Hi All,
I have noticed that when IE is running Java applet it is extremly slow.
When the same laptop is on internal network Java is runing normaly.
Looks like it is some how proxy related, when i change Java settings not to use proxy, instead using IE settings it is runing fine.
Any ideas what is the problem.
Regards
vinnie
We have numerous users that are unable to connect via Direct Access to our corporate network. After many days of debugging, we called our ISP and told them about our issue. They said, that their network design may be the cause – I suppose it would be how they do NAT throughout their network – just guessing!
Our users all share the same ISP. There is no issue when connecting trough a second ISP.
Is there anyone who has experienced similar issue? Could this be the root cause to our problem?
/Michael
I'm running DA on Windows 2016 on a virtual machine. Two NICs behind a edge firewall.
First problem.. the DA Dashboard reports this error with the External NIC
Error: Forwarding is not enabled on the external adapter. This might prevent remote client traffic from reaching the internal network Causes: Either the external network adapter has a domain profile (and the server is not configured with a single network adapter) or forwarding is not enabled on the external network adapter. Resolution: Enable forward on the external network adapter.
The external NIC is on showing the domain profile. I searched on line and made a windows firewall to block the external nic from talking to my DNS servers, but that didn't seem to fix the problem. What to do about that?
Second Problem: DirectAccess client IPHTTPS tunnel does not get assigned an IP6 address.
Tunnel adapter iphttpsinterface: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : iphttpsinterface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes
and
PS C:\Windows\system32> netsh interface httpstunnel show interfaces Interface IPHTTPSInterface (Group Policy) Parameters ------------------------------------------------------------ Role : client URL : https://directaccess.bridgenetsolutions.com:443/IPHTTPS Last Error Code : 0x0 Interface Status : connecting to the IPHTTPS server
Hi,
We plobably have a very simply problem but I just cant figure it out
we have ISATAP enabled on the helpdesk pc's
we can resolve the ip's of the clients:
nslookup somehost.somedomain.eu
Name: somehost.somedomain.eu
Addresses: 2001:0:5ef5:79fb:....
fdbe:8080:82f8:1000:......
and we can connect if we enter the ipv6 address in the RDP client, but if we use the hostame it those not connect, or ping
any ideas?
Hey,
Are there any plans to support a subject altername name entry for DirectAccess. It obviously has to be the common name at the moment.
I had an issue over Christmas with DNS scavenging the DA records so things were broken! What are the options to stop it happening again, other than completely disabling scavenging?
Can I make them static records so they don't get scavenged again
Can I exclude just the 'standard' records from being scavenged
Thanks
Hello,
On the remote access server everything is fine. On the client i run the following command in command prompt
netsh interface httpstunnel show interfaces
it comes back
IPHTTPS interface active
In the powershell, i run the following command
Get-DAConnectionStatus
results:
Status: Error
substatus: NameResolutionFailure
I have tried all kinds of things, still no luck.
Any help would be greatly appreciated
Hi,
We currently have 3 2012 R2 DA servers split across 2 physical sites in an NLB configuration. From a DA perspective the servers are all in the same site as the vlan is stretched. We're looking to deploy another DA instance in the same VLAN, which I think is supported. I know I need different IPs, a new DA certificate, GPOs and AD groups, but I have some questions:
1. Do I need to do anything with the DA auto created DNS records created (I'm thinking webprobe-host and da-probe) as these already exist in DNS?
2. Given that I'm already running DA and my organization has a global IPV6 prefix which is assigned to clients, do I need to do anything around IPV6 addressing specifically to ensure there isn't a clash between the 2 DA instances?
I have SAP GUI 7.20 trying to connect to the SAP application servers. Inside the LAN it works fine, on the DA connection it fails with hostname not found. Our SAPLOGON.INI is configured using hostnames(FQDN) and not IP address' so I'm not sure where to go from here. I have had no love searching for various combinations of directaccess & SAP GUI so I am asking for some direction here. Thanks.
Edit:
So theres no one that can point me in the direction of an article or anything to help me get SAP GUI working through DA?
HI
I am using Directaccess on my Xen Server and its working fine.
the current Remote Access Server Setup are (Behind an Edge Device (With Two network Adapters)
Recently I migrated DA to VMWare ESXi
I reconfigure the drivers and IP/Routes and the server is reachable and seems to be OK
but directaccess is not working.
when I open the DA Console \ Remote Access Setup I notice the following
The Default option is Behind an Edge Device (with a Single Network adapter) and the options are disabled.
The Server have 2 Network interface and the drivers and the tools are installed.
what should i do to correct this behavior.
Hey,
I am at home today. My DirectAccess connection is 'Connected' and most things are working. What isn't working is drive maps. Those root maps where no nested folders/files are available offline are dead:
All our drive maps are DFS shares. I can browse to the actual file server UNC path (\\SERVERNAME\SHARE) just fine.
This is the DFS setup:
When I logged in, I got the Slow-link detection balloon pop up in the notification area. Don't know if that makes a difference.
We do want 'live' access to drive maps and folders when connected through DirectAccess. We don't want it to default to Offline mode as default, unless it's a very slow connection.
Thanks.
So here's the situation. We are mostly running Windows 7, over 3 thousand machines spread out around the world. While we are in the process of upgrading to Windows 10, it's going to be a while.
We have Direct Access currently setup in the states and it works great. But we want a European location as well. Windows 7 doesn't support geolocation selection of Direct Access. Is it possible for us to setup a completely different Direct Access setup in Europe, different servers etc, on the same AD domain, with different groups setup for the policy. (Our current Direct Access group is named Direct Access, this one might be Direct Access Europe).
hi,
I am setting up a parallel DirectAccess Server on my environment. the old DA Server is working fine is deployed on edge with self signed certificate.
Now i have configured another DA Server on edge using the Internal PKI certificate. The server side configuration went successfully. i am able to login the DA Client machine with the domain user but the DA Connectivity is stillconnecting.
when i ran the DA Client troubleshooting tool it showed me some error.
Is there any changes i need to do with the domain name or entry should be made to my domain. As previously suppose my domain is roshan.com
old DA Public IP address is : 1.1.1.1
my dmain resolve roshan.com on 1.1.1.1
my new DA Server is on 2.2.2.2
thanks,
Roshan
Hi together,
I have a functional Direct Access environment. At the beginning of the project, when I was connected throught DA, my Win 10 Client showed up a DA Profile under Network Settings. After some time, don't know exactly how long, these settings dissapeared. The
Client doesn't show the DA settings no more (but it still works fine). Does anybody know, why this happens? Thank you very much for your help.
Info: Windows 10 Enterprise, Version 1607, OS Build 14393.693
Hi,
The AutoVPN feature, available with the Windows 10 Anniversary Update, provides a new way to access work resources from your Windows 10 desktop or mobile device while you are not connected to the work network.
Can some one please explain how it differs from Microsoft DirectAccess?
Hi
I need to manage clients through remote desktop when the client is connected through direct access
I have folled these to links below.
I have activated my isatap adapter with netsh interface isatap set router <NameOrIPAddress>
And made the firewall rule to allow remote desktop on the client.
But have still no access. I think it have to do with dhcp disable on my tunnel adapter ??
Description . . . . . . . . . . . : Microsoft ISATAP Adapterhttps://directaccess.richardhicks.com/2013/06/24/isatap-recommendations-for-directaccess-deployments/
https://directaccess.richardhicks.com/2013/06/24/isatap-recommendations-for-directaccess-deployments/
Thanks in advance
Hello,
I have configured Server 2012 as a DirectAccess + Remote Management (no VPN) gateway using a single NIC (assined 10.10.4.181/24). The Server is running on a 2008R2 Hyper-V host using a single VNIC.
Clients can connect and access the company network as expected without issues. Windows Firewall blockes internal hosts (not always the same hosts, not all at the same time) intermittently. For example our monitoring service reported the host as:
2013-03-15 16:01 - UP
2013-03-15 16:28 - DOWN
2013-03-15 17:13 - UP
2013-03-15 17:48 - DOWN
2013-03-15 18:28 - UP
2013-03-15 19:03 - DOWN
No Windows Firewall related GPOs except the DirectAccess Server GPO are applied to this host. Event log reports the dropped Packets as:
The Windows Filtering Platform has blocked a packet. Application Information: Process ID: 0 Application Name: - Network Information: Direction: Inbound Source Address: 10.10.3.41 Source Port: 0 Destination Address: 10.10.4.181 Destination Port: 0 Protocol: 0 Filter Information: Filter Run-Time ID: 73370 Layer Name: IP Packet Layer Run-Time ID: 0
wpfdiag.xml contains this:
<filters numItems="1"><item><filterKey>{0dd2351d-f3ae-4014-8387-e9f5553eaffd}</filterKey><displayData><name>Windows NAT IP layer filter</name><description>Filters IP packets that require translation in the external to internal direction</description></displayData><flags/><providerKey/><providerData/><layerKey>FWPM_LAYER_INBOUND_IPPACKET_V4</layerKey><subLayerKey>{c217705d-2fe6-462f-8b3f-ecfb4771b8bb}</subLayerKey><weight><type>FWP_EMPTY</type></weight><filterCondition/><action><type>FWP_ACTION_CALLOUT_TERMINATING</type><calloutKey>{54da5466-5271-4ec1-8c5e-996fe8481ff2}</calloutKey></action><rawContext>0</rawContext><reserved/><filterId>73370</filterId><effectiveWeight><type>FWP_UINT64</type><uint64>0</uint64></effectiveWeight></item></filters>and the related drop event (10.10.3.41 is our linux based monitoring host, different subnet):
<netEvent><header><timeStamp>2013-03-16T06:59:28.382Z</timeStamp><flags numItems="4"><item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item><item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item><item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item><item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item></flags><ipVersion>FWP_IP_VERSION_V4</ipVersion><ipProtocol>0</ipProtocol><localAddrV4>10.10.4.181</localAddrV4><remoteAddrV4>10.10.3.41</remoteAddrV4><localPort>0</localPort><remotePort>0</remotePort><scopeId>0</scopeId><appId/><userId/><addressFamily>FWP_AF_INET</addressFamily><packageSid/></header><type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type><classifyDrop><filterId>73370</filterId><layerId>0</layerId><reauthReason>0</reauthReason><originalProfile>0</originalProfile><currentProfile>0</currentProfile><msFwpDirection>MS_FWP_DIRECTION_IN</msFwpDirection><isLoopback>false</isLoopback><vSwitchId/><vSwitchSourcePort>0</vSwitchSourcePort><vSwitchDestinationPort>0</vSwitchDestinationPort></classifyDrop></netEvent>
another one (windows 8 worktstation, also different subnet):
<netEvent><header><timeStamp>2013-03-16T06:59:28.351Z</timeStamp><flags numItems="4"><item>FWPM_NET_EVENT_FLAG_IP_PROTOCOL_SET</item><item>FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET</item><item>FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET</item><item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item></flags><ipVersion>FWP_IP_VERSION_V4</ipVersion><ipProtocol>0</ipProtocol><localAddrV4>10.10.4.181</localAddrV4><remoteAddrV4>10.10.10.171</remoteAddrV4><localPort>0</localPort><remotePort>0</remotePort><scopeId>0</scopeId><appId/><userId/><addressFamily>FWP_AF_INET</addressFamily><packageSid/></header><type>FWPM_NET_EVENT_TYPE_CLASSIFY_DROP</type><classifyDrop><filterId>73370</filterId><layerId>0</layerId><reauthReason>0</reauthReason><originalProfile>0</originalProfile><currentProfile>0</currentProfile><msFwpDirection>MS_FWP_DIRECTION_IN</msFwpDirection><isLoopback>false</isLoopback><vSwitchId/><vSwitchSourcePort>0</vSwitchSourcePort><vSwitchDestinationPort>0</vSwitchDestinationPort></classifyDrop></netEvent>
Any help is appreciated!
Regards,
Mathias
The DirectAccess server is in its own OU with blocked inheritance. If I unlink every computer policy except for the DirectAccess server configuration policy and run gpupdate /target:computer /force, all of the clients reset their connections.
Firewall is set to "on" when no group policy applied and with a GPO.
Routine 90 minute interval GPUpdates don't cause the issue, but some kind of manual gpupdate is being run by "system" that coincides with 4004 Events in the group policy operational log. The information is usually, "Starting manual processing of policy for computer DOMAIN\COMPUTERACCOUNT$". The times of occurrence for these events are not any kind of predictable intervals, but they do not coincide with console/rdp logins to the server.
This server also has SCCM agent, SCOM agent, and AppLocker running in audit mode. I have noticed that the system generated PolicyConverter task is running one second before GPupdate, but I can manually run the task and not get the gpupdate or reset all of the DA connections. Any ideas? I have failed to find any potential matches to my scenario searching the web.
Hi everibody
I configured my DA (Server 2012) to be ready for a mutli site deployment. All the prerequisites are OK. When I try to join my new DA (Server 2016) to the site, every thing works fine but the last point fails (ERROR: The cmdlet did not run as expected) and the rollback is done. Does anybody has an advise for this issue? Is it possible that Server 2016 can't be joined to a Server 2012 DA Deployment?
Thanks
Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!