DirectAccess Windows 2012 High availability NLB Cluster

Windows Server | DirectAccess | Remote Access | VPN

DirectAccess is a feature in the Windows 7 , Windows Server 2008 R2 and Windows Server 2012 operating systems that gives users the experience of being seamlessly connected to their corporate network any time they have Internet access.

With DirectAccess, users are able to access corporate resources (such as e-mail servers, shared folders, or intranet web sites) following common security standards, anytime they have an internet connection.

The new thing here is that in windows 2012 you can use a single nic.

In my previous blog I showed the configuration but now I want to NLB the DirectAccess Server.

clip_image002 again my basic setup is here just on one server configured and the second node is stand by. Keep in mind Remote access must be installed on both machines and the NLB option must be installed.

image In the configuration menu you can choose enable load balancing.

 

clip_image004 clip_image006

The wizard shows me that I can choose Windows NLB or a hardware NLB solution.

Yes Ill take the WNLB. and as you can see you don’t need to setup UAG and NLB this and then direct access no go strait to the Remote access console and do your thing.

In this case I use an Edge directaccess option.

image

Fill in the IPv4 address that will be used as the external VIP by the Network Load Balancing feature. this address must be on the same IP subnet that dedicated external address of Windows 2012 servers.

image The Internal IP is just as you do a internal NLB option.

now that the NLB is ready just on one node

image We can add a second node to the NLB farm and have our DirectAccess highly available

To add the Second node just do add or remove node.

image On firewalls or other products that has multiple NIC’s I make sure that the naming is correct nic name = internet has internet access . or red or green but don’t leave this default now I can easy see what nic I need.

imageimage 

Just to remember If you use a self signed certificate you can’t use NLB so a root CA must be in place.

image after the commit my NLB is in place an overview is there with the NLB servers in it.

image

 

there are more PowerShell options that you can use.

Get-RemoteAccessHealth –cluster

Get-DAserver

more on Direct Access

Or on powershell

Direct Access Client Cmdlets in Windows PowerShell

  • Tag