As you can see in the image below, currently, there is no client connected to our server.
On the client PC, run a command prompt as an administrator and type this command :
Then, restart the computer.
As you can see in the Windows Services list, the "Network Connectivity Assistant" service is running and allows you to connect seamlessly to the DirectAccess server.
The real name of this service is : NcaSvc
If you click on the network icon on the taskbar, you will see that Windows displays 2 connections :
Right-click "Show Connection Properties" on the workspace connection.
As you can see, Windows recognizes that your computer is currently connected locally to your company's network or that you are connected to it via a VPN tunnel.
To test the configuration of your DirectAccess server, we recommend that you use the Windows 8 client because :
To start, you can see the configuration for the DirectAccess client experience using the PowerShell command :
To know the IP-HTTPS configuration of the client PC, use the PowerShell command :
As you can see, the client PC will connect to port 443 (HTTPS) of your DirectAccess server.
On Windows, there is a "nslookup" command to know the IP address associated with a domain name.
However, this command only uses DNS servers, but when you use the DirectAccess technology, domain names are resolved in 2 ways : with DNS servers and through the NRPT table (when necessary).
To get the correct IP address, you will need to use the PowerShell command :
Note : "directaccess" is the NETBIOS name of our DirectAccess server.
To know the NRPT table configured on the DirectAccess server, use the command :
Get-DnsClientNrptPolicy | Select-Object Namespace, DirectAccessDnsServers
To find out the Network Connectivity Status Indicator (NCSI) configuration, use the command :
To know the status of your DirectAccess connection, use the command :
If the client PC is in the company network, the status will be : ConnectedLocally
If the PC is located outside the company's network, the status will be : ConnectedRemotelly
Since DNS propagation can take some time, we have added a line in the "C:\Windows\System32\drivers\etc\hosts" file of Windows 8 so that this PC finds directly the IP address associated with our "directaccess.corp.informatiweb-tuto.net" domain.
Of course, this manipulation will not be necessary in a production environment.
To test the remote access (from outside) to our network, we used the 3G connection of our smartphone.
Indeed, under Android, it's possible to turn your smartphone into a Wifi access point by sharing your 3G connection.
As you can see below, the mobile data (3G connection) are activated and the mobile access point is activated too.
By default, the name of the Wifi network created by our smartphone is : AndroidAP.
To make sure that access to our corporate intranet is done from outside, we have used a WiFi USB key and deactivated the connection to the local network.
Then we connect to our "AndroidAP" Wifi network.
Once connected to this Wifi network, Windows automatically connects to our DirectAccess server (via the "Workplace Connection").
Once connected, open the properties of this connection.
As you can see, Windows detects that we are outside of our network.
Indeed, by default, we have an IP address provided by our ISP (Scarlet).
But, on this Windows 8 PC, we use the 3G connection of our smartphone.
We therefore have an IP address provided by Mobistar (our operator for mobile telephony).
In short, this little trick allows us to place this client PC outside of our network and therefore to test access from outside without leaving our home.
Now, if you reuse the PowerShell commands cited above, you will see that some information will change.
For example, using the "Get-NetIPHttpsState" command, you will see that the IPHTTPS interface is active.
And the command "Get-DAConnectionStatus" will tell you that you are outside the network of your company : ConnectedRemotely.
Since we installed the web interface for our CA, Windows Server also installed the IIS web server.
And as expected, this local site is displayed, even though we are physically outside the corporate network.
Network shares are also seamlessly accessible.
Note that the suffix (the domain name of your Active Directory) is not required to access network resources.
If you return on your DirectAccess server, you will see that there is an active client, including 1 DirectAccess client and 0 VPN client.
Click on the "Remote Client Status page" link at the bottom.
As you can see below, our Windows 8 PC is connected to DirectAccess via the IPHttps protocol/tunnel.
In addition, it's also indicated at the bottom that its authentication is done with machine certificate, Ntlm and Kerberos authentication.
Windows Server 10/15/2017
Windows Server 10/3/2017
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2020 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.