Yesterday was a really great day, because Microsoft released or published the DirectAccess Client Troubleshooting tool on Microsoft Downloads.
But what’s the DirectAccess Client Troubleshooting Tool? Well, here’s a very short description:
The DirectAccess Client Troubleshooting Tool is a graphical application, based on the .NET Framework, which checks the health of a DirectAccess client by running various tests. The following tests are currently implemented:
- Network interfaces
- Network location (NLS and NRPT DNS)
- IP connectivity (6to4, Teredo, IPHTTPS, entry point in a multisite setup, DNS)
- Windows Firewall (applied profile, Firewall outbound rules)
- Certificates (EKU Client Authentication, trust chain for AIA and CRL)
- IPsec infrastructure tunnel (Domain SysVol share)
- IPsec intranet tunnel (PING and HTTP probes)
And there are more “hidden” features that I will describe in a next blog. Oh and yes, the development team of this tool is working on the next release, which will include even more awesome features!
Go and crab your copy from http://www.microsoft.com/en-us/download/details.aspx?id=41938
Interesting whitepaper about the circumstances under which the use of pre-boot authentication with BitLocker is recommended. You can grab a copy of it here http://www.microsoft.com/en-us/download/details.aspx?id=41671.
Released last week – the BPA (Best Practice Analyzer) for DirectAccess based on Windows Server 2012! The BPA scans the DA configuration and lists the found issues in a sortable list.
You can find the BPA for DA on http://www.microsoft.com/en-us/download/details.aspx?id=41178.
And in addition to the three new Connector, Microsoft has shipped a new hotfix rollup package for FIM 2010 R2 as well:
After a couple of months, the three new FIM 2010 R2 Connectors have left the RC phase and are now GA! Here’s a short overview about the three new Connectors:
Windows Azure Active Directory Connector
This Connector can be used in scenarios not supported by DirSync, for example multi-forest or non-AD. The Connector comes with sample code and configuration for a resource/account-forest scenario. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=330371.
This Connector will allow you to connect to an LDAPv3 compliant directory. It currently supports the same LDAP directories (IBM, Novell, and Oracle) we ship with FIM 2010 R2 and will over time replace the built-in LDAP Management Agents. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=270179.
SharePoint User Profile Store
This Connector will connect to the SharePoint User Profile Store and can be used as a replacement for the built-in synchronization engine which comes with SharePoint, for example in mulit-forest or non-AD scenarios. For more information, please refer to the TechNet documentation: http://go.microsoft.com/fwlink/?LinkID=331344.
Yesterday, I worked on a DirectAccess case where the IPv6 address disappeared on one of the two ISATAP adapters on a Directaccess server. We’ve found the solution by running the following netsh command, which outputs the configuration of the specified ISATAP adapter. Oh btw, you should use the interface ID of the “internal” ISATAP adapter (there is one ISATAP adapter for each network interface):
netsh int ipv6 show int <InterfaceID>
The most interesting part of the output are the following two lines:
Forwarding : disabled
Advertising : disabled
The problem was, that both settings Forwarding and Advertising were set to disabled. However, they have to be enabled in order to work – so that an IPv6 address is set on the adapter. So after executing the command netsh interface ipv6 set interface <InterfaceID> forwarding=enabled advertise=enabled, everything worked as expected.
Microsoft has just published lot of new Remote Access (DirectAccess) content on TechNet, which is great news. For example, you can find now a list of all available hotfixes for Windows Server 2012, Windows 8 and Windows 7 client computers, or a list of all Product Group unsupported scenarios.
Microsoft has shipped a new build (4.1.3461.0) for FIM 2010 R2. This build introduces 6 updates for the FIM Synchronization Service, and 1 update for the BHold components.
As usual, you can find all details and the download link on the support page, here at http://support.microsoft.com/?id=2870703.
Interesting question, and I highly recommend to read Vittorio’s blog about OAuth2 and sign-in here on http://www.cloudidentity.com/blog/2013/01/02/oauth-2-0-and-sign-in-4/.
In a nutshell: it’s important to understand that OAuth2 is an authorization framework, and NOT a sign-in/authentication protocol. So OAuth2 cannot be used for sign-in/authentication without provider specific details and knowledge.
A lot more details, explanations, comparisons, etc. can be found on Vittorio’s blog. Enjoy reading it!