Direct Access is an excellent vpn-solution from Microsoft. With Server 2012 R2 it got even better.
There is alot of pages telling how to install it right, but in real life you have to combine some of them.
So here goes 🙂
Installing Direct Access Server with two nics.
http://jackstromberg.com/2013/12/tutorial-configuring-direct-access-on-server-2012-r2/
I want to point out couple of tips.
If you dont have CRL-list available externally. Use external publishers wildcard or named certificate. You will avoid revocation list problems.
For Windows 7 support.
Network Location Server.
You must use some other server for nls to support Windows 7. Windows 8 works when NLS is on Direct Access server, but Windows 7 wont !!
If you get error when you validate nls. Install this hotfix and reboot.
http://support.microsoft.com/kb/2929930
And a must install for Windows 8 and 8.1 computers.
http://support.microsoft.com/kb/2953212
Windows 7 client certificates required to get Direct Access online:
http://syscomlab.blog.com/2012/09/how-to-get-windows-7-to-work-with-directaccess-server-2012/
And remember that you will also have to get the same computer certificates for Windows 8 machines or otherwise they wont work !!
Add Group Policy for Auto-Enrollment and add the same Computer Security Group as security filtering for it. It’s the easiest way to get computers certificates for both operating systems.
Get IP-HTTPS state: netsh int httpstunnel show int
If you get this error with IP-HTTPS 0x8009030e (SEC_E_NO_CREDENTIALS) install the following hotfix:
http://support.microsoft.com/kb/2758949
If you still have problems with Windows 7 direct access. See this link.
http://technet.microsoft.com/en-us/library/ee844126%28v=ws.10%29.aspx
With these you can get both of them work with a single gpo. You dont need to copy the default and add DTE Addresses and Corporate Resources in it !!
And as a last tip for today. Direct Access Connectivity Assistant is only for diagnostics use with Windows 7. You dont need to install it.
Thanks for Jack Stromberg and SysComLab for the help!