Pop Quiz
Pop Quiz: Windows Server 2012: Configuring Direct Access Infrastructure
Applies to the “Configure Network Servers and Access” objective of Exam 70-417.
Q: A company's administrator needs to deploy certificates for a Windows Server 2012 Direct Access server.
Which of the following certificates is required?
- Server
- IP-HTTPS
- IPSec
- Client
Answer and explanation are below.
Answer is B. The enable DirectAccess Wizard configures an IP-HTTPS certificate on the Remote Access server. Remote Access requires an IP-HTTPS certificate to authenticate IP-HTTPS connections to the Remote Access server.
Quick Tip: DirectAccess clients must be able to resolve the DNS name of the Remote Access server from the Internet. A Host (A or AAAA) record for both the network location server website (this is the name the DirectAccess clients use to connect to the network location server), and the DNS name for the web probe (the name for the default web probe is directaccess-webprobehost).
References:
Bonus Question: Which enforcement methods can be used with Network Access Protection (NAP)? (The answer, of course, will be revealed next time!)
Answer to bonus question from last time: The network requirements for Direct Access are; a server with at least one network adapter installed, enabled, and connected to an internal network, (when two adapters are used, there should be one adapter connected to the internal network, and one connected to an external network (Internet, or private network)), a Remote Access server, If VPN is enabled, a DHCP server is required to allocate IP addresses automatically to VPN clients, if a static address pool is not used, and a DNS server running Windows Server 2012.
About the Author
Andy Barkl, MCT/MCITP/MCSA, A+, Network+, Security+, CCNA has been studying technology for 30 years. Of the last 15 years, he has spent much of his time parting the knowledge and experience he has gained through IT exams, over 300, to help others be prepared and successful. He teaches classes in Phoenix, Ariz. where he has lived most of his life. He can be reached by e-mail at [email protected].