLS server.

Verify DNS server.

Verify DNS suffixes.

Verify management server.

4. Click Edit under Step 4 - Application Servers

We have nothing to configure here for now.

We are now presented with a Remote Access review. Review all settings before clicking Apply.

 Click Apply to finalise your Remote Access configuration.

Remote Access status now looks good.

See the GPOs automatically created for Remote Access. Both policies are applied to the domain. However the Direct Access server only has the permissions to apply the DirectAccess Server Settings and your AD security group only has the permissions to apply the DirectAccess Client Settings.


  1. Hi Gerry,

    Are you aware of any limitation on Direct access server( load balanced )for managing remote machines through SCCM ?
    currently we use single DA and we manage the remote machines via SCCM and we were told by a vendor if we implement load balanced DA ( 2 servers in HQ and 2 servers in another site) this will result in losing the ability of managing the remote machines via SCCM?


    1. I know that there can be some difficulty depending on your configuration.

  2. Thanks Gerry, I have done some investigation and it seems there are work around for "manage out" issue in load balanced ENV.
    Do you know if the issue accrue in both software NLB i.g windows NLB and Hardware NLB?
    I have seen some work around utilizing F5 loadbanacer? Do you have any design recommendation?

    in your experience what is the best approach to address this issue?