Hi,
i have been trying to create a directaccess connection in a lab.
I have a Windows 2012 R2 domain controller, and have deployed a new Windows 2016 Server for this Directaccess lab.
The directaccess server is a domain member and i have installed DriectAccess and configured it using the wizard using one Nic. all the config looks good. and the server setup is healthy, the dashboard show all green ticks.
The server's ip address is accessible from the internet by port forwarding port 443. i have defined an internet resolvable DNS name that points at my server which was used in the wizard.
Group policy's look fine. i've created a security group and added the computer account of the client into it.
Connected to the internal network i have pushed the policy to the client (gpupdate) and can confirm it has the policy (gpresult).
When connected internally, all works as it should. The get-daConnectionStatus command shows "ConnectedLocally". all looks fine.
However, when i disconnect and connect to the internet externally, my clients all just sit there and do not connect. get-daconnectionstatus shows "CouldNotContactDirectAccessServer". It never actually connects or gives me any real error as to what is going wrong. It doesn't tell me much more than that. Clearly that error means something.....but what?
i have verified correct internet DNS settings. i can use EDGE on win10 client to navigate to https://myurl.com.au/IPHTTPS and i cannot see much except i can see the self signed certificate that is from the server. so, that suggest DNS, routing etc. is all working. and group policy etc.
I cannot work out what is failing.
And.....this is my third attempt. So whatever i am doing wrong it is systemic. i have already "nuke'd" the entire lab and rebuilt it twice because i just cannot get this DirectAccess working. The aim is evaluate directaccess for possible deployment at work in the future. but i just cannot get it to work.
i see some people suggest that a one NIC setup is troublesome. And i would try a two-NIC DMZ approach but i do not have that capability in my lab (home lab).
Any suggestions?
PHerbison
Herbie
