Planning Redundancy for CRL Distribution Points
Applies To: Windows 7, Windows Server 2008 R2
Important
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (https://go.microsoft.com/fwlink/?LinkId=179988).
If the intranet certificate revocation list (CRL) distribution point becomes unavailable, intranet detection will fail for DirectAccess clients on the intranet. If the Internet CRL distribution point becomes unavailable, DirectAccess clients on the Internet will be unable to use Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connections to the DirectAccess server.
For CRL distribution point redundancy, you can do the following:
For a single CRL distribution point, you can configure redundancy for Internet Information Services (IIS)-based Web servers or Windows Server 2008 R2 or Windows Server 2008-based file servers with Network Load Balancing. For more information, see Overview of the Network Load Balancing Deployment Process (https://go.microsoft.com/fwlink/?LinkId=159956).
You can also configure multiple CRL distribution points on different Web or file servers on your intranet or the Internet.