Offline Migration of Forefront UAG DirectAccess


Applies To: Windows Server 2012 R2, Windows Server 2012

This topic describes how to perform an offline migration of Forefront UAG DirectAccess to DirectAccess in Windows ServerĀ® 2012. In an offline migration the Forefront UAG server is shut down before the Windows Server 2012 Remote Access server is activated. This enables use of existing IP addresses, certificates and FQDNs. However, it creates server downtime, requires all clients to migrate to the new server at once, and is difficult to roll back.

The offline migration consists of the following steps:

  • Step 1: Install the Remote Access role on the Windows Server 2012 computer.

  • Step 2: Configure server IP addresses.

  • Step 3: Obtain a server certificate for IP-HTTPS connections.

  • Step 4: Prepare GPOs in relevant domains for the Remote Access server, DirectAccess clients, and the application server if required. DirectAccess administrators should have the correct permissions (edit settings, delete, modify security) to modify the GPOs.

  • Step 5: Configure DirectAccess.

For a complete walkthrough, see Offline Migration Steps.

The following graphic illustrates the offline side-by-side migration process.