A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Watch out when you enable DNS Scavenging and have a DirectAccess environment

,

So we had recently enabled DNS scavenging for a large environment who also had a DirectAccess server. The next day we were getting help desk calls about remote users not able to connect and those who were in the office unable to use their devices.

One of the cornerstones of DirectAccess is DNS and the Network Location Awareness this provides to the clients. We had to re-create the DNS records for DirectAccess manually on one of their DNS server.

  • directaccess-corpConnectivityHost which includes both A and AAAA records when deployed on IPv4-only networks. Basically the Loopback addresses for both IPv4 and IPv6.
  • directaccess-WebProbeHost this includes only A records and resolves to the IPv4 address assigned to the internal network interface of the DirectAccess server.
  • directaccess-NLS should point to the server hosting the Network Location Service, which should be Highly available.

So when building your DirectAccess infrastructure, always remember to set the DNS entries as Static.

One response to “Watch out when you enable DNS Scavenging and have a DirectAccess environment”

  1. Paul Harrington Avatar
    Paul Harrington

    Perfect! Just what I needed to fix DA after enabling DNS scavenging!

    Reply

Leave a Reply

More Posts

SAML SSO for FortiWeb Admin interface

I was recently engaged with a large health-care provider in deploying a set of FortiWeb VMs to protect a number of web applications. Part of this deployment included setting up Single-Sign on for the admin interface using Microsoft Entra ID (Azure AD). While the process is fairly straightforward it is a little confusing at some […]

Bypassing Anti-Spam on an Exchange 2007/2010 Receive Connector

I was looking at an old Exchange environment that was being used to send bulk mail outs. We noticed every now and again a bunch of e-mails would not be getting sent, trawling through Message Tracking Logs we could see that the messages were failing because of an AGENT FAIL which usually means that there […]

Blank page (auth.owa Http 500) when logging into Outlook Web Access running on Exchange 2010

Recently had to restart a client’s server after running some Windows Updates. A few hours after the restart the client contacted me stating that they couldn’t access their e-mails via the web.  I quickly had a look, the login page presented itself, so I logged in and after clicking Sign in I was presented with […]