question

mksadique avatar image
0 Votes"
mksadique asked mksadique answered

Changing DirectAccess Internal/External IP addresses - Client GPO Settings impact

We need to change internal and external (NATed) IP addresses of our DirectAccess server. Need to because we are retiring some old VLANs. We have a two adapter config; Internal and External - External is a NAT address behind a firewall with a public IP/hostname for DA IP-HTTPS connection.

Our clients are remote windows 10 laptops (just over 200 or so) that use IP-HTTPS (public FQDN, resolvable through public DNS) to connect to our DA. They are domain-joined and use computer authentication and user authentication with our DA.

Our concern (and question):

In DirectAccess Client Settings GPO we noticed that under Connection Security Settings > Rules > "DirectAccess Policy-ClientToNlaExempt" > EndPoint 2 , there are references to old IPv4 addresses (NATed internal and external) of the DA. For example:

fd2c:xxx:xxx:xxx::xxx:xxxx, fd2c:xxx:xxxx:1:0:xxx:10.50.xx.xxx, fd2c:xx:xxx:xxxx::xxx:xxxx, fd2c:xx:xxx:1:0:xxxx:10.50.xx.xxx, fd2c:xxx:xxxx:xxxx::axxe:1xxa, fd2c:xxx:xxxx:1:0:xxxx:10.30.xxx.xxx, so.on.and.so.forth....

Might be important to note that "Authentication Mode" for this setting is "do not authenticate".

Since it would not be possible to have all the clients come back to work at once to get this GPO update; We were wondering;

1) The impact our IPv4 addresses change might have on clients, in regards to this particular section of the client side GPO?
2) What is the significance of this part of the GPO? Once we made our change and ran the direct access configuration wizard again, will this GPO get updated and consequently pushed to the clients when they're connected?
3) If not, how do we get around this problem without having each and every client to come back to work to get this change populated in their registry?

Any help, ideas, or suggestion would be great. Thank you for reading.





windows-serverwindows-10-networkwindows-server-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

mksadique avatar image
0 Votes"
mksadique answered

Bharti, Thank you for providing link/reference to the documentation. However, it does not answer my specific question(s).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.