Doesn't DirectAccess require everything to be ipv6?
We want to do Remote Access as well but the RDS Web Access component in Server 2008 R2 is awful from an end-user perspective especially on XP SP3 clients... needs 2-3 updates \ patches and MS still expect people to log in with DOMAIN\username format... user friendly much?
No... it needs ipv6 to function, but it doesn't require you to go purely ipv6 on your internal network.
Has anyone implemented a citrix solution? How much did it roughly cost? Thanks
tj2419 (31st January 2012)
Bit pointless as a Remote Access solution for non-domain computers then... how many staff are using Enterprise or Ultimate... although I guess MS would argue that's not the usage scenario they've designed it for but even so...one or more DirectAccess servers running Windows Server 2008 R2 with two network adapters: one that is connected directly to the Internet, and a second that is connected to the intranet.
on the DirectAccess server, at least two consecutive, public IPv4 addresses assigned to the network adapter that is connected to the Internet.
DirectAccess clients running Windows 7 (Ultimate and Enterprise editions only).
at least one domain controller and Domain Name System (DNS) server running Windows Server 2008 SP2 or Windows Server 2008 R2.
public key infrastructure (PKI) to issue computer certificates.
We had VPN, then couldn't get it to work through the new CISCO setup, so have been using Logmein, now with the free iphone app as per LogMeIn provides a FREE App for iPhone and iPad
chazzy2501 - Regarding the NAT limitation, I've just seen this posted on Capita's Supportnet forum, i've asked for more info, so can report back if i hear anything:
It does read quite like spam, but removed school name in case they don't want to be identified.Here at xxxyyy School we are the only school in the world to have Sims at home via DirectAccess and we would like to share our knowledge with you.
The reason this is so spectacular is that we are behind a NAT. According to Microsoft and everyone else on the internet it is impossible to have DirectAccess working behind a NAT but we have figured it out.
We have also integrated offline files with the laptops so users work is instantly backed up here at work when they are working from home.
We can also filter the internet when the user is at home as well.
And all this happens without the user having to press a button. As soon as the laptop is on they are automatically connected to our school and will receive all new GPO’s snd all network programs. It really is a work computer at home.
If you would like to find out more please don’t hesitate to contact us.
- IE only browser support (quelle surprise)
- login to https://yourdomain/rdweb
- have to enter DOMAIN\username format credentials, completely different to OWA where they only need to enter their standard network username (I've edited the login page to add the DOMAIN part)
- on XP SP3 the ActiveX control is often disabled by the OS so you need a Microsoft FixIt tool to enable it via registry
- user then sees a list of RemoteApps displayed along with the Remote Desktop icon for a direct session - great
- but when loading a RemoteApp you get a warning box about the publisher (even with SSL all sorted out) that you have to dismiss
- if loading the Remote Desktop session you get prompted for credentials a second time (at least in 7 it remembers the username but not with XP). Hotfix is available for 7 but again it's another patch to install.
If using XP SP3 clients you have to make sure they have RDC 7.0 installed or WebSSO doesn't work and RemoteApp asks for credentials a 2nd time. I also found unless CredSSP is enabled it can be a bit flaky (patch + reboot required)
If yours works more smoothly I'd love to know how as MS haven't made any suggestions to fix any of the above on Technet
Just noticed you mentioned Server 2003, think it's a different setup on there from what I remember...
Last edited by gshaw; 31st January 2012 at 12:23 PM.
We use SSL explorer. All you need is a web browser & Java. It then creates a tunnel to our RDC server.
All users have access to this with their school username & password. Staff have an extra PIN code that they need to enter first.
It's a fantastic system as the user needs to do virtually no configuration at their end, no agents to install, no setting up VPN tunnels etc.
We didn't see the point in limiting it to just Staff, All users have valid use cases for it. Students without Office or other software packages can do school work from home without spending £££.
The annoying thing tho, is that SSL explorer is no more. It was bought out by Barracuda Networks who turned it into a piece of hardware kit that costs a fair whack to buy It's something we'll have to get at some point as SSL explorer starts not working with newer OS's
Yup the Server 2003 one looks to work a lot better, not sure what the design team were smoking with the 2008 setup... login in order to login again?
Not sure if the 2003 version is as secure though (is there SSL etc?)
Last edited by gshaw; 31st January 2012 at 01:23 PM.
Yes i have made DirectAccess work behind a NAT at Gillingham school. I am the only person to have achived this and took over 8 months of work. You will need to contact me direct with your email address if you want to know how to do it.
Im not convinced that Direct Access is as seamless or as simple as M$ would have us belive and the backend setup is hardly Plug and Pray is it...
There are currently 1 users browsing this thread. (0 members and 1 guests)