Forefront UAG DirectAccess automatically enables the DNS64 and NAT64 features on the Forefront UAG DirectAccess server. You can disable the on-box DNS64 and NAT64, but you still require external DNS64 and NAT64 devices so that certain DirectAccess functionality will work.

To disable DNS64 and NAT64

  1. Ensure that the Forefront UAG Management console is closed.

  2. On the Forefront UAG DirectAccess server, click Start, click All Programs, click Accessories, right-click Command prompt, and then click Run as administrator.

  3. To disable DNS64 and NAT64, at the command prompt type:

    Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method, requiring that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
    1. reg add HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Configuration\DirectAccess\Overrides\ /v DNS64ConfigState /t reg_dword /d 0

    2. reg add HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Configuration\DirectAccess\Overrides\ /v NAT64ConfigState /t reg_dword /d 0

    • When DNS64 is disabled, the Microsoft Forefront UAG DNS64 service is stopped and cannot be restarted until the DNS64ConfigState key value is set to 1.

    • To re-enable DNS64 and NAT64, change the key values of DNS64ConfigState and NAT64ConfigState to 1.

  4. Open the Forefront UAG Management console, click the Activate configuration icon, and then on the Activate Configuration dialog box, click Activate.