Wednesday, 3 November 2010

Forefront UAG DirectAccess: Application Compatibility Table

I don’t believe that Microsoft are planning on providing a list of known DirectAccess application compatibility issues and their respective solutions or mitigation methods. Consequently, I thought it might be useful to create a blog post that captures known UAG DA application compatibility issues I am seeing in the forums and also from my own deployment experiences. UAG DA sometimes has the upper hand over native DirectAccess implementations here, as the option to utilise the in-built NAT64 functionality is potentially available, but this is not always a sufficient solution as the communication between DirectAccess clients and UAG will always take place over IPv6.

Tom has a great article on the subject of DirectAccess Application Compatibility which I am going to reference as a good primer for this subject; it can be found here. The TechNet information available here is also useful background reading.

UPDATE: I was recently made aware of a TechNet article titled IPv6 Support in Microsoft Products and Services which may also be a useful reference. The TechNet information is available here.

UAG DirectAccess Application Compatibility Table

Application or Product Name Application Vendor Application Version Known Issues Known Solution or Mitigation Techniques
Office Communication Server Microsoft 2007 and 2007R2 OCS client does not support IPv6
NAT64 not possible.
Deploy an OCS edge solution and define NRPT exemption rules for OCS related host names to use the Internet facing OCS edge solution. More info here.
Lync Microsoft 2010 Lync client does not support IPv6
NAT64 not possible.
Same as above for OCS. Upgrade to Lync 2013 which fully supports IPv6.
Metaframe, XenApp Citrix 6.x and below Citrix client does not support IPv6.
NAT64 to Citrix servers is not possible.
Deploy an internal Citrix Secure Gateway (CSG) solution or define NRPT exemption rules to use an Internet facing CSG solution. More info here.
FlexNet Manager Flexera Software Unknown Product does not support IPv6. Host application using RDS RemoteApp, Citrix XenApp or use an SSTP/VPN fall-back method. More info here.
SAP GUI SAP 7.20+ Support for IPv6 is not enabled by default. Add a client system environment variable of SAP_IPv6_ACTIVE=1.
To be able to do load balancing you will also need to install SAPRouter. More info here.
Lotus Notes IBM 8.0+ Support for IPv6 is not enabled by default. Add the TCP_EnableIPv6=1 line to the [notes] section of the notes.ini file.
More info here.
vSphere Client VMware 4.1 Unable to resolve hostname errors when trying to open virtual machine consoles. This has been fixed in vSphere client version 5.0 update 1 and later.

Information last updated: 21st January 2013

I aim to amend the blog post at regular intervals to try and keep the information as up to date and dynamic as possible. This should then provide a reference location that people can refer back to when thinking about potential application compatibility issues, or when new solutions are found.

So, if you have problems with application compatibility when using UAG DirectAccess, please email me (my email address is provided on my blogger profile page here) or use the comments option at the bottom of this post. Please provide as much information as possible, ideally including the following minimum information:

  • Application or Product Name
  • Application Vendor
  • Application Version
  • Brief overview of the impacted functionality or problem
  • Known solution or mitigation technique/workaround

Community input would be of great value here, so please do provide feedback where possible! Additional comments and corrections to keep the table as accurate as possible are also welcome…


  1. DA is not compatible with applications that can use QOS, eg The DPM Client

  2. The DPM client *does* work though, it just consumes full bandwidth as opposed to being "broken" - I have added your comment anyhow ;) Thanks!

  3. ActiveFAX client can communicate with server when DirectAccess enabled.

  4. Do you know can KMS work under DirectAccess?

  5. Do you know what version of ActiveFAX?

  6. Not tested KMS myself, but I would think so as this is a core Windows product/feature.

  7. hi jj,
    in a customer-scenario we couldn't access an exchange cluster (via external da-client), which has a netscaler-load-balancer in his front!
    greets, Jens Mander aka Karsten Hentrup...

  8. Hi,

    This may be a tad late to post here, but in response to Anonymous on 2-Apr-2011, we currently successfully use KMS over DA in our environment.