Hi, hopefully a pretty straight forward question, although my web search didn't come up with the answer.
I'm looking to implement DirectAccess for our Windows 7 clients to replace our existing VPN solution. Do Windows Phones support DirectAccess to allow remote access back into our corporate infrastructure?
Currently working with a customer that has a pretty esoteric configuration for publishing some apps that use ADFS and ADFS is also published but in a non-standard way. They are publishing ADFS Proxies via UAG. Long story but bottom line this is working on
existing apps but now we need to publish a new SharePoint site that will leverage an existing ADFS instance for SSO. Everything looks good until the user is redirected back to the SharePoint app and an error is thrown in the browser stating "The upload
is blocked because the request does not contain a content-type header"
The application was then set to allow Post requests without a content-type header as shown below:
But this does not fix the issue. When the error is encountered if the user types in the SharePoint url again they are logged on (through UAG) and have access to their data in SharePoint. So something is getting blocked/loss in the redirect back to SharePoint from ADFS. Anyone ran into anything like this before?
Steve Angell - IAM Practice Director http://www.InfraScience.com)
Other new drugs can focus on the management control of blood sugar in the system include Symlin and [beta]. Although these drugs have been achieved from becoming ensure the screen, additional testing before it replaces the standard treatments is required.
Elite Test 360
The diagnosis of Type II diabetes disease that can be scary for someone, but there are a lot of different medications available that will continue to maintain this condition in the Gulf. It is important certainly, once said that, any patient be absolute complaint so that these drugs work efficiently. It can take booster doses, a lower dose or a combination of different drugs so you can get the right balance that will help you maintain a healthy level of sugar in the blood. This is why it is really very important for a person to keep very carefully control the level of sugar in the blood throughout the day and keep a record of a doctor.
Hi Team
i'm having an issue with Windows 8.1 client connecting to my Direct Accces Server. Client is stuck in "connecting" state. i have done port forwarding for 443 connectivity. i can connect to my DA Server locally but its not working remotely. DA server is running on Windows Server 2012 R2.
Hi,
Hope someone can help me. If having a pc that is is off the business network and need direct access, is it possible manually to apply the settings for that ?
Normally policies are pushed out when on network, but is it possible to do it manually or is it certificate based somehow, where you cannot apply this manually?
I have tried to copy registry settings(maybe some settings are missing) from a pc where DA is working, but not working
I have been searching all over for a resolution and have tried many different configurations trying to figure this one out.
We have been testing Direct access for a few months and have worked out most of the bugs/problems with it. However one issue we havent been able to resolve is DA client to DA client connectivity. Both clients connect via DA fine and can access all network resources, but as soon as you want to connect to another DA client from another DA client, it fails.
Trying to ping the other DA client throws the well know error:
Ping request could not find host xxxx. Please check the name and try again.
Trying to ping the IPv6 address fails as well.
Pinging the same DA client from the DA server or another system that is on the intranet seems to work fine.
Anyone run into this before?
Hello,
We have DA installed and working fine, but suddenly getting this error:
Forwarding is not enabled on the external adapter.
What does it means, what should I do?
Hi,
Been struggling to find information out about this so I was wondering if anyone has come across it.
My understanding is the public firewall is always first one to activate. If windows can detect its on the domain is a part of it will activate the domain profile.
However, I have had to set public profile: block all outgoing connections.
This stops it going into domain profile mode.
I can't find a list of all the specific exception rules I need to add to the public profile in order to allow the right traffic out so it will go into domain profile.
i.e. I don't just want to allow all traffic going to xx IPs. I would rather do process on xx port going to xx IP
Any ideas?
We need to publish Exchange 2013 with UAG 2010 and we also need to use IPSEC where UAG 2010 exist in DMZ.
what should be the configuration which we need to do on UAG 2010 (TMG 2010)
Do we need to perform any configuration on Exchange 2013 CAS server?
Thanks
jitender
Hi all
I'm installing a DirectAccess Multisite solution with two servers, one for each site. Configuration was ok and clients Windows 8.x can connect (even Windows 10 TP connects). But now, everytime I want to make a change to the Infrastructure Servers, I get these errors:
Error: Exemption entry fqdn_site2 cannot be modified or deleted in the NRPT.
Error: Exemption entry fqdn_site1 cannot be modified or deleted in the NRPT.
No matter what setting or combination I try to change (NLS, DNS, DNS Suffix and/or Management), I always get stuck with the same error and this error start to show when Multisite was configured (when there was no Multisite, I could change anything I want without any issues)
Can you help me with this one? Thanks in advance and regards.
We have configured Direct Access Multi site and now when we try to add the entry in NRTP table we see following error:-
Error: Exemption entry fqdn_site2 cannot be modified or deleted in the NRPT.
Error: Exemption entry fqdn_site1 cannot be modified or deleted in the NRPT.
Can someone let me know why we are seeing this error and how to fix it?
We have a 2012 R2 DirectAccess implementation that seems to work well. However, one thing continues to be a problem. While connected remotely via DA, Outlook 2013 seems to "hang" whenever you delete a message or close an email that is open and shows "not responding" on the title bar. After 20 seconds or so, Outlook will come back and keep working. This only happens on DirectAccess clients, and not with internal Outlook clients or Outlook Anywhere external clients. It has become such an annoyance that my users are asking to be removed from DirectAccess so that they can just use VPN and not deal with the Outlook "hang".
I cannot find anything that points to this type of issue or what might be happening. Anyone else seen this?
Doug
Hello everyone,
I've set up successfully DA in a testing environment. Only Thing is the Name Resolution. In my NRPT I've add this rule:
Suffix: "Domain.com" DNS Server: "is the DA Gateway itself"
But the DA-Gateway is no DNS Server. I cant change the entry to a real DNS-Server cause of network rules. Our network-department says that the DA Gateway will act as a DNS Proxy, so there is no need to change the entry. I cant believe that, so my question is: Is it true that the DA Gateway will forward the DNS queries to the DNS-Servers specified in the NIC of the DA-Gateway?
Thanks in advice
Butters
Hello,
We have a strange issue... We have DirectAccess single-NIC behind TMG 2010 setup and working over IPHTTPS. The client can ping internal servers, no problem. We have also setup selective ISATAP for several internal servers that we wanted to use for manage-out. Those servers have IP6 addresses and ISATAP appears to work and each server can ping each other over IP6 successfully. We have setup all the firewall rules needed for the clients to allow internal ping, file and printer sharing and remote desktop.
We can successfully ping DirectAccess clients and have tested all of the manage out functionality we need from the DirectAccess server, however we cannot ping or in any way access the clients from the other manage out servers we've configured. Any help is appreciated.
-Brad
Hi everyone,
We are using DirectAccess over Server 2012. There is just one server, no load balancing.
Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say “Configuration for server [servername] cannot be retrieved from the domain controller.”
I found a few hints what could cause this problem:
In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone."http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/
Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html
Server has no connectivity to the domain in order to update the policies. Run “gpupdate /force” on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration. This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45
I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.
So, I have no idea what could cause this error. Any ideas or hints?
Thanks
Regards
Sebastian
Hello All,
We are trying to add a new entry point in multisite direct access deployment but we are seeing following error:-
We have verified the following on the appliance:-
Is there any logs that can tell us what prerequisites is missing from the server? Or can someone tell me how to fix the error.
-Ashish
I have been trying different settings with DA and enabled VPN/DA and set it to use DHCP. After the wizard completed the console didn't refresh and now complains "Settings for server " " cannot be retrieved. VPN is configured to allocate IP addresses using a static address pool, but no IP address ranges are configure"
If I go to the RRAS console the APv4 address assignment is greyed out and I cannot edit it.
I cannot uninstall the DA/RRAS role because DA is configured.
Only option left is to reinstall windows which I would like to avoid as everything is working.
How can I reset the configuration while the console/wizard is locked out?
Tech with Alberta Education
We are trying to configure the direct access on windows server 2012 and we seeing “Error: The parameter is incorrect”
Getting an error
Initializing operations before applying configuration
Preparing to apply configuration changes...
Backing up GPOs...
Configuring Remote Access settings
Retrieving server GPO details...
Clearing existing stale configuration settings. This might take a few minutes...
Checking the specified adapters...
Deploying the Remote Access server behind NAT...
Checking the network location server certificate...
Checking the network location server URL...
Checking the specified adapters...
Checking for a native IPv6 deployment...
Verifying the IP-HTTPS certificate...
Retrieving internal network DNS settings...
Verifying the GPO to write settings...
Checking GPO edit permissions...
Creating GPO link if not present...
Checking for a client GPO to write settings...
Checking for edit permissions for the DirectAccess client GPO...
Creating GPO link if not present...
Checking for permissions to apply DirectAccess client policies to the GPO...
Identifying all domains...
Error: The parameter is incorrect.
Finishing operations after applying configuration
Information: Attempting to roll back the configuration...
Can someone help me with this?
Hi
Has anybody came across the issue where successfully connected clients can access some resources (RDP/File Shares, etc) but not others?
The strange thing is that a successfuly connected resource could be sitting next to an inaccessible resource on the same VLAN? So routing to and from the DA servers are fine? The NRPT table is also not blocking anything (with the exception of NLS)
The new solution is running on 2012R2. There is also a UAG DA solution in place with ISATAP configured, but don't think that this is causing issues?
Thanks