DirectAccess Client Cannot Establish Tunnels to the DirectAccess Server

This week I noticed some issues with DirectAccess on my Windows 7 client. For some strange reason both Infrastructure and Intranet tunnels are not established. When walking through the Advanced Firewall configuration I noticed that Internet Protocol security (IPsec) tunnel mode security associations (SAs) were not initiated. After some searching if found a post on Forefront forum which describes more or less the same behavior.

Thanks to Jason Jones if found my issue. By verifying the Name Resolution Policy Table (NRPT) configuration using netsh dnsclient show state and noticed that Direct Access Settings is misconfigured. The NRPT is configured using the DirectAccess Setup wizard. You can configure the rules also directly by yourself but take into account these settings are overridden when running the DirectAccess wizard!

Continue reading “DirectAccess Client Cannot Establish Tunnels to the DirectAccess Server”

Microsoft Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 released

Microsoft® Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2) introduces new functionality to Forefront TMG 2010 Standard and Enterprise Editions.

The service pack includes the following new functionality and feature improvements:

New Reports
• The new Site Activity report displays a report showing the data transfer between users and specific websites for any user.

Error Pages
• A new look and feel has been created for error pages.
• Error pages can be more easily customized and can include embedded objects.

Kerberos Authentication
• You can now use Kerberos authentication when you deploy an array using network load balancing (NLB).

To read the release notes, see the Forefront TMG Release Notes (SP2). Before installing this service pack, it is highly recommended that you read the TechNet article Installing Forefront TMG Service Packs. Installing the service pack on Forefront TMG computers in an order other than as described in this article is unsupported.

Microsoft Forefront UAG SP2 can be downloaded here

Windows 7 Deployment Options for Small and Midsize Businesses

Download a printable overview of Windows 7 deployment options for small and midsize organizations that includes the advantages and limitations of each option.

Explore the different options for deploying Windows 7 in a small or midsize organization. This print-ready poster from the Springboard Series for Windows 7 features an overview of each method, details on advantages and limtations, basic requirements, and helpful links to additional tools and guidance. You’ll also find a helpful step-by-step overview of the Windows 7 deployment process.

Download the handy overview in PDF, XPS or VSD here

Troubleshooting DirectAccess – Teredo Server/Relay not healthy #uag

This week I had an issue with my DirectAccess lab environment which is based on the Test Lab Guide scenario “Demonstrate Forefront UAG DirectAccess Network Load Balancing and Array Configuration“. In the DirectAccess Monitor Reports one of the array members was not healthy at the Network Security, Teredo Server and Teredo Relay level.

In the event log I found the following error: Event ID 10114 Source: UAG DA Management. Continue reading “Troubleshooting DirectAccess – Teredo Server/Relay not healthy #uag”

Software Deployment with Windows #Intune Beta July #sysctr

July 11th Microsoft announced the beta of the next there next release of Windows Intune.

Some key new features include:

  • Simplify the task of distributing software and updates – In addition to Microsoft patches and updates, you can now use Windows Intune to deploy third-party applications and updates to your managed PCs.
  • Manage all your software licenses. If you need a better way to manage all your software licenses, look no further. Now you can upload and track Microsoft Retail and OEM licenses and third-party license agreements in addition to Microsoft Volume License agreements.
  • Get better hardware reporting. We’ve made it simple for you to view or create reports on hardware data—including manufacturer, chassis type, available disk space, installed memory, and CPU speed.

In this post I will elaborate on the operation of software distribution, something that many have looked forward to it. I assume a scenario that all your workstations are currently already managed by Windows Intune. Continue reading “Software Deployment with Windows #Intune Beta July #sysctr”

Corrupted Name Resolution Table (NRPT) #DirectAccess

Last week I had some issue’s with connecting to corporate network by DirectAccess. The System Log pointed me tot the following: Event ID: 1023 Source: DNS Client Events. Name resolution policy table has been corrupted.

For some reason, the rules that come from DA GPOs had been duplicated. The originals from GPOs were named as “UAGDA Rule1” to “UAGDA Rule3” and the duplicates were named simply “Rule 1” to “Rule 3”  (HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient\DnsPolicyConfig). Continue reading “Corrupted Name Resolution Table (NRPT) #DirectAccess”

#DirectAccess support for wildcard certificates

As you probably might know Forefront UAG DirectAccess deployment requires a public key infrastructure (PKI) to issue certificates to DirectAccess clients, the Forefront UAG DirectAccess server, and the network location server.

Certifcates used by DirectAccess can be catagorized by:

Continue reading “#DirectAccess support for wildcard certificates”