Its quite often that many corporations acquire a new company or merge with another company with different domain name, subnets................etc. DirectAccess clients in one company cannot reach or ping the different resources, servers, routers..........etc in the other side (acquired/partner company). This can be solved by modifying your DNS infrastructure and UAG DirectAccess Settings as per the following steps:
- Configure the UAG server to have an IPV4 route to the new acquired network(s).
- Make sure that the new acquired Network(s) are added to the UAG internal Networks. This can be done from the UAG Admin Menu – Network Interfaces – Define Internal network IP address range.
- The DNS servers used by the UAG and DirectAccess clients should be configured to resolve the acquired/Partner Domain either by having their DNS zone or by using conditional Forwarders.
- Configure your DirectAccess clients to use a DNS suffix search list. This list should include their current original company domain and the newly acquired domain. You may want to test it manually to ensure its working however its preferred to be done on the UAG DirectAcccess clients OU using Group policy as per attached.
- Microsoft UAG need to be configured to ensure that the client’s NRPT (Name Resolution Policy Table) instructs the client to contact UAG for name resolution of the acquired domain. This will be done from the DirectAccess UAG configuration Step 3 (Infrastructure Servers – DNS Suffixes) as shown below
- Apply the new config/policy and Activate the UAG.
- Finally run gpupdate /force on the client to refresh the client group policy. To ensure that the policy is updated on the DirectAccess client you can run the “netsh namespace show pol”.
0 comments:
Post a Comment