With the recent rise in companies expanding their work from home positions due to the COVID-19 pandemic, managed service providers like PEI have seen a number of customers reach out to us to help expand or implement remote capabilities for their user workforce. One such customer had an existing Windows Server 2012R2 Direct Access (DA) server in place but it was insufficient for their entire 600+ user base!
Creating a Windows Network Load Balanced DA cluster is not an overly complex task, however once the prerequisites are in place (NLB on both nodes, certificates copied, DA role installed on a new node, but not configured) a curious issue came up.
None of the high availability options were showing up in the Remote Access Administration console! Searching every blog on creating a High Availability (HA) cluster to be found and all that came up was ‘click on the HA options to create the cluster then add the second node’!
The determining cause was rather innocuous. The original DA server was also serving as the Web Application Proxy (WAP) server for their internal Active Directory Federation Server (ADFS). After some calls with Microsoft it was confirmed that if the WAP role is installed on a Direct Access server, the HA options just don’t show up!
So – the solution? Just remove WAP. Well, this is a production server and they kind of need that for ADFS so here is the best process:
- Schedule some downtime and alert all users to avoid mass hysteria
- Remove the WAP role from the original DA node and then reboot it
- The HA options should appear! Great Success!
From here, complete the configuration of the new DA/HA Cluster and test to verify all users are connecting. Now, add the WAP role back and re-establish the trust with the internal ADFS server.
Now, the customer was only using WAP for ADFS, so if there are any published applications, be sure to document those prior to removing the role and re-adding it.
Also, there are some articles stating WAP does not work well on an HA cluster, however we have seen zero issues with this since implementation – your mileage may vary!
Joe | PEI
