Hi,

We have setup directaccess in our environment and everything is working fine except the client facing issues of slowness in accessing files from file server located in data center. This file server is used only by the users on directaccess site. We are discussing to place the server in directaccess client subnet so that client will work more efficiently.

We have configured the vpn tunnel between directaccess site and data center to manage the printers remotely. Since vpn tunnel is in place and to enable the client to use directaccess connection we have blocked the port of NLS server so that client will connect with directaccess only.

Local file server will communicate with data center on vpn tunnel.

My query is to know would client be able to communicate with local file server directly as both are in the same subnet with \\IPAddress  of local file server when client connected with directaccess. Also, if we required to access the file server with short name or fqdn does that required entry in host file of client accessing the server ?

I Think when DA client working from home the client will still access the file server and  the traffic for local file server will routed from datacenter to local file server on vpn tunnel.

Any help would be highly appreciated.

• Edited by achievers Thursday, July 24, 2014 4:53 AM

Hi - as long as the traffic routing is configured correctly on the DA Server using static routes the traffic will be able to reach any resources you require. However, can i point out that a hosts file and \\ipaddress will not work over direct access - you must access using shortname or fqdn.

Yes I have found it easiest to add all of the RFC 1918 private address ranges as static routes on my multi-homed DirectAccess servers.

10.0.0.0        -   10.255.255.255  (10/8 prefix)
172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

This will allow connectivity to almost all private IP ranges. You can offcourse just add the range/subnet of your internal LAN....

Hi There - although good advice from Ryan I personally would NOT open up all ranges as this increases the security footprint and surface area. Add the specific range you require routing to on the DA Server using static routes.

Routing in place. admin from GDC can manage the printers on directaccess sites on management tunnel.

Hi There - has this now resolved your issue ?

Hi,

We have not tested it yet. Since there are less no. of uses and most of them working from home. We will update after testing

Hi john,

However my concern was is this possible for directaccess client to communicate with local server directly without routing from DA server since both server and client are connected with ADSL router.

• Edited by achievers Tuesday, August 05, 2014 6:35 AM

Hi There - as always it is better to place the files / resources where the best links are - so to answer your question - if the local file server has unreliable or slow links then it would be better to locate them centrally and investigate something like DFS Replication between the central file server and local file server. There is no reason why DA Clients cannot access the resources with the exception of reliable / fast links.

Hi Jphn,

We had tested and able to access the local file server with shortname

HI, I have also deployed DA on server 2008 R2 but my client is facing following issues:

1. DA client can't access my file server or NAS drive

2. DA client can't get shared printer

3. DA client is not able to ping any other systems except DC , Webserver NLS and Direct Access server.

HI, can u tell me that your Direct access client is now able to do the following tasks:

1. can able to access file server or NAS drive

2. Can able to access shared folder, after sharing it from any system of internal network

3. Can able to ping IPv4 or how to use shared printer for remote DA client in windows server 2008 R2

Hi,

Please find the my answers.

1: can able to access file server or NAS drive.

Yes, we are able to access file server. But since there was latency because the traffic was going from GDC to remote site where the server exits(DA client and file server on same site). due to latency issue we had decided to move the file server on DMVPN and mapped the drives with ip address so that client can directly access the shared folder without routing the traffic from GDC. We also mapped the shared drive with hostname so that they can access the shared folder while working from home and in this case the traffic goes through DA server

2: Can able to access shared folder, after sharing it from any system of internal network

Yes, we are able to access shared folders from server hosted in GDC and RDC. however for some server we found that SMB port 445 was blocked between DA server and file server.

3: Can able to ping IPv4 or how to use shared printer for remote DA client in windows server 2008 R2

yes, we are able to ping IPv4 of server in same subnet  where only ADSL is present. we have created VLAN's and blocked the port 443 in DMVPN from remote site to GDC server so that client will connect with DA to access internal resources. this DMVPN is also used to manage printers on remote sites.

since server and clients are on same subnet , it would be good to access  printers and shared folders on ip address of file server so that communication wouldn't go through DA server. however the same is accessible with hostname.

• Edited by achievers 3 hours 44 minutes ago

Hi,

Please find the my answers.

1: can able to access file server or NAS drive.

Yes, we are able to access file server. But since there was latency because the traffic was going from GDC to remote site where the server exits(DA client and file server on same site). due to latency issue we had decided to move the file server on DMVPN and mapped the drives with ip address so that client can directly access the shared folder without routing the traffic from GDC. We also mapped the shared drive with hostname so that they can access the shared folder while working from home and in this case the traffic goes through DA server

2: Can able to access shared folder, after sharing it from any system of internal network

Yes, we are able to access shared folders from server hosted in GDC and RDC. however for some server we found that SMB port 445 was blocked between DA server and file server.

3: Can able to ping IPv4 or how to use shared printer for remote DA client in windows server 2008 R2

yes, we are able to ping IPv4 of server in same subnet  where only ADSL is present. we have created VLAN's and blocked the port 443 in DMVPN from remote site to GDC server so that client will connect with DA to access internal resources. this DMVPN is also used to manage printers on remote sites.

since server and clients are on same subnet , it would be good to access  printers and shared folders on ip address of file server so that communication wouldn't go through DA server. however the same is accessible with hostname.

• Edited by achievers Wednesday, March 25, 2015 3:36 AM
• Proposed as answer by pwnkmr Wednesday, March 25, 2015 9:57 PM