DirectAccess and NetMotion Mobility XE
AuthLite is very simple to use with DirectAccess or NetMotion Mobility XE, no special configurations are needed on the VPN side. In a properly functioning DirectAccess/Mobility setup, the workstations operate as though they are always on the LAN.
Get your DirectAccess/Mobility infrastructure set up and working first without AuthLite being used at all.
Install AuthLite on the domain controllers and workstations.
For Mobility, be sure to configure Unattended (machine) authentication as well as Windows user authentication.
For Mobility, AuthLite must be installed on the NetMotion Mobility server.
At the time the user logs in, the workstation will already have the machine-level DirectAccess/Mobility tunnel up and running. AuthLite communicates with the DC over this channel automatically, and performs OTP validation exactly as if the machine was connected directly to the LAN.
Be sure to use one of the methods for Requiring Two-factor Authentication. Otherwise your setup may support 2FA but not enforce it.
For the best sign-on experience, use group policy to deploy this registry key on your Netmotion workstations:
Key: Software\Policies\Collective Software\AuthLite
DirectAccess is a complex thing to get set up from scratch, especially if you are trying to do it without the UAG wizard. You should definitely not attempt to add AuthLite into the mix until you are finished troubleshooting any DirectAccess issues. Otherwise you'll make it harder to figure out where the problems are.