This topic describes how to configure a network location server to work with Forefront UAG DirectAccess. A network location server installed on the internal network is used to determine whether a DirectAccess client is connected to the internal network. When a DirectAccess client connects to a network, it attempts to access the specified HTTPS based URL on a network location server. If the connection to the HTTPS based URL is successful, the DirectAccess client determines that it is on the internal network, and DirectAccess functionality is not used. If the network location server is unavailable, and the DirectAccess client is connected to the internal network, DirectAccess functionality is enabled for the client. This impairs the client's ability to reach internal network resources.

  • The network location server is a critical element of the DirectAccess infrastructure. It is therefore recommended that the network location server function is installed on a server with high availability.

  • The network location server must not be accessible to DirectAccess clients when they are connecting from the Internet.

You must not configure your Forefront UAG DirectAccess server as the network location server.

To specify the network location server

  1. From the Forefront UAG DirectAccess Configuration Wizard, under Step 3, in Infrastructure Servers, click Edit.

  2. Enter the HTTPS URL, click Validate, and then click Next. The DNS Suffixes page appears.

    The HTTPS URL should be entered as an FQDN.