Note: Clients on the internal network will lose connectivity to the domain if the NLS is unavailable. If enabling load balancing for NLS for an existing DirectAccess deployment, it is recommended that the NLS be reachable by clients and have a valid SSL certificate available during the transition. As the NLS hostname will be changing when this happens, a hostname mismatch will occur on the original NLS during the cutover, causing clients to fail the NLS check. This issue can be addressed by assigning a multi-SAN certificate to the NLS that includes both the original NLS name and the new load-balanced name prior to implementing this change.

To configure DirectAccess to use a load-balanced NLS, follow the steps below:

  1. In the internal DNS, create a DNS record with a hostname that resolves to the virtual IP address configured for the NLS Virtual Service.
  2. In the Remote Access Management console, click DirectAccess and VPN under the Configuration node in the navigation tree.
  3. In the Step 3 Infrastructure Servers box, click Edit.

  4. Enter the new NLS URL and click Validate.
  5. Ensure that connectivity to the URL is validated successfully before proceeding.
  6. Save and apply the configuration.