When Good Network Location Servers Go Bad - Preparing for NLS Failure

by [Published on 16 April 2010 / Last Updated on 16 April 2010]

image DirectAccess depends on the Network Location Server to determine whether to use the NRPT to resolve names. When the NRPT is used, a type of DNS routing takes place, so that name servers are split between those that a DA client should use for the corpnet and which servers should be used to resolve other names.

The NRPT should only be “turned on” when the DA client is off the corporate network. The reason for that is that the DA client won’t be able to connect to the Network Location Server (NLS). However, when the DA client is connected to the corpnet – it is able to connect to the NLS server and have the NRPT turn off.

But, what happens when the DA client can’t connect to the NLS server? Then some bad things can happen.

Check out Tom Shinder’s The Edge Man blog for details of what happens when the NLS fails over at:

http://blogs.technet.com/tomshinder/archive/2010/04/06/when-good-network-location-servers-go-bad-preparing-against-nls-failure.aspx

HTH,

Deb

DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)
“MS SECURITY”
dshinder@isaserver.org

Add Review or Comment

Featured Links