DirectAccess through a Netscaler

Hi,

We currently have a single DirectAccess server (Windows 2012 R2) in a single NIC configuration. We have a NAT rule on the firewall for port 443 (external IP to server's LAN IP) to this server and it works perfectly.

We would like to utilise our current Netscaler in this configuration with a view to do load balancing in the future.We tried testing this on Friday and what we did was created a virtual load balanced server on the Netscaler with a LAN IP and added the DirectAccess server to this group. We then amended the NAT to point to the virtual IP address on the Netscaler instead of directly to the DA server.

Unfortunately, this didn't work and all our workplace connections were stuck on 'Connecting'.

Has anyone used a Netscaler with DirectAccess and can possibly advise on how to get it all working?
niltdAsked:
Who is Participating?
 
Cliff GaliherCommented:
"To confirm, you're saying that regardless whether you're actually load balancing the server you need to run the load balancing wizard to route traffic to the DA server through a Netscaler?"  Not necessarily. But in the scenario you gave, yes. Essentially you said "We would like to utilise our current Netscaler in this configuration with a view to do load balancing in the future" and from what I read, configured your Netscaler with that mindset. So *yes* if you are configuring netscaler to load balance (even if there is not yet a second node) DA needs to know about it.

"Does this mean that when we create the virtual server on the Netscaler we need to assign it the current IP address of the DA server?"

Basically, yes, within the confines of how Netscaler configures load balancing.
0
 
Cliff GaliherCommented:
Because of how DirectAccess tunnels IPv6, it *must* know that it is being load balanced. Otherwise things will fail. You can log into the directaccess server, open the remote access tools in server manager, and then run the wizard to create a load balanced cluster. One of the options in the cluster wizard is to use an external load balancer. This will let DA properly handle load balanced traffic.
0
 
niltdAuthor Commented:
Hi Cliff, apologies for the late reply. I've been down with the flu. To confirm, you're saying that regardless whether you're actually load balancing the server you need to run the load balancing wizard to route traffic to the DA server through a Netscaler?

On another note, if I run the load balancing wizard, i'm told it will ask for a new dedicated IP address for Node 1 and the existing dedicated IP address will be used as the virtual IP address of the load balancer to avoid requiring any DNS changes as a result of this process? Does this mean that when we create the virtual server on the Netscaler we need to assign it the current IP address of the DA server?
0
 
niltdAuthor Commented:
Thanks Cliff
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.