DirectAccess Unsupported Scenarios Updated

Hi folks,

Often we get the questions around what is or is not supported for DirectAccess implementations. Although not well known, we do maintain an article that lists the unsupported configurations.

You can find this here -

It's timely to point this out as we've just updated this to include a new unsupported scenario, and this one is a little different than the others since it's relating to Active Directory - specifically the mechnism you use to replicate the contents of the System Volume (SYSVOL).

From the article:

"Do not deploy DirectAccess in environments where your domain controllers are running the File Replication Service (FRS) for distribution of Group Policy objects (SYSVOL replications). Deployment of DirectAccess is not supported when you use FRS.

You are using FRS if you have domain controllers that are running Windows Server 2003 or Windows Server 2003 R2. In addition, you might be using FRS if you previously used Windows 2000 Server or Windows Server 2003 domain controllers and you never migrated SYSVOL replication from FRS to Distributed File System Replication (DFS-R).

If you deploy DirectAccess with FRS SYSVOL replication, you risk the unintentional deletion of DirectAccess Group Policy objects that contain the DirectAccess server and client configuration information. If these objects are deleted, your DirectAccess deployment will suffer an outage, and client computers that use DirectAccess will not be able to connect to your network.

If you are planning to deploy DirectAccess, you must use domain controllers that are running operating systems later than Windows Server 2003 R2, and you must use DFS-R."

If you're already running DirectAccess and are still using FRS to replicate SYSVOL, we strongly recommend that you move all domain controllers to at least Windows Server 2008 and perfom the DFSR migration using the dfsrmig.exe tool. Guidence on how to do this is located here.

Until next time,