0

any help would be awesome, I have created a two node UAG Direct Access array, although not best practice I have setup NLS website on the UAG DA servers. Every time I click Activate on the Forefront Unified Access Gateway Management page it removes the NLS website from IIS and I have to re-add it. I doesn't remove the application pool just the website which makes internal clients act as though they are external. Has anyone experienced this before?

Thanks

Steve

Steve
  • 11
  • Could you add some more details to your question? It's hard to follow what you're asking for? – slm Jan 07 '13 at 02:52
  • Hey Slm, I have setup in IIS on the Direct Access servers the NLS web site used by direct access to tell if a machine is on the inside of the network or not. I create a standard https with a cert site & it all work fine, I run through the Direct Access setup configure all the parts & then apply the policy. this works and the website NLS is still in IIS on the direct access server, I then click the activate button which is the next step in the direct access setup & after this has completed it removes my website NLS from IIS, I recreate it & everytime someone clicks activate it wipes it out – Steve Jan 07 '13 at 21:23

1 Answers1

1

You don't want to do this. There is a registry hack you can make which will tell UAG to leave that website alone, but I'm not even going to list it because you really shouldn't do this at all. Setup the NLS site on a different server. You obviously have other servers or you couldn't get DA working at all :) set NLS up on the domain controller if nothing else. Even if you got it working this way, it would never be supported by Microsoft.

Enjoy DirectAccess! It's an amazing technology.

jordan.krause@ivonetworks.com

Jordan Krause
  • 66
  • 1
  • Thanks Jordan, I new it wasn't best practice but I didn't realize it would not be supported, I was wanting to setup IIS failover clustering as well as the NLB that would be good failover making NLS highly available, but like you say it would be a lot easier to move it somewhere else and then the risk of someone activating DA and removing NLS web service is not an issue. I Will move the NLS web site to a new host. Thanks – Steve Jan 08 '13 at 03:04