Trying to set up DA on a Windows 2012R2 server behind a NAT firewall (so will be using IPHTTPS only).
I used the full configuration wizard to set this up, not the quick-start.
Console is all green.
NICs on the server are correctly assigned and have Domain profile on the internal and Public profile on the external.
Firewall nat rule looks like this:
11 (AUP) to (EXT1) source static AUP-DIRECTACCESS-443-NAT-OBJ a.b.c.d service tcp https https
translate_hits = 0, untranslate_hits = 54
Source - Origin: w.x.y.z/32, Translated: a.b.c.d/32
Service - Protocol: tcp Real: https Mapped: https
Where a.b.c.d is the public internet address of the da service and w.x.y.z is the DMZ interface of the DA server. We can see from the hit counts that the NAT rule is firing.
On the server I see this:
C:\>netsh int httpstunnel sho int
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role : server
URL : https://da.mycompany.co.uk:443/IPHTTPS
Client authentication mode : none
Last Error Code : 0x0
Interface Status : IPHTTPS interface active
On the client da.mycompany.co.uk resolves correctly to a.b.c.d and the interface check looks like this:
C:\>netsh int httpstunnel sho int
Interface IPHTTPSInterface Parameters
------------------------------------------------------------
Role : client
URL : https://da.mycompany.co.uk:443/IPHTTPS
Last Error Code : 0x2af9
Interface Status : failed to connect to the IPHTTPS server. Waiting to reconnect.
The client machine has no proxy server configured.
I have removed all the registry entries under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\ProxyMgrIf on the client (as suggested here: http://directaccessguide.com/2013/08/05/getting-ip-https-error-code-0x2af9), and restarted. There is no change.
Where should I look for the next troubleshooting step?
No sig is a good sig