Book Review: Windows Server 2012 Unified Remote Access Planning and Deployment

This is another book review. Windows Server 2012 Unified Remote Access Planning and Deployment book is about technologies I do not have so much experience with – DirectAccess and VPN. Even though I specializing in System Center and Hyper-V it is good to have broader knowledge at least on some basic level. Technologies like DirectAccess and VPN are deployed event in the Cloud.

First I will start that is a small book but it understandable that it covers only one feature in Windows Server 2012. Before starting to read this book I recommend to have basic knowledge on Windows Server, Active Directory, Certificate Services and Networking. The book starts by introducing you to DirectAccess, how it works on general level and what are the requirements for it. It doesn’t rush you directly in the technology instead it explains very well every technology that is built into DIrectAccess. This very good if you have only some basic knowledge on Windows Server, Active Directory, Certificates services and Networking because explains you technologies like IPv6, DNS, ISATAP, DNS64, NAT64, 6to4, Teredo, IP-HTTPS, Group policy and PKI. In next chapters the book continues by introducing you to the architecture of DirectAccess and how to prepare your environment for implementing it. This is followed by installation and configuration of Unified Remote Access role. The last chapters cover some advanced scenarios as well as troubleshooting tips.

In summary the book is very easy to read and provides very good picture of Unified Remote Access role in Windows Server 2012. I recommend this book for engineers who have the task or consider deployment of DirectAccess in their environments. The book is suitable reading for those who have implemented Direct Access in Windows Server 2008 R2 in the past and want to know what have changed in 2012 and how they can migrate to the new version. If you think that this book is for you can grab it on one of these stores:

New MP: System Center 2012 Monitoring Pack for RemoteAccess 2012

Another management pack for monitoring Windows Server 2012 role is out. This new MP will monitor Remote Access only in Windows Server 2012. Also SCOM 2012 or later is only officially supported. Accoriding to the documentation the following monitoring features are provided:

DirectAccess Monitoring
  • Issues with internal and external network adapter connection and settings such as forwarding
  • Teredo server state and configuration
  • Isatap availability and configuration such as name publishing and route publishing
  • 6to4 adapter and forwarding state
  • Heuristics around network security such as DOS attack, spoof attack and replay attack and state of IPSec
  • State of network infrastructure like Dns servers, Management servers configured for DirectAccess
  • IP-Https state and configuration
  • State of various underlying services such as BFE, IPHelper etc needed for Remote Access
  • Heuristics related to OTP

Most of the health monitoring scenarios that can be monitored using the native DirectAccess UI have been included in the management pack.

VPN Monitoring

Existing capabilities for RRAS management pack have been included in the unified management pack as well. We’ll summarize the monitoring capabilities for RRAS included in the unified management pack:

· Remote access (VPN) connection failures due to erroneous configuration.

· Demand-dial (site-to-site) connection failures due to erroneous configuration.

· Erroneous configuration of VPN tunnels:

· Point-to-Point Tunneling Protocol (PPTP)

· Layer Two Tunneling Protocol (L2TP/IPSec)

· Secure Socket Tunneling Protocol (SSTP)

· Internet Key Exchange version 2 (IKEv2)

· Connection licenses, registry corruption, authentication, and accounting issues for remote access

· VPN network access protection (NAP) enforcement and Network Access Quarantine Control access issues

· Erroneous configuration and setup issues involved with various routing protocols that are exposed through RRAS, such as the following:

· Routing Information Protocol (RIP) v1 and v2

· DHCP Relay Agent

· Internet Group Management Protocol (IGMP)

· DHCPv6 Relay Agent

· Monitors and alarms to notify the administrator about erroneous conditions. These conditions include the following:

· Hardware device error

· Protocol initialization failure

· Remote Access Connection Manager (RASMAN) service unexpected termination

· Routing and Remote Access service unexpected termination

· Routing and Remote Access service monitor

· Authentication or accounting failures

· Configuration failures

· IPsec-related failures

· Packet filter-related failure

· IPCP negotiation failure

· Memory allocation monitor

· Memory allocation failure

· No more licenses monitor

· Port open failures

· Support for monitoring performance counters and instrumentation, including the following:

· Total number of remote access connections

· Total number of timeout and serial overrun errors for this connection

· Total number of alignment errors for this connection (alignment errors occur when a byte received is different from the byte expected)

· Total number of buffer overrun errors for this connection (buffer overrun errors occur when the software cannot handle the rate at which data is received)

· Total number of bytes received for this connection

· Number of bytes received per second

· Total number of bytes transmitted for this connection

· Number of bytes transmitted per second

· Total number of cyclic redundancy check (CRC) errors for this connection (CRC errors occur when the frame received contains erroneous data)

· Total number of data frames received for this connection

· Number of frames received per second.


The MP and its guide you can download from here.

Windows Server 2012 Upgrade Jump Start Training

This Jump Start Training was held live last month and now it is available as a recordings. This course is led by Microsoft Senior Technical Evangelist Rick Claus and Ed Liberman from TrainSignal. The course is divided in 12 topics which can be found as separate videos here.

MVA: Windows Server 2012: Identity and Access Course

Another course about Windows Server 2012 is available at Microsoft Virtual Academy. This course is titled Windows Server 2012: Identity and Access and consists of technologies as Active Directory, Remote Desktop Services, DirectAccess and Dynamic Access Control:

Remote Desktop Services Module

DirectAccess for Remote Access Module

Dynamic Access Control Module

Full course materials can be found on MVA.