Load Balancing Microsoft Direct Access

I was asked to jump in on a project this week to help configure Microsoft Direct Access load balancing using the NetScaler platform. when I went looking their wasn’t a lot of info other than a good video on how it works https://www.petri.com/webinars/using-advanced-adc-configuration-for-microsoft-direct-access-to-improve-datacenter-security

After reaching out to Richard,  https://directaccess.richardhicks.com  he pointed me in the right direction so I took a few screen grabs as I went and this is the first part configuring the NLS Web server on NetScaler so that it returns 200 OK to the clients when they are on the LAN.

First Step is to create the internal NLS web server on your NetScaler

Create Responder Action

NLS_Setup_01

Select Add

 

Create Responder Action

NLS_Setup_02

Enter Name

Select respond with :

Enter Expression

“HTTP/1.0 200 OK” + “\r\n\r\n” + “<html><body>DirectAccess Network Location Server (NLS)</body></html>” + “\r\n”

Create Repsonder Policy

NLS_Setup_03

 

Select Add

Create Repsonder Policy

NLS_Setup_04

Enter Policy Name

Select Action DirectAccess (name from above)

Enter Expression :

HTTP.REQ.IS_VALID

Select create

 

Create Service

NLS_Setup_05

 

Select Add

Create Service 

NLS_Setup_06

Enter Name of Service

Enter Looopback IP address

Select 443

Enter port 62112

Un-check health monitoring

Create and install Certificate for the vServer

Create Certificate Key

NLS_Setup_certificate_07

Select Create Key

Enter Details

NLS_Setup_certificate_08

Enter details as above

Create CSR

NLS_Setup_certificate_09

 

Create CSR

NLS_Setup_certificate_10

Enter details above ensure you enter the correct URL of the internal

 

Pass the CRS to the Certificate authority to sign and return the certificate 

When returned copy it to the cert location on the NetScaler

Also copy the root certificate and any certificate chain if required.

Install Certificate

 

NLS_Setup_certificate_11

Select  Install

 

NLS_Setup_certificate_12

Give the certificate a name

Browse to the NetScaler and select the returned file and the key that you originally created.

Enter the password that was created earlier

 

Install the Root CA

 

NLS_Setup_certificate_13

Select Install

NLS_Setup_certificate_14

Enter a name for certificate

Browse the NetScaler and select the Root CA you just up loaded

Link the certificate chain

NLS_Setup_certificate_15

Select the certificate you need to chain

Select Actions and then Link

NLS_Setup_certificate_16

Select the correct Root CA

Select OK

 

Create vServer for NLS

NLS_Setup_vServer_17

Select Add

 

NLS_Setup_vServer_18

Enter vServer name

Select SSL

Enter IP address

Select OK

 

NLS_Setup_vServer_19

Select Load balancing Service

 

NLS_Setup_vServer_20

click to select Service

NLS_Setup_vServer_21

Select DirectAcces

Select OK

NLS_Setup_vServer_22

Select Bind

NLS_Setup_vServer_23

Select OK

NLS_Setup_vServer_24

Select Certificates

NLS_Setup_vServer_25

Click to select certificate

NLS_Setup_vServer_26

Select the correct certificate to be used on the vServer

NLS_Setup_vServer_27

Select Bind

NLS_Setup_vServer_28

Select OK

NLS_Setup_vServer_29

Select Policies

NLS_Setup_vServer_30

Select to open policies

NLS_Setup_vServer_31

select responder

select request

NLS_Setup_vServer_32

Click to select policy

NLS_Setup_vServer_33

Select the policy created earlier

Select OK

NLS_Setup_vServer_34

Select Bind

 

NLS_Setup_vServer_35

Select Done

 

You then need to add a DNS record to point to the IP of the vServer and point you internal clients to this and you should be good to go.

 

 

One thought on “Load Balancing Microsoft Direct Access

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s