The topic provides information about planning for DirectAccess Connectivity Assistant (DCA) 1.5 deployment.

  1. Overview

  2. Requirements

  3. Limitations

  4. Planning steps


DirectAccess Connectivity Assistant (DCA) version 1.5 can be installed on DirectAccess client computers, to provide information about the state of DirectAccess connectivity to corporate network resources, as follows:

  • Connection status—The DCA informs mobile users of their connectivity status at all times; and provides tools to help them reconnect on their own if problems arise.

  • Troubleshooting information—The DCA provides troubleshooting messages to help solve DirectAccess connection issues, and gathers diagnostic logs that can be send to network administrators. Without the DCA, there are no means by which clients can verify whether DirectAccess is working correctly. In addition, via the DCA administrators can provide a URL that hosts information and resources for DirectAccess clients.

DCA deployment consists of two steps:

  1. Deploy the DCA 1.5 application on DirectAccess client computers

  2. Configure application settings to be delivered to client computers running DCA 1.5


The DCA 1.5 application can be deployed using the following means:

  1. Prepare a network share or Web site on which users installing the DCA .msi have read permissions.

  2. Prepare to use a software distribution system such as Microsoft System Center Configuration Manager to automatically deploy the DCA.

  3. Prepare an Active Directory group policy to automatically deploy and run the DCA .smi file. The group policy will be applied on computers you want to configure as DirectAccess clients.

The following is required to deploy DirectAccess settings:

  1. Allow users to use local name resolution—If you enable this setting, the Use local DNS resolution is available in the DCA console running on the client computer. If a remote user selects this settings, DirectAccess does not send resolution requests for single label names to internal corporate DNS server, but uses local name resolution instead (LLMNR and NetBios). Clients require a means of resolving names locally.

  2. Connectivity verifiers—Connectivity verifiers are used by the DCA to provide information about the connectivity status clients. If connectivity is down then an unavailable status is displayed in the DCA. The connectivity verifier method can be an HTTP or HTTPS URL, or a file location. Plan for multiple connectivity verifiers in a number of locations. For example, configure one verifier behind the NAT64, and another behind the ISATAP gateway etc.

  3. Troubleshooting URL—The DCA provides a URL link to which clients can connect for troubleshooting information. Plan for a Web site or portal that contains information for clients. You can use a Forefront UAG portal if you have deployed portal publishing in Forefront UAG.

  4. Email address—The DCA deployment requires an email address that is monitored for troubleshooting logs sent by DirectAccess clients. The address appears in the DCA console.

  5. Diagnostics script—The DCA provides a default script for gathering diagnostic logs. If you want to add another script, prepare it before DCA deployment. The script can be any file that can be run at a command prompt, and that prints output to the console as text. The script located specified on the client computer should be accessible by a standard user account. Note that DCA runs the script with elevated permissions.


The following limitations apply:

  1. DCA 1.5 must be installed on clients authenticating to DirectAccess with an OTP.

  2. DCA 1.5 cannot be installed on clients connecting to Windows DirectAccess servers. It can be installed on servers running Forefront UAG DirectAccess SP1, Update 2, Update 1, or RTM.

  3. The DCA 1.5 .msi installation file is only available after installing Forefront UAG SP1.

  4. DCA 1.5 settings can only be configured in the Forefront UAG Management console, if the Forefront UAG DirectAccess server is running SP1. Otherwise you must configure DCA settings using a group policy template.

  5. When force tunneling is enabled (DirectAccess clients reach the Internet via the DirectAccess server), the option to allow local name resolution cannot be provided to DirectAccess clients

  6. At least one connectivity verifier must be enabled. You cannot use the network location server Web site as a connectivity verifier.

  7. Any diagnostic script must complete its actions within 45 seconds. Scripts that take longer have their logs truncated.

  8. When installing DCA 1.5 on a computer running DCA 1.0, or when uninstalling DCA, the current DCA application process and service is stopped during setup. However, if a computer has multiple users and each user runs an instance of the DCA, you must restart the computer to complete the upgrade or uninstall.

Planning steps

Planning steps consist of the following:

  1. Define a strategy for deploying and installing DCA 1.5 on computers that will be configured as DirectAccess clients.

  2. If you are not running SP1, obtain and import the GPO templates.

  3. Prepare for deploying DCA 1.5 settings, either via the Forefront UAG Management console on servers running Forefront UAG DirectAccess with SP1, or using GPO templates on other Forefront UAG DirectAccess servers.

    1. Create HTTP or HTTPS Web sites, or file locations, as connectivity verifiers

    2. Prepare a Web site or Forefront UAG portal that contains useful troubleshooting information for DirectAccess clients.

    3. Define a email address to which DirectAccess client diagnostic logs can be sent.

    4. If you want to use addition diagnostics in addition to the default diagnostics, prepare a diagnostics script and deploy it on client computers that will be configured as DirectAccess clients.

    5. In addition, if you are configuring DCA settings with the template, collect the IP addresses of DirectAccess servers