UAG DirectAccess: Configuring Prerequisites

Author by Shannon Fritz

UPDATE: My guide for Configuring DirectAccess with UAG Service Pack 1 has been released! Read it here.
When trying to set up DirectAccess on a Forefront Unified Access Gateway 2010 server (UAG) you are supposed to get a nice wizard that walks you through the several steps required to get DirectAccess up and running.  But sometimes when you opened the UAG console and selected DirectAccess for the first time you might instead be presented with a puzzling error message.  For example, this one that says you needed to configure an IPv4 or IPv6 address on the internal network interface. [caption id="attachment_1169" align="alignnone" width="515" caption="The following pre-requisites have not been met for DirectAccess deployment. The UAG DirectAccess server requires and IPv4 or IPv6 address in the internal-facing interface."][/caption] When I encountered this error message I certainly had an IPv4 address configured and there was no IPv6 infrastructure to be configured for, so the error was particularly frustraiting because it didn't tell me what really needed to be fixed.  Some immediate troubleshooting steps included selecting "Network Interfaces" from the Admin menu which starts another wizard that'll walk you through selecting the correct adapter for the Internal and External facing network interfaces. On the third page of this wizard is where you set the Internal Network IP Address Range, and this is where my problem was. Initially I had just a large subnet set here that covered all of my IP ranges, but that was just me being lazy, and it ended up bitting me in the butt. Here's a screenshot of the wizard pages. Some networks have several subnets (usually VLANs) and I didn't want to manually type in every IP range into this wizard. What do I do? Well, first of all, before running through this wizard you should have configured the IP addresses of both of your UAG server NICs. This includes setting up the static routes for all of your subnets on your internal interface.  You can use the TMG console to more easily import these networks /routes from the adapter settings, and UAG then uses that same list.  It saves you the trouble of manually typing everything and eliminates the risk of human error (however unlinky that may be, wink wink). So how do you do that?  First, open up the TMG console and then (1) select Networking from the left column.  Then (2) right click Internal and select Properties.  Now (3) select the Addresses tab and click Add Adapter.  From here (4) check the box for your Internal NIC (Note: You should have renamed "Local Area Connection" from the control panel already to make this easier to identify) and (5) click OK a couple times to add all networks that are associated with that NIC to TMG's "interneal network", and thereby UAG as well. Now you should be able to close TMG and open the UAG console, only this time when you select DirectAccess you'll see the configuration wizard. At last, you can actually begin configuring DirectAccess.
Next Step:
Index 1. IP Addressing the UAG Server 2. Unified Access Gateway Installation & Updates 3. Firewall and DNS Considerations 4. Certificates, Groups and Client Requirements 5. Configure other Prerequisites for UAG 6. Configuration Wizard: Clients 7. Configuration Wizard: DirectAccess Server 8. Network Location Server (NLS IIS site) 9. Configuration Wizard: Infrastructure Servers 10. Configuration Wizard: Application Servers 11. Generate and Activate Policies 12. DirectAccess Connectivity Assistant 13. What won’t work over DirectAccess
Author

Shannon Fritz

Infrastructure Architect & Server Team Lead