Testing DirectAccess
To test the DirectAccess
functionality, the WS3 computer will be added to the DirectAccessClients
computer group. This applies the DirectAccess client group policies.
To add CLIENT1 to the
DirectAccess client computers security group, complete the following
steps:
1. | On the
DC1 domain controller, launch Server Manager.
|
2. | Expand Roles, Active Directory Domain Services, Active
Directory Users and Computers, the domain companyabc.com, and select the
container Users.
|
3. | Right-click
the group DirectAccessClients and select Properties.
|
4. | Select the Members tab, and then click the Add button.
|
5. | In the Select Users, Contacts, Computers, or Groups
dialog box, click Object Types, check Computers, and click OK.
|
6. | Under Enter the Object Names to Select (Examples), type
WS3, and click OK.
|
7. | Click OK to save.
|
8. | Restart the WS3 computer to have the changes take
effect.
|
The DirectAccess group
policies will now be in effect on the WS3 computer.
You might need to run gpupdate.exe on the DirectAccess server DA1 to get the group
policies to take effect on it.
On all the internal
servers, the commands net stop iphlpsvc and net start
iphlpsvc will need to be run to restart the IP
Helper service and have the new ISATAP configuration be recognized.
This includes DC1, SERVER1, and DA1. When the IP Helper service starts,
the systems will resolve the isatap.companyabc.com DNS entry installed
by the DirectAccess setup and will enable their ISATAP interfaces.
Note
Of course, many
administrators will simply reboot all the systems, which will have the
same effect as restarting the IP Helper service and applying group
policies.
Following the configuration and
the restart of the IP Helper service on all the components, the IPv6
network should be fully functional. All systems should be able to reach
each other using the IPv6 addresses as well as the IPv4 addresses. If
there is a problem with the IPv6 access, DirectAccess will not function.
Note
The ping.exe tool can
be used to verify that IPv6 is working. The -6
option forces ping to use IPv6. The -4
option forces ping to use IPv4. The command to ping a computer DC1 using
IPv6 is ping dc1.companyabc.com -6. The command to ping a computer DC1 using IPv4 is ping
dc1.companyabc.com -4. Each computer
should be successfully pinged with both commands. This can be a very
useful technique when troubleshooting DirectAccess and IPv6.
As shown in the arrows in Figure 10, we will test (A) the connection to the
internal network, (B) the connection to the public network, and,
finally, (C) the connection to the home network.
For Test A, the
connection to the internal network, execute the following steps:
1. | Connect
the DirectAccess client WS3 to the internal network.
|
2. | Select Start, enter cmd, and press Enter.
|
3. | At the command prompt, enter ipconfig and
press Enter. Figure 11 shows that WS3 has been assigned an IPv4 address
(192.168.3.102) on the internal network and that an ISATAP address has
been automatically generated in the ISATAP tunnel adapter.
|
4. | Launch
Explorer and access a share on the application server to demonstrate
access.
|
This demonstrates that WS3
is connected to the internal network and is able to access resources
and that the IPv6 transitional technologies are working internally,
specifically ISATAP.
For Test B, the
connection to the public network, execute the following steps:
1. | Connect
the DirectAccess client WS3 to the public network.
|
2. | Select Start, enter cmd, and press Enter.
|
3. | At the command prompt, enter ipconfig and
press Enter. Figure 12 shows that WS3 has been assigned an IPv4 address
(12.155.166.101) on the public network and that a 6to4 address has been
automatically generated with the 6to4 2002: prefix in the 6to4 tunnel
adapter.
|
4. | Launch
Explorer and access a share on the application server to demonstrate
access.
|
This demonstrates that WS3
is connected to the public network and is able to access resources and
that the IPv6 transitional technologies are working publicly,
specifically 6to4.
For Test C, the connection
to the home network, execute the following steps:
1. | Connect
the DirectAccess client WS3 to the home network.
|
2. | Select Start, enter cmd, and press Enter.
|
3. | At the command prompt, enter ipconfig and
press Enter. Figure 13 shows that WS3 has been assigned an IPv4 address
(192.168.137.147) on the home network and that a Teredo address has been
automatically generated with the Teredo 2001: prefix in the Teredo
tunnel adapter.
|
4. | Launch
Explorer and access a share on the application server to demonstrate
access.
|
This demonstrates that WS3
is connected to the home network and is able to access resources and
that the IPv6 transitional technologies are working publicly,
specifically Teredo.
In the course of the testing, no
additional configuration was needed, no logon credentials needed to be
supplied, and resources were transparently available. This is the
seamless nature of DirectAccess, which completely hides the connection
complexity from the end user.
