Set-RemoteAccess
Set-RemoteAccess
Modifies the configuration that is common to both DirectAccess (DA) and VPN such SSL certificate, Internal interface, and Internet interface.
Syntax
Parameter Set: Set1
Set-RemoteAccess [-AsJob] [-CimSession <CimSession[]> ] [-ComputerName <String> ] [-Force] [-InternalInterface <String> ] [-InternetInterface <String> ] [-PassThru] [-SslCertificate <X509Certificate2> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-RemoteAccess cmdlet modifies the configuration that is common to both DirectAccess (DA) and VPN such as SSL certificate, Internal interface, and Internet interface.
All settings configured by this cmdlet result in changes only on the server on which the cmdlet is run. In a network load balancing scenario the SSL certificate changes take effect on all nodes.
As a result, this cmdlet is not impacted by multi-site deployments.
Parameters
-AsJob
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-CimSession<CimSession[]>
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ComputerName<String>
Specifies the IPv4 or IPv6 address, or host name, of the computer on which the Remote Access (RA) server computer specific tasks should be run. If this parameter is specified, then the configuration changes take place on that RA server.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Force
Forces the command to run without asking for user confirmation.
When suppressed, the cmdlet assumes user confirmation for the following conditions.
-- Changing the interfaces: This results in re-configuration which is time consuming and the server cannot accept connections during this time.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-InternalInterface<String>
Specifies the name of the corpnet facing interface.
-- In a single-network-adapter configuration, if the administrator wants to change the interface, then the new name should be specified for both this and the InternetInterface parameters.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByPropertyName) |
Accept Wildcard Characters? |
false |
-InternetInterface<String>
Specifies the name of the internet facing interface.
-- In a single-network-adapter configuration, if the administrator wants to change the interface, then the new name should be specified for both the InternalInterface and this parameters.
-- When changing the internet interface, if the IP address of the ConnectTo is known, then the IP address of the specified interface is compared with the ConnectTo address. If there is a mismatch, then the interface is not changed and the cmdlet errors out. If only the name of ConnectTo is known and it cannot be resolved or if the RA server is deployed behind NAT, then it is assumed that the new interface matches with the ConnectTo address.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByPropertyName) |
Accept Wildcard Characters? |
false |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-SslCertificate<X509Certificate2>
Specifies the certificate that will be used to secure remote clients connectivity over HTTPS, in case of DA, or SSTP, in case of VPN.
-- SSL certificate changes are allowed only within the bounds of the current value of the ConnectTo address (configurable through the Set-DAServer cmdlet), such as the subject name of the new certificate should always match ConnectTo. All other certificates are rejected and the cmdlet errors out, even if all other criteria for an SSL certificate are satisfied. This behavior is applicable irrespective of whether NAT is deployed or not and whether the server has a single network adapter or two network adapters.
-- In a network load balancing scenario the changes take effect on all nodes. Hence, the specified certificate is required to be present on all nodes in the cluster.
---- If the certificate is not found on one or more nodes, then this cmdlet displays an error.
---- If one or more nodes are down when changing the certificate, then the change applies only on the nodes that are up. But the DA server GPO is updated to ensure that when these computers come up load balancing is in stopped state on them due to a certificate mismatch. For the certificate change to take effect, the administrator needs to install a similar certificate on them and re-run this cmdlet.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
true (ByValue) |
Accept Wildcard Characters? |
false |
-ThrottleLimit<Int32>
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
- None
Outputs
The output type is the type of the objects that the cmdlet emits.
Microsoft.Management.Infrastructure.CimInstance#RemoteAccessCommon
The
Microsoft.Management.Infrastructure.CimInstanceobject is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.
The RemoteAccessCommon object consists of the following properties:
-- The status of DA: installed or uninstalled.
-- The status of VPN: installed or uninstalled.
-- The status of site-to-site VPN: installed or uninstalled.
-- The status of load balancing: enabled or disabled.
-- The name of the internet-facing interface of the RA server.
-- The name of the internal-facing interface of the RA server.
-- The SSL certificate which is used for IP-HTTPS and SSTP.
Examples
EXAMPLE 1
This example will change the internal and external interfaces configured for DA. Since in our example setup, DA is deployed in edge topology, the cmdlet will look for the IP configured in ConnectToAddress while installing DA and compare it with the new internet interface IP to make sure that there is a match.
PS C:\> Set-RemoteAccess -InternalInterface 'DomainConnection' -InternetInterface 'Public Network'