Export (0) Print
Expand All
This topic has not yet been rated - Rate this topic

Planning Redundancy for CRL Distribution Points

Updated: October 1, 2009

Applies To: Windows 7, Windows Server 2008 R2

ImportantImportant
This topic describes design considerations for DirectAccess in Windows Server 2008 R2. For the design considerations of DirectAccess in Microsoft Forefront Unified Access Gateway (UAG), see the Forefront UAG DirectAccess Design Guide (http://go.microsoft.com/fwlink/?LinkId=179988).

If the intranet certificate revocation list (CRL) distribution point becomes unavailable, intranet detection will fail for DirectAccess clients on the intranet. If the Internet CRL distribution point becomes unavailable, DirectAccess clients on the Internet will be unable to use Internet Protocol over Secure Hypertext Transfer Protocol (IP-HTTPS)-based connections to the DirectAccess server.

For CRL distribution point redundancy, you can do the following:

  • For a single CRL distribution point, you can configure redundancy for Internet Information Services (IIS)-based Web servers or Windows Server 2008 R2 or Windows Server 2008-based file servers with Network Load Balancing. For more information, see Overview of the Network Load Balancing Deployment Process (http://go.microsoft.com/fwlink/?LinkId=159956).

  • You can also configure multiple CRL distribution points on different Web or file servers on your intranet or the Internet.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.