• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

2 DA access server in 1 domain

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> 2 DA access server in 1 domain Page: [1]
Login
Message << Older Topic   Newer Topic >>
2 DA access server in 1 domain - 16.Mar.2011 12:35:03 PM   
salb

 

Posts: 3
Joined: 14.Sep.2009
Status: offline
Hello:

Here is my scenario.  I have 1 domain but we have 2 global head quarters, 1 in the US and 1in the UK.  The problem is we want a DA server in both locations not clustered but want the US employees to connect to the US DA server and the UK employees to connect to the UK DA server.  With what I have read so far I cannot see how this can be done as I would need to create 2 DNS entries, 1 for ISATAP and 1 for NLS but they can only point to 1 location.  Also when DA is implemented it creates the GP on the default domain policy which is shared between the sites just like DNS. The US and UK sites are connected via a ISA 2006 VPN so we can get to each other.

What can I do to resolve this issue?
Post #: 1
RE: 2 DA access server in 1 domain - 22.Mar.2011 12:26:02 AM   
Gabe E

 

Posts: 3
Joined: 22.Mar.2011
Status: offline
With UAG SP1, you have flexibility to use pre-created GPOs. If your OUs are designed based on location, you can have an US DA GPO targeting the US OU and an UK DA GPO targeting the UK OU. This is doable with SP1

Gabe

(in reply to salb)
Post #: 2
RE: 2 DA access server in 1 domain - 22.Mar.2011 8:57:02 AM   
salb

 

Posts: 3
Joined: 14.Sep.2009
Status: offline
Gabe, thanks for the reply.  I understand the separate GPO but what about the DNS entries for ISATAP and NLS.  Since the ISATAP has to point at the UAG server and there can only be 1 entry how do I resolve this?  Keep in mind we have 1 domain and 1 forest for the company such a contoso.com and not us.contoso.com and uk.contoso.com.

(in reply to Gabe E)
Post #: 3
RE: 2 DA access server in 1 domain - 22.Mar.2011 11:11:58 PM   
Gabe E

 

Posts: 3
Joined: 22.Mar.2011
Status: offline
NLS is not an issue. You can either use the same highly available site for NLS (if both locations route to each other) OR you can use separate highly available sites for each location with a different NLS DNS entry.

ISATAP is trickier and has to do more with manage out capabilities. But if you read Tom's post at (http://blogs.technet.com/b/tomshinder/archive/2011/02/21/clearing-the-air-on-isatap.aspx), you can see there are work arounds using local host files for those few machines that need to have the manage out access.

I don't think its a show stopper.

Gabe

(in reply to salb)
Post #: 4
RE: 2 DA access server in 1 domain - 23.Mar.2011 9:33:25 AM   
Gabe E

 

Posts: 3
Joined: 22.Mar.2011
Status: offline
In my earlier reply, I neglected to mention that multi-site ISATAP configuration has been addressed by Tom at http://blogs.technet.com/b/tomshinder/archive/2011/02/08/why-you-need-an-external-isatap-router-for-a-multi-site-uag-directaccess-deployment.aspx

Gabe

(in reply to Gabe E)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> DirectAccess >> 2 DA access server in 1 domain Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts