UAG SP1 DirectAccess: Apply and Activate

Author by Shannon Fritz

After running through all the configuration wizards for DirectAccess there are two steps to putting it all into play. First Apply the Policies and finally Activate the Configuration. Both are necessary steps to complete the deployment of your UAG DA server, but what do they do?

Apply Policies

This will trigger the generation and execution of a powershell script that will create the Active Directory Group Policies that reflects the settings you've defined in the various wizards. It links them to the correct OU's and sets the appropriate security group filtering and let's you know if it went well or not. Note: This used to be called "Generate Policies" in RTM. Once the Group Polices are in place, servers and client computers can get the new settings, but there is one more thing to do...

Activate Configuration

The UAG server must have it's Configuration "Activated" to start using the settings you've defined that are not part of Group Policy. If you decided to create a high availability solution with multiple UAG servers this step also would pass the configuration around to other array members so you would not be required to identically configure the other servers manually. You will be prompted to back up the configuration, just like when you initially ran activation. When you're all done, click finish and you are ready to test your DirectAccess client machines.

A Quick Client Test

If you have the option, I would create a Virtual Machine with windows 7 Enterprise and give it two network adapters, one on the Corpnet, one on the same internet connection as the UAG server with it's own a public IP. Disable the internet nic and test connectivity and process group policy. Then disable the corpnet nic and enable the internet nic. You should still be able to access the Internet and Corporate resources, but now you'r using DirectAccess to reach it over the 6TO4 IPSec tunnel. If it's not working then you'll should deploy the Connectivity Assistant as a starting point for troubleshooting.  

Shannon Fritz

Infrastructure Architect & Server Team Lead